The CDMA2000 core network data system is based on the link layer services provided by PPP combined with an elaborate multitiered mobility scheme that might optionally involve Mobile IP (as explained in Chapter 4). Therefore, compulsory VPN service offered within this system may be based on secure PPP encapsulation using one of the available mechanisms, such as L2TP, that lets a corporation perform user authentication and terminal configuration by terminating PPP sessions at an LNS it owns. Alternately, the Mobile IP protocol may be used and the PPP link layer is terminated in the carrier network; in this configuration advanced Mobile IP features for user roaming and authentication and dynamic IP address configuration are used (and in fact the development of such features in the Mobile IP protocol was driven by the CDMA2000 community). The functionality supported by one of the elements of the CDMA2000 infrastructure becomes especially important in supporting Mobile VPNs. As you might have guessed, this element is the PDSN, which handles PPP sessions originated by MS and encapsulates the user traffic for further journey through the carrier's core network or through public IP networks such as the Internet. Inversely, the PDSN terminates tunnels originated in private networks and forwards IP packets to mobile user devices or other final points of destination.
Despite the sufficient level of security available for user data traffic in CDMA2000, private network operators should be aware that compulsory tunneling lacks the end-to-end security protection that voluntary methods provide (see Chapter 5 for more on this). Whenever the decision to use compulsory tunneling is made, to ensure the desired end-to-end security level, private network operators must inquire about the security protection available for the segment of the data path unprotected by the secure compulsory tunnel, such as the radio interface and the links internal to the operator network. As with any other type of compulsory tunneling, the private network with its valuable data must trust a wireless access provider, in whose network VPN tunnels are originated or terminated. Normally, wireless operators will provide their customers with a high degree of assurance on the security level within their network, as a precondition for establishing the trust relationship necessary to run a compulsory (also known as network based) VPN service. It should be noted, however, that each operator would need to ask roaming partners to assure an equivalent level of security when roaming capability is offered as part of the service. In fact, the roaming capability will be limited in the early days of these service offerings (and also, for nationwide coverage service within the United States it will most likely never be offered, since the footprint of CDMA operators tend more and more to be national).
CDMA2000 Simple IP and Mobile IP-based VPN are no exception to the need of a trust relationship in compulsory VPN service. Though the effort was made in standards to exclude the wireless carrier from a security association between the MS and the private network, the data passed through the wireless access network is still susceptible to unauthorized access at the PDSN. Since the PDSN in wireless operator's network is both the PPP termination point and optionally the Mobile IP or L2TP origination point, the user IP packets are exposed to eavesdropping or other types of undesirable inspection within this device by persons or processes unauthorized by the private network. For this reason, the PDSN can be considered an example of a weak link in the chain of devices involved in carrying the user's traffic when used in compulsory VPN modes.