TISPAN NGN Security standards - ETSI

World Class Standards

TISPAN NGN Security standards

4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009

Judith E. Y. RossebøETSI TISPAN WG7 Chairman

Telenor R&I© ETSI 2009. All rights reserved

4th ETSI Security Workshop


Overview

� ETSI TISPAN NGN� TISPAN Security Standards� TISPAN Security Architecture

� accessing the Interactive web pages

� TISPAN Security Working Methods

4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009 2

� TISPAN Security Working Methods � based on standards

� Current hot topics � Overview of these � PUC in depth

� Summary


TISPAN NGN

� ETSI TISPAN proposes an architecture basis consisti ng of a range of subsystems:� Access network attachment subsystem (NASS)� Resource and admission control sub-system (RACS)� PSTN-ISDN emulation subsystem (PES)� IP Multimedia Subsystem (IMS) (3GPP)


� IP Multimedia Subsystem (IMS) (3GPP)� IPTV Subsystem

� TISPAN is adopting standards from other bodies wher e appropriate� Aspects relating to common IMS are not standardized by TISPAN,

but if identified shall be transferred to the respo nsibility of 3GPP

TTelecommunication and IInternet converged SServices andPProtocols for AAdvanced NNetworking


TISPAN NGN Architecture



TISPAN NGN Security Standards:

� NGN Security requirements (TS 187 001)� NGN eTVRA (TR 187 002)

� Threat and risk analyses for specific NGN use cases

� NGN Security architecture (TS 187 003)� NGN Lawful Interception functional entities, inform ation flow and


� NGN Lawful Interception functional entities, inform ation flow and reference points (TS 187 005)� WG7 approval ongoing

� New! Specifications for (PUC) Prevention of Unsolic ited Communication in the NGN (DTS/TISPAN-07034-NGN-R3)

� New! RFID Security and Privacy (DEN/TISPAN-07042)


TISPAN NGN security feasibility studies

� Data retention and its impact on the NGN� IPTV Security Architecture – study of:

� Models and key management systems for service prote ction with the aim to develop the model for the NGN

� Functional entities and mechanisms for service prot ection with the aim to define these for the NGN


aim to define these for the NGN� A framework open to the integration of content prot ection solutions


TISPAN NGN Security Architecture –Schematic overview

Interactive Web Interface


http://portal.etsi.org/docbox/stf/STF357_TISPAN7_SecuritySupport_Rel3/Public/Archi_Web/SecAssoc.htm


Basic Security Architecture

http://portal.etsi.org/docbox/stf/STF357_TISPAN7_SecuritySupport_Rel3/Public/Archi_Web/SecAssoc.htm


Security Architecture with RACS and NASS Functions



Security Architecture with Expanded RACS and NASS Functional Entities



TISPAN Security working methods



Process for Security Standardization

� Threat, Vulnerability and Risk Analysis (TVRA) is e ssential� For identifying and specifying objectives and requi rements

� TVRA is iterated at stages 1, 2 and 3 of the proces s � 3-stage process defined in ITU-T Recommendation I.1 30



eTVRA

� Threat Vulnerability Risk Assessment funded by eEurope

� ETSI STF 292 created TVRA method and tool� Under supervision of TISPAN WG7

� Systematic Approach to Risk analysis� Systematic Identification of assets and threats and weaknesses,

computes a weighted risk level.


computes a weighted risk level.

� Applicable during:� Standards development

� Development

� Deployment

� Utilization

� Tested on analysis for SIP & ENUM, IdM, IPTV, PUC, RACS and now Customer Premises Network (CPN)


Understanding of security

� A Threat, enacted by a Threat Agent, may lead to an Unwanted Incident breaking certain pre-defined security objectives

� Aim is to avoid Unwanted Incidents� Countermeasures restrict the ability of threat agents to operate



Threat Vulnerability Risk Assessment0. Identification of the target space

1. Systematic identification of the objectives� resulting in a high level statement of the security aims and issues to be

resolved

2. Systematic identification of the requirements� derived from the objectives given in step 1

3. Systematic Inventory of the assets and their import ance


3. Systematic Inventory of the assets and their import ance

4. Identification and classification of vulnerabili ties in the system, the threats that can exploit them, and the unwanted inc idents that can result

5. Quantifying the occurrence likelihood and the imp act of the threats� Metrics derived from ETR 332 and ISO/IEC 15408-1

