Telecommunications Industry Association TIA’s Role in Homeland Security, Network Security, Critical Infrastructure Protection, National Security/Emergency Preparedness, Emergency Services, and the Needs of First Responders TIA Contacts: Dan Bart dbart@tiaonline.org David Thompson dthompson@tiaonline.org Presentation Overview TIA Overview – Trade Association, Standards Developer, Secretariat Services TIA Standards Development Overview TIA Security/HS/CIP-related Activities TIA Engineering Committee (TR) Activities Detailed Supplemental material: Compendium of Emergency Communications and Communications Network Security-related Work Activities within the TIA – URL: http://www.tiaonline.org/standards/cip/EMTEL_sec.pdf TIA Overview Our Mission: TIA represents providers of communications and information technology products and services for the global marketplace through its core competencies in standards development, domestic and international advocacy, as well as market development and trade promotion programs. – Facilitates the convergence of new communications networks while working for a competitive and innovative market environment. – Strives to further members' business opportunities, economic growth and the betterment of humanity through improved communications. TIA Overview TIA Website: www.tiaonline.org Full-service trade association serving the communications and information technology industry TIA facilitates business development and a competitive market environment for its 700 member companies through: – – – – Domestic and international advocacy Market development and marketing data Trade Shows (domestic and international) Standards Development and Secretariat Services TIA Overview TIA is an American National Standards Institute (ANSI)-accredited Standards Development Organization (SDO) – 5th largest ASDO measured by number of ANSs TIA is ITU-T Approved and Qualified: – Rec. A.5 (referencing documents of other organizations in ITU-T Recommendations) – Rec. A.6 (Cooperation and exchange of information between ITU-T and other SDOs) Reference to TIA documents in ITU-R Recommendations TIA is Sector Member of ITU-D TIA Standards Development Overview TIA SDO Overview Standards development dates back to 1920’s – As an ANSI-accredited SDO, TIA develops consensus-based, voluntary industry standards for a wide variety of telecom products and systems – TR-8 is the oldest engineering committee and has provided standards for private radio systems such as those used by public safety since 1944 – Its predecessor on the standards side, EIA, started as the Radio Manufacturers Association (RMA) in 1924 8 product-oriented Engineering Committees (TR/FO) Over 70 subcommittees and working groups – Over 1,300 individuals from nearly 20 countries work in these formulating groups – Representatives from academia, manufacturers, service providers, and end-users, including the government TIA SDO Overview Standards projects and technical documents – Formulated according to guidelines established in the Association's ANSI-approved Engineering Manual. – Potential projects initiated by a technical contribution to a TR/FO or subcommittee • Request creation of a new standard or technical document in a particular area of technology TIA has more than 1,000 standards/specifications published – TIA and other sectors of EIA together are the 2nd largest SDO after ASTM (measured by ANSs) TIA SDO Overview TIA represents U.S. interests in the international standards arena – Active in ITU, IEC, ISO, JTC 1, CITEL, GSC, etc. • Secretariat Services to: – Several Technical Advisory Groups – Working Advisory Groups – International Technical Groups – Partnership Projects • 3GPP2 - Third Generation Wireless cdma2000® technology • Organizational Partner (OP) and 3GPP2 Secretariat OP w/ ETSI in Project MESA (Mobile Broadband Specs for Public Safety Users) Mobility for Emergency and Safety Applications – Participates in U.S. Department of State International Telecommunication Advisory Committee (ITAC) and CITEL PCCI and II Prep TIA’s Role in Homeland Security, Network Security, Critical Infrastructure Protection (CIP) , National Security/Emergency Preparedness (NSEP), Emergency Services, and the Needs of First Responders TIA Security/HS/ CIP-related Activities TIA and TIA members have been involved for over 20 years in the activities of the President’s National Security Telecommunications Advisory Committee (NSTAC) – TIA attends NSTAC Business Meetings – Monitors activities of the Industry Executive Subcommittee (IES) – Participates in the work of NSTAC Task Forces such as Wireless Task Force on Security (WTF) and new TF focusing on Next Generation Networks (NGN) National Security/Emergency Preparedness (NS/EP) needs The President’s National Security Telecommunications Advisory Committee (NSTAC) • Created by Presidential Executive Order in 1982 • Typically composed of 30 Industry Chief Executives • major communications and network providers • information technology • finance • aerospace • Works with National Communications System (NCS) • Generates technical reports and recommendations for the President regarding National Security / Emergency preparedness (NS/EP) telecommunications • Website (linked from TIA Web Site): www.ncs.gov/nstac/nstac.htm WTF Security Charge The NSTAC Wireless Task Force (WTF) researched wireless security issues for NS/EP users, gaining a better understanding of unique NS/EP security requirements and determining where wireless vulnerabilities exist (e.g., customer devices, network interfaces, facilities) The task force provided policy recommendations to ensure standards bodies and individual companies consider NS/EP