Emerging Global Ecosystem for Infrastructure Protection and ...
-
Upload
networkingcentral -
Category
Documents
-
view
384 -
download
1
description
Transcript of Emerging Global Ecosystem for Infrastructure Protection and ...
An Emerging Global Ecosystemfor Infrastructure Protection andNetwork Forensics
Anthony M Rutkowski
VP for Regulatory Affairs and Standards, VeriSignmailto:[email protected]
Visiting Prof., Georgia Tech Nunn School
President, Global LI Industry Association
Fostering International Collaboration in Information Security
Research Symposium #727
AAAS, St. Louis, USA
16-17 Jan 2006
V1.0
Outline
+ The emerging global ecosystem▪ Paradigm shifts and what they produce▪ Public infrastructures and what we expect of them▪ Next Generation Network public infrastructures▪ Ecosystem forums and major developments▪ Network forensics and why they are necessary
+ Fostering collaboration on needed capabilities▪ Nudging▪ Just do it
Paradigm Shifts
+ Fundamental points of inflection▪ Digital networks▪ Morris Worm of 1988▪ Intelligent Network failure of 1991▪ Nomadicity (wireless, IP, smart objects)▪ Rapidly scaling SPAM, cybercrime and cyberterrorism▪ 9/11▪ Katrina, Rita, …
+ Produce significant changes to infrastructures and their ecosystems
+ Drive changes to policies and practices
Public infrastructures – definition and treatment
+ Capabilities “generally available to the public”
+ Characteristics and expectations▪ Substantial availability, especially during and after
emergencies▪ Protection for users▪ Quid pro quos established in law, regulations, and
standards
Typical public network infrastructure requirements
+ Availability, Security and Protection▪ High availability
– analysis network metrics and outages
▪ Network attack mitigation▪ Priority access and notices during
emergencies▪ Restoration▪ Personal emergency services▪ Prevent unwanted intrusions
– Filters (DoNotCAll)– Aids (CallerID)
▪ Nomadicity – Number portability– Roaming– Payment method flexibility
▪ Cybercrime mitigation– Forensics capability– Law enforcement/national security
assistance – Fraud detection and management– Prevent cyberstalking– Digital rights management
+ Competition Requirements▪ Unbundling▪ Service interoperability▪ User/subscriber access by service
providers▪ Default service and routing options
+ Operations Requirements▪ Directory access among providers▪ Intercarrier compensation▪ Transaction accounting
+ Innovation and Business Opportunities▪ Infrastructure protection and security
products▪ Signalling and authentication products
+ Other Consumer Requirements ▪ Disability assistance▪ Universal Service
Significant synergies between these groups
+ Government mandates▪ Government specifications▪ Government capability requirements followed by industry
collective (standards) or individual actions– Model is CALEA and E911: legislative authority; FCC framework;
industry or “home-brew” implementations with fail-safe recourse; certification and enforcement process
+ Enforcement▪ Self-certification▪ Proof of performance▪ Periodic tests
Implementing public infrastructure requirements
Next Generation Network Public Infrastructures
Nationwide and WorldwidePublic Networks
OpenIP-enabled
For Communications,Commerce andContent
For Always-On, NomadicPeople andObjects Working assumption
for scope and definition
199019801970
NGN – Long-Term Network Convergence Perspective
Public Switched Telecommunication Network (PSTN)
Intelligent Network Internet (IN)
Open Systems Interconnection Internet (OSI)
Commercial Mobile Radio Systems
2000
NGNs
IP Internet (IP)private quasi-public
Was never designed as public
infrastructure
TelephonySMS/MMSTransport
Legacy Telecom & Wireless Services
Next Generation Networks
Transport
Intelligent Network
IntelligentInfrastructure
Gateways
Gateways
IP-Enabled Services
Access
VoIP and Multimedia Services
Access
NGN Architecture
Intelligent Infrastructure for IP-enabled NGNs is much more critical than for legacy networks – especially
for protection and security
Emergence of an ecosystem
+ Collective behavior▪ Forums▪ Common activities▪ Marketplace
Nationwide and WorldwidePublic Networks
OpenIP-enabled
For Communications,Commerce andContent
For Always-On, NomadicPeople andObjects
Directed at protection and security for this infrastructure
ITU-T
Next Generation Network Standards Forums
IETF
ATIS
ETSI