6. Quantifying the risks � Uniform comparison of the risk associated with each of the vulnerabilities

7. Identification of countermeasures


eTVRA – Vulnerability Analysis Workshop

� When: Workshop date: 23 March 2009� Where: ETSI Headquarters � Please sign up!

http://www.etsi.org/WebSite/NewsandEvents/2009_TVRA WORKSHOP.aspx



Key tasks covered in the TVRA workshop are:

� Identification, verification and recording of � security objectives; � security requirements; � security functional requirements;

� Application of functional capabilities from ISO 154 08 to functional requirements;


requirements; � Identification and verification of the security bou ndary; � Identification of intrinsic system weaknesses; � Analysis of the threats and the available threat ag ents; � Determination of risk factors – likelihood and impac t, motivation; � Determination of where standards should be applied.

The workshop will be led by ETSI TISPAN WG7 with su pport from members of STF357


Current Hot Topics

� TISPAN NGN security� RFID security and Privacy� IPTV security (enhancement of stage 2, definition o f stage 3)� Adding UC prevention as a feature (stage 1, stage 2 , stage 3)� Security for Customer Premises Networks (CPN) (stag e 1, stage 2,

stage 3)


stage 3)� Security for NGCN � FMC (taking into account requirements of the FMCA)� Analyse the inter-relation between security feature s and architecture

of the NGN (IPTV, NAT-T, NASS, RACS etc.) in terms of how to employ consistent security architecture and mechani sms


New WI on RFID Security and Privacy

� EN for the enhanced privacy & security of RFID and RFID networks

� TVRA: investigating risks associated with various R FID devices and interogators

� Address issues related to personalisation and traff ic analysisUsing ETSI Security Standardisation guidance documents


� Using ETSI Security Standardisation guidance documents� Application of ISO-15408-2 requirements to standard s (TR 187 011)� Guide to ISO-15408 for standards developers (EG 202 387)� eTVRA method and tool

� Expected Results:� Protection profile for RFID devices in the context of IoT� Development guidelines for e.g. marking RFID reader s as visible


Current Hot Topics


Prevention of Unsolicited Communication (PUC)

Thilo EwaldETSI TISPAN WG7

Vice ChairmanNEC Europe Ltd.

World Class StandardsVariety of security threats in NGNs :

Fraud / Spoofing

Accounting & Charging server

Media proxy Media proxy

SIP server SIP server

(D)DOS

IMS – applicationServer

IPTV / VoIP / SIP -

clients

IPTV / VoIP / SIP - client

SIP signalingMedia Stream

Accounting dataSniffing


Classification of threats:�Malicious attacks (e.g. Denial of Service, DoS)

� Attacks against infrastructures and terminals Almost all servers stop operation when attacked in a distributed fashion weak protection against sophisticated attacks (e.g. hijack)

�Social/unsolicited attacks (e.g. SPIT, Fraud, Vishing)� Disturbances and interruptions of work by ringing

phone for unsolicited calls (e.g. fraud by phishing ) No protection at all, expected to become a very big issue in the future, showing up today

Technical goals to achieve:� Modular & flexible design

� Allows to adjust the solution to different network topologies, network entities and

� Highest degree of configuration / personalization� A flexible design allows fine granular configuratio ns and

provides the ability of personalization for every policy/group/user

� Distributed / collaboration of protection entities� A distributed approach enables the solution to moni tor

tasks, active network management and real-time thre at handling

Todays SIP infrastructure is already vulnerable to many attacks:

SPIT Wire tapping

SBCclients


Classification of communication

Technical means for Identification of UC to provide Protection against UC (PUC)

feedback

Stage 1: non-intrusive

Stage 2: caller Interaction

system

system

feedback

Stage 1: non-intrusive

Stage 2: caller Interaction

system

system

Unknown Incoming communication

� Stage 1 Non-Intrusive: � Examples Blacklists, Whitelists,

statistical analysis…

� Stage 2 Caller interaction: � Example: CAPTCHA-tests

� Stage 3 Feedback before call:

22

Stage 4: feedback during call

Stage 3: feedback before call

Stage 5: feedback after call

Knowledge Base

callee

system

callee

Stage 4: feedback during call

Stage 3: feedback before call

Stage 5: feedback after call

Knowledge Base

callee

system

callee

Rated communication

Identify (& mark)

react

Decline/Reroute allow

� Stage 3 Feedback before call:� Example: let the user upload his

buddy-list� Example: indicate to user the

probability of SPIT and let him decide

� Stage 4 Feedback during call:� Example: User can indicate to the

system current call as unsolicited (“SPIT button)

� Stage 5 Feedback after call:� Example: Dial in special number� Example: Interact with the operator


TR 187 009 – Feasibility study on prevention of unsolicited communication (PUC) in the NGN

�Main results from the TR� Is UC is a risk to the NGN user or to the NGN Opera tor?

