In this paper, we propose two secure virtual private network architectures for the long-term evolution backhaul network. They are layer 3 Internet protocol (IP) security virtual private network architectures based on Internet key exchange version 2 mobility and multihoming protocol and host identity protocol. Both architectures satisfy a complete set of 3GPP backhaul security requirements such as authentication, authorization, payload encryption, privacy protection, and IP-based attack prevention. The security analysis and simulation results verify that the proposed architectures are capable enough to protect long-term evolution backhaul traffic against various IP-based attacks.The LTE transport network contains three segments, namely, radio access, backhaul, and core networks. The backhaul network further subdivides into two sections: access and aggregation networks. Figure 1 illustrates a simple LTE transport network.The access network connects eNBs sites to aggregation nodes. Usually, it has a tree and/or chain topology. The aggregation network very often has a ring and/or mesh topology. It is normally terminated at the core network where S-GWs and MME devices are located. Hence, the backhaul network extends from the first transport equipment connecting cell sites (e.g., eNBs sites) to the transport aggregation equipment connecting central sites (e.g., S-GWs/MME sites) [12]. In addition, the LTE backhaul network contains several traffic transport interfaces (e.g., S1 and X2).
Security issues of long-term evolution backhaul network3GPP specifications propose an entirely new flatten and all-IP-based architecture for the LTE backhaul network. It distributes some of the control functionality throughout the network. Hence, it pushes more intelligence to end nodes such as eNBs. These properties redefine the security and other service requirements of the LTE backhaul network.Long-term evolution networks face new security threats that did not exist before or were harder to exploit in previous 2G/3G mobile backhaul networks. The security threats originate at various sections of LTE network, namely, customer nodes, backhaul network, customer provider interface network, radio access network, and core network. Hence, it is necessary to implement dedicated security mechanisms in each section to avoid these potential threats. This research focuses on the possible threats only on the Security Comm. Networks 2016; 9:1198-1215