NGNFramework
NGNOSS
3GPP
NGN Focus GroupNGN Focus Group
STF NGNSTF NGN
GSC
SG17SG17
GSC9GSC9
WAE FGWAE FG
MWS FGMWS FG
VoIP FGVoIP FG
TISPANTISPAN WG8WG8
WG1WG1
WTSCWTSCPTSCPTSC
OPTXSOPTXS
TMOCTMOC
CableLabs
W3C OASIS
SA5SA5
DSL Forum
ECMA
NGN@homeNGN@home
Parlay
JWGJWG
PAMPAMCCUICCUI CBCCBC
PMPM
ApplicationsApplications
LILIAT-DAT-D
WG7WG7
WG3WG3WG4WG4 WG5WG5
WG6WG6WG2WG2
GlobalNGN
Framework
WTSAWTSA
SG11SG11
SG02SG02
SG19SG19
SG04SG04NGNMFGNGNMFG
SG09SG09
SG13SG13
3GPP2
TSG-CTSG-C
TSG-STSG-S
TSG-ATSG-A
TSG-XTSG-X
SG03SG03
TIA
TR-41TR-41TR-8.8TR-8.8
3GPP2 OP3GPP2 OP
TR-45.2TR-45.2TR-45.6TR-45.6
TR-34.1.7TR-34.1.7
CPWGCPWG
MESAMESA
SG15SG15
TeleManagementForumSA2SA2
OBFOBF
IPDR
EPCglobal
OSS/J
DMTF
OMA
NGN Focus Group
NGN Focus Group
GeneralGeneral
InternetInternetO&MO&M
RoutingRouting
SecuritySecurity
TransportTransport
PGCPGCSA1SA1
SA4SA4
GSC10GSC10
SG16SG16
INCINC
TR-45TR-45
SA3SA3
NIIFNIIF
EIDQ
Ecosystem standards activities
+ Pragmatically meeting real needs today▪ IP-enabled public product standards▪ Global interoperability and markets▪ Secure, stable infrastructure▪ Compatibility with existing network infrastructures▪ Common regulatory requirements
+ Engaging all relevant standards bodies▪ Identifying existing useable standards▪ New standards and administrative practices adopted only as necessary
+ Focused on “open” unbundled service modules and capability sets▪ Staged in multiple “releases” over time
+ Standards participants primarily other industry players – worldwide, regionally, and nationally
+ Significant consensus focus (but no agreement on specifics)▪ Infrastructure protection▪ Security▪ Authentication▪ Directories▪ Resource access controls
Unification of communities and requirements
+ Legal▪ FCC rules under both CALEA and
Title I authority▪ ITU and Cybercrime Treaties form
basis of international cooperation
+ Institutional▪ FCC Homeland Security Bureau
formed▪ EC Joint IS – JHA joint staff group
formed▪ New DHS policy chief appointed▪ New NSC Cybersecurity Director
appointed▪ DOD cyberwarfare command scales
work
Justice
InfrastructureProtection
HomelandSecurityCyberwar
TelecomRegulatory
NGN Policy-Legal-Regulatory Ecosystem Forums
ITU ConventionInt’l Telecom Regs
APEC-TEL
Commission of the European Community
USAFCCFCC
[WCIT][WCIT]PP2006PP2006
eSecTG
eSecTG
NSTACNSTACCanada
Australia
InfsoInfso
ParliamentParliamentACAACA
NANCNANC
IndustryCanadaIndustryCanada
Many Others
CybercrimeConvention
Signatories &Justice Ministers
CITEL
DOSDOS
Other multilateral and bilateral agreements
DOJDOJ DOCDOC
DHSDHSPSECPPSECP
WGSCWGSC WGANTSWGANTS
PCC.IPCC.I
NGN WGNGN WG NGN regNGN reg
i2010i2010Germany
RegTPRegTP
France
NetherlandsUKHomeOfficeHomeOfficeParliamentParliament
CIOTCIOTEZEZ
OFCOMOFCOM
JusticeJusticeARTART
JusticeJustice
BfVBfV
JHAJHA
Ecosystem legal-regulatory activity
+ Pragmatically meeting real needs today▪ National public infrastructures have special properties – the public and the nation depend on
these infrastructures▪ Responsibility for national public infrastructure rests with designated governmental
authorities and coordinated through intergovernmental treaties▪ Shift from common carrier models to capability requirements on public infrastructures▪ Interest in service innovation and marketplace competition
+ Tripartite ensemble emerging almost everywhere▪ Telecom regulators and consumer protection agencies (infrastructure capabilities)▪ Homeland security and national security agencies (real-time analysis and response)▪ Justice agencies (analysis and enforcement)
+ Pervasive vulnerabilities not well understood▪ Rapid introduction of new technologies, especially platforms not designed for public
infrastructure use▪ Open complex public communication network infrastructures▪ Nomadic users and providers▪ Uncontrolled access devices and capabilities▪ Growing appreciation of cybercrime and potential terrorism actions ▪ Lack of real-time response mechanisms made apparent with Tsunami + Katrina-Rita
NGN Security and Infrastructure Protection Capabilities
+ PSTN/ISDN Emulation services+ PSTN/ISDN Simulation services+ Internet access+ Other services+ Media resource management+ QoS-based Resource and Traffic Management+ QoS service level support+ Classes and Priority Management+ Processing/traffic overload management+ Accounting, Charging and Billing+ Identification+ Authentication+ Authorization+ Security and Privacy+ Mobility management (personal and terminal)+ Critical Infrastructure Protection+ Inter-provider and universal service compensation+ Service unbundling+ Exchange of user information among providers+ Services Coordination+ Application Service Interworking+ Service discovery
