90 likes | 264 Vues
Update on ETSI Cyber Security work. Charles Brookson OCG Security Chairman Largely based on presentations given by Judith E. Y. Rossebø ETSI TISPAN WG7 Chairman Telenor R&I. Submission Date: June 27, 2008 . ETSI TISPAN WG7.
E N D
Update on ETSI Cyber Security work Charles Brookson OCG Security Chairman Largely based on presentations given by Judith E. Y. Rossebø ETSI TISPAN WG7 Chairman Telenor R&I Submission Date:June 27, 2008
ETSI TISPAN WG7 • NGN concept: fixed-mobile network convergence to packet-switched technology delivering multimedia services • ETSI TISPAN is extending the 3GPP IMS concepts in designing NGN • TISPAN Working Group 7 is the NGN competence centre for security with a group of security experts standardizing NGN security www.tispan.org
TISPAN NGN • ETSI TISPAN proposes an architecture basis consisting of a range of subsystems: • Access network attachment subsystem (NASS) • Resource and admission control sub-system (RACS) • PSTN-ISDN emulation subsystem (PES) • IP Multimedia Subsystem (IMS) (3GPP) • IPTV Subsystem • TISPAN is adopting standards from other bodies where appropriate • Aspects relating to common IMS are not standardized by TISPAN, but if identified shall be transferred to the responsibility of 3GPP TelecommunicationandInternetconvergedServicesandProtocolsforAdvancedNetworking
3GPP IMS TISPAN NGN Architecture
TISPAN NGN R1 security: • NGN Security requirements (TS 187 001) • NGN eTVRA (TR 187 002) • Threat and risk analyses for specific NGN use cases • NGN Security architecture (TS 187 003) • NGN Lawful Interception functional entities, information flow and reference points (TS 187 005)
TISPAN NGN R2 security (1/2): • NGN Security requirements (TS 187 001) • Builds on the R1 version of the TS • Defines also security requirements for IPTV, Business Communication, Media Security, Home Networking, and for countering UC • NGN eTVRA (TR 187 002) • Threat and risk analyses for specific NGN use cases such as NAT traversal, RACS, Media Security, and Unsolicited Communication; • NGN Security architecture (TS 187 003) • Work is ongoing on defining the security architecture for IPTV, Home Networking, FMC, Media Security, H.248, Corporate Networks • NGN Lawful Interception functional entities, information flow and reference points (TS 187 005) • Builds on the R1 version of the TR
TISPAN NGN R2 security (2/2): • Generalized NAT traversal feasibility study (TR 187 007) • TB approved December, 2007 • Media security (TR 187 008) • Impact of unsolicited communication in the NGN • New work item on data retention and its impact on the NGN
NGN Feasibility Studies Feed into TISPAN Core Security Documents:
Topics for future work • TISPAN NGN security beyond Release 2 • IPTV security (enhancement of stage 2, definition of stage 3) • Adding UC prevention as a feature (stage 1, stage 2, stage 3) • Media security provisioning (stage 1, stage2) • Additional work on NAT-T (e.g. interaction with RACS, interaction with IPTV, security analysis of use of STUN) • Enhanced security for NASS, RACS • Security for CNG/CND (stage 1, stage 2, stage 3) • Implications for AGCF security • Security for NGCN • FMC (taking into account requirements of the FMCA) • Diameter and Radius AVP profiling • Application layer security on the NGN (e.g. TELCO 2.0) • Analyse the inter-relation between security features and architecture of the NGN (IPTV, NAT-T, NASS, RACS etc.) in terms of how to employ consistent security architecture and mechanisms • Develop general rules, patterns, and templates to ease the employment of the NGN in practice and to facilitate risk control