Post on 22-Dec-2015
Colombo, Sri Lanka, 7-10 April 2009
Security & Regulatory Issues in NGN
NK GoyalPresident, Communications & Manufacturing
Association of India (CMAI)Chairman Emeritus, Telecom Equipment Manufacturers
Association of India (TEMA)Director, National Fertilizers Ltd. NFL ( Govt. of India
Undertaking)7-10th April, 2009 Sri Lanka
nkgoyals@nkgoyals.com nkgoyals@yahoo.co.in
+91 98 111 29879www.nkgoyals.com
FORUM ON NEXT GENERATION STANDARDIZATION
(Colombo, Sri Lanka, 7-10 April 2009)
Colombo, Sri Lanka, 7-10 April 2009
2
Indian Telecom Sector
281 Access service licensees. Of these, 121 UAS licenses were awarded in January, 2008. The total number of telephone connections stood at 400.05 million at the end of January, 2009. Second largest in world.Monthly additions 10-15 MillionsThe overall tele-density is 40.50% and the rural tele-density is only 13.13%.
Colombo, Sri Lanka, 7-10 April 2009
3
Next Generation Networks
An ITU-T defined telecommunications Network architectures & Technologies NGN is a broadband Network where service layer, transport layer & application layers have an independent function of each other An Internet with an IMS architecture is NGNAn evolutionary approach from PSTN/ISDN networks to advanced network called NGNMove from current H.323 protocol to Session based Session Initiation Protocol
Colombo, Sri Lanka, 7-10 April 2009
44
Short term issues
NumberingNumbering
Regulation of “Plain Old Telephone
Service (POTS)”
Regulation of “Plain Old Telephone
Service (POTS)”
Quality of Service
Quality of Service
“Next Generation”Longer term issues
Emergency Access
Emergency Access
PrivacyPrivacy
SecuritySecurity
CompetitionCompetition
Consumer protectionConsumer protection
InterconnectionInterconnection
Core policy areas:•Competition (level-playing field), Interconnection•Consumer (QOS, privacy, emergency access)•Security & legal interceptionScope for self-regulation
Regulatory implications of NGNSource: ASTAP05_WS.IP&NGN-09
Colombo, Sri Lanka, 7-10 April 2009
5
Typical attacks in SIP
Malformed Message Attacks Buffer Overflow Attacks Denial-of Service attacks RTP session hijacking Injection of unauthentic RTP packets into existing RTP flowsRe-use of compromised SIP credentialsHostile SIP network elements
Colombo, Sri Lanka, 7-10 April 2009
6
Session Border Controller
An insecure network cannot charge for its use or provide a guaranteed QoS service, because unauthorized users cannot be prevented from overusing limited network resources.SBCs can provide security and protection against
unauthorized access into the trusted networkinvalid or malicious calls, including Denial of Service (DoS) attacksbandwidth theft by authorized usersunusual network conditions, for example a major emergency.
Colombo, Sri Lanka, 7-10 April 2009
7
NGN Security
Security requirements for TransportHome Network domainCore NetworkInterfaces
Security requirements for ServiceIMS domainTransport stratum to IMS domainIMS to Application domain securityApplication domain securityHome Network to Application domain securityHome Network-to-IMS domain securityOpen service platform to valued-added service provider security
Colombo, Sri Lanka, 7-10 April 2009
8
LI Challenges
Majority of mass telecommunication traffic today doesn’t traverse any part of the well-controlled Circuit Switched network:
IP multimedia traffic between GPRS/UMTS mobile phonesThe traffic to and from Internet exchanged on high bandwitdhISPs (ADSL, FTTH, cable…)Telephone traffic between two VoIP terminals, maybe connected to different VoIP operators.
Encrypted traffic without proper mechanismsDecentralized Peer to Peer networks
Colombo, Sri Lanka, 7-10 April 2009
9
Challenges for NGN security
• Network Address Translation (NAT): Calls may not materialized in due to NAT implementation in some router & firewall.
• SIP: Message are sent in plain, uuencoded text although encryption option is available but there is no standard.
• RTP: Vulnerable to interception & alteration• Code & script attacks: SIP phone are potentially vulnerable to
attack from executable code or scripts. It may results in denial of service.
• No standard Spam detection solutions
Colombo, Sri Lanka, 7-10 April 2009
10
Cyber Security
With the growing number of applications to exploit on the converged Mobile IP Networks, a plethora of online avenues and revenues to pilfer, and many more corporate networks to hack, cyber-criminals appear to have no shortage of targets to pursue.The heightened interest and response from law enforcement worldwide in bringing cyber criminals to justice may well result in malicious hackers being increasingly aggressive and creative in their efforts. The threat of Malware, Trojans and lots others and it’s impact to operators is also big challenge.
Colombo, Sri Lanka, 7-10 April 2009
11
Summary of Next Gen Security & Other aspects
3G/NGN/4G/IMS security issues seems to remain a threat for a good amount of time in near future. Technical security of NGN systems well designed but likely to suffer implementation problemsIncreased connectivity means the security exposure will become more serious and harder to manageProtocols such as SIP (e.g. in IMS model) likely to be abused by NGP (next generation phreakers)Open and distributed natureLack of inherent security mechanismsIncreasingly complicated network conceptRunning of mission critical ApplicationsDeployed before fully matured likely to cause operational problems Few expert solutions for effective managementRequire time and Cost consumingIntegration and configuration
Colombo, Sri Lanka, 7-10 April 2009
12
Where is my cell phone mama..
I want to SMS to God that I have reached safely!