+ Service Registration+ Profile Management+ User Profile+ Device Profile+ Policy Management+ Personal information support+ Group management+ Personal information support/management+ Presence+ Location management+ Push-based support+ Device management+ Session handling+ Digital Rights Management+ Fraud Detection and Management+ Number portability+ Users with disabilities+ Lawful interception+ Malicious user identification+ Emergency communications+ Presentation of identities+ Network/Service provider selection
The network forensics Rosetta Stone
IdentityIdentityStoredTrafficStoredTraffic
AnalysisAnalysis
Provider Subscriber
NetworkIdentifiers ContentData
Necessary for+ Law Enforcement+ Homeland Security+ Infrastructure Protection+ Network Management
Real-TimeTraffic
Real-TimeTraffic
ContentData
Additionally necessary for a broad array of operational, public interest and commercial needs
Public network forensic components
+ Identity▪ Ability to authoritatively identify the service provider, obtain contact
information and get to authoritative user/subscriber/object directories and network identifier bindings
▪ Key requirements established by law and regulation; and may be maintained in part by government agencies
+ Stored Traffic▪ Any information generated by network processes that is relevant to a
user/subscriber/object communication and has significant latency (i.e., is not real-time)
▪ Requirements and access controlled by law and regulation, and may include ad hoc requests (e.g., subpoena), preservation orders, and general data retention
+ Real-time Traffic▪ Any information generated by network processes that is obtained in
real-time▪ Requirements and access controlled by law and regulation (lawful
interception capabilities and execution of orders)
+ Analysis▪ Network Operations, Administration, and Maintenance▪ Fraud detection and prevention▪ Infrastructure protection▪ Law enforcement, public safety, and national security needs
Identity
Provider Subscriber
NetworkIdentifiers
StoredTraffic
ContentData
Real-TimeTraffic
ContentData
EU Data Retention Directive effect on network forensics
+ Harmonizes data retention and access across Europe
+ Applies to▪ Fixed network telephony▪ Mobile telephony▪ Internet access, messaging and telephony
+ Provides data necessary to▪ trace and identify the source of a communication▪ trace and identify the destination of a communication▪ identify the date, time and duration of a communication▪ identify the type of communication▪ identify the communication device or purported device▪ identify the location of mobile communication equipment
+ Does not include content
+ Includes privacy enhancement features
+ Adopted by European Parliament on 14 Dec 2005
+ Likely to be the subject of considerable implementation collaboration activities in 2006-2007
IdentityIdentity
StoredTrafficStoredTraffic
Provider Subscriber
NetworkIdentifiers
ContentData
Specific network forensic “enablers” needed now
+ Provider information▪ All providers of services on Next Generation public communication
infrastructures must be– Registered with appropriate authority– Authenticated– Provided a unique global identifier which is automatically “resolvable” into provider
identity information, subscriber directory URI, and used in all network communications
+ User/subscriber information▪ All users or subscribers of public communication services and the “bindings” with
their communication identifiers must be– Capable of common global discovery– Automatically “resolvable” through the provider into trusted contact and reference
information using a common global directory standard (E.115v2)
+ Ability to exchange and analyze information related to protection and
security▪ Common global protocols and arrangements for rapidly discovering and
exchanging forensic data for protection and security
Collaboration
+ Nudging▪ Analyzing▪ Evangelizing▪ Breaking down stovepipes▪ Filing
– Statutory and regulatory proceedings– Standards activities
+ Just do it▪ Forums▪ Specifications▪ Products and services