Yes, based on TVRA results of a TVRA quantifying the lik elihood and impact of UC in the NGN (where UC is initiated in a variety of forms described using a number of scenarios)

� How can UC be prevented in the NGN?


� How can UC be prevented in the NGN?Overview of countermeasures/means to mitigate the r isk using metrics of applicability, effectiveness and architectural inst antiation

Including what already exists (e.g. MCID, OIR, ACR)

� What is done already/ongoing work elsewhere?Status for PUC analysis in other SDOs

IETF, ITU, 3GPP, OMA

Please see the TR for details!

World Class StandardsOutcome of the TR 187 009

� UC is a problem and can become a severe threat to t he success of the NGN

Caller (SPITer) Callee (Bob)

Core network

mark

Access network

Identify

mark

User profiles

Identify

mark

Access network

PUC functionality

Identify

Identify

PUC functionality PUC functionality


� UC is a problem and can become a severe threat to t he success of the NGN

�Specification work is needed, a follow up TS is required (WI07034)

� Identify and suggest network entities/interfaces wh ich can be enhanced with PUC� Network scenario dependant

� Define a communication protocol between PUC functio nality nodes� Protocol extensions

� Specify a common UC profile scheme� Global and personal configuration/handling

World Class Standards(Preliminary) Roadmap of WI07034

�Specifications for PUC in the NGN (DTS/TISPAN07034- NGN-R3)

� Scope (in the context of the NGN):• Specify how to counteract the occurance of PUC• Address methodologies on preventing the terminating party from receiving UC

November19

2009January19#ter

March20#bis

June21

September22

November22#bis

December23

2010

ToC Requirements Architecture

TISPAN R3 stage 1 stop

February20

August21#bis

protocols

Milestones: TISPAN R3 stage 2 stop

TISPAN R3 finalization


• Address methodologies on preventing the terminating party from receiving UC• Describe scenario definitions

• for applicability, effectiveness and architectural instantiation of UC prevention methods.

• Specify architectural impact to different network s cenarios • (i.e., CPN, NGCN, single user scenario and their in terconnection

• Specify relevant objectives and requirements for • NGN architecture, signalling and security

� Challenges:• Work has to be strictly aligned across differnet SDO s:

• 3GPP (LS established – JM planned)• 3GPP SA3 TR “Study of Mechanisms for Protection against Unsolicited Communication for IMS (PUCI)”

• IETF• ITU-T SG17 (LS established)• OMA (LS established)


Summary



� For the NGN, TISPAN WG7:� Defines security requirements;� Defines the security architecture

TISPAN WG7 is responsible for the management and co-ordination of the development of security specifications for TISPAN.


• Interactive Webpage soon available ;

� Conducts threat and risk analyses for specific NGN use cases• eTVRA web-application soon available;

� Proposes countermeasures.WG7 security standardisation is risk-based:Using the ETSI TISPAN methodology for systematic threat,

vulnerability and risk analysis (TVRA)

eTVRA – Vulnerability Analysis Workshopon 23 March 2009 at ETSI Headquarters http://www.etsi.org/WebSite/NewsandEvents/2009_TVRAWORKSHOP.aspx

Don’t forget to sign up!


THANKS FOR YOUR ATTENTIONTHANKS FOR YOUR ATTENTION

4th ETSI Security Workshop - Sophia-Antipolis, 13-14 January 2009

ETSI TISPAN Portal:http://portal.etsi.org/Portal_Common/home.asp


For more information

� European Telecommunication Standardisation Institut e www.etsi.org

� TISPAN security working group chair [email protected]

� TISPAN security working group vice chair


[email protected]

TISPAN NGN Security standards - ETSI

Documents

Transcript of TISPAN NGN Security standards - ETSI