requirements when developing wireless connectivity solutions The task force provided policy recommendations for the NSTAC to consider providing to the President addressing how Government agencies should assess their vulnerabilities based on wireless technologies being deployed and specific agency requirements WTF Results Reports Include: – Wireless Priority Service (WPS) Report – Wireless Security Report – Security of Internet-Enabled Wireless Devices Report Recommendations were accepted by the NSTAC committee and included in NSTAC report to President REPORTS: http://www.ncs.gov/nstac/nstac_publications.html NGN TF New 2004 NSTAC IES TF: – ONGOING: Recent Task Force (TF) focus is on Next Generation Networks (NGN) NS/EP needs: • NSTAC IES NGN TF, NGN Description Working Group • NSTAC IES NGN TF, NGN Scenarios and User Requirements Working Group • NSTAC IES NGN TF, NGN Near-Term Recommendations Working Group • Follow-on NSTAC TF NGN working groups may include Incident Management, End-to-End Services and Threat Modeling TIA Security/HS/ CIP-related Activities Under Presidential Decision Directive 63 (PDD-63) TIA was chosen as one of the Sector Coordinators for the Information and Communications (I & C) Sector by the Department of Commerce – TIA continues in this role for Telecom Sector (with CTIA and USTA) under Homeland Security Presidential Directive 7 (HSPD-7) TIA is a non-Resident member of the 24x7 National Coordinating Committee Telecommunications – Information Sharing and Analysis Center (NCC Telecom ISAC) – Weekly NCC Telecom ISAC Staff meetings, coordination/outreach to non-ISAC industry members and other activities, as requested by ISAC – Includes national emergency alerting and member availability to assist T-ISAC efforts as requested TIA is part of the Executive Notification System (ENS) of DHS Information Assurance Infrastructure Protection Directorate (DHS IAIP) TIA Security/HS/CIP As a Sector Coordinator and neutral Industry forum, TIA provided input to draft U.S. National Response Plan, Private Sector Support Annex (2003/2004) – Via NCC T-ISAC and DHS Private Sector Office National Strategy to Secure Cyberspace – The Strategy includes recognized critical [private] sector developed strategies to secure their infrastructures. • https://www.pcis.org/getDocument.cfm?urlLibraryDocID=40 – TIA, as part of PCIS, contributed towards then Information & Communications sector input of Strategy (2003) TIA Security/HS/CIP As a Sector Coordinator, TIA also holds a Board seat on the Partnership for Critical Infrastructure Security (PCIS) – PCIS addresses cross-sector and interdependency CIP issues – PCIS meets bi-monthly with the Department of Homeland Security (DHS) and other Sector Lead Agencies and the ISAC Council at GMU-hosted meetings, and separately the other month TIA is part of the Emergency Alert system of DHS Information Assurance Infrastructure Protection Directorate (DHS IAIP) TIA is active in ANSI’s Homeland Security Standards Panel (HSSP), another cross-sector activity, but focusing only on standards and conformity assessment – TIA (Dan Bart) is the private sector Co-Chair of HSSP with NIST as public sector Co-Chair, and he also co-chairs its Steering Committee (SC) – ANSI HSSP SC also functions as a TAG for the US Expert to the ISO Advisory Group on Security (AGS) TIA Security/HS/CIP TIA and TIA members have been involved in the activities of President Bush’s National Infrastructure Advisory Committee (NIAC) – Recent activity includes Prioritization of Cyber Vulnerabilities Working Group TIA and its members have participated on the FCC's Network Reliability Council (NRC) and Network Reliability and Interoperability Council (NRIC) – The purpose is to assist with analysis of issues that can affect reliability, security and other FCC-specified analysis areas and to determine best practices to recover from natural or man-made outages, including those that might be caused by a computer hacker or terrorist, and create Best Practices – NRIC VII (2004) Focus Groups involve Enhanced 9-1-1, Homeland Security, Network Best Practices and Broadband TIA Security/HS/CIP TIA closely monitored the work of the President’s Commission on Critical Infrastructure Protection (PCCIP)— [1996] – PCCIP Commissioner presentations at SUPERCOMM ‘97 and other TIA-hosted events TIA participated in and was on the Steering Committee of the Information Security Exploratory Committee (ISEC) —[1999] – NSTAC had previously proposed the creation of an Information Security Standards Board (ISSB) • Involving standards needs and conformity assessment – Industry formed ISEC to evaluate ISSB Proposal • ISEC advice included need for more education outreach efforts • about potential infrastructure threats, and current security products, systems and groups No case for ISSB at that time TIA Security/HS/CIP TIA participates in NTIA’s Economic Security Working Group (EconSec WG) meetings and participates in its subgroups such as the International Outreach and R&D subgroups as needed – For example, bi-lateral meetings and multi-lateral meetings on CIP; including government/industry delegations • Examples: Italy, Canada, Australia, India, Japan • Private meetings with other SDOs or multi-national companies TIA is on the National Cyber Security Partnership (NCSP) Steering Committee TIA shares information with other SDOs and international groups like the ITU and Global Standards Collaboration (GSC) in these security-focused High Interest Subject areas TIA Security/HS/CIP-related Activities Global Standards Collaboration (http://www.gsc.etsi.org/) – TIA is active in the GSC – GSC-9 meeting in Seoul in May 2004 (http://www.tta.or.kr/gsc/index.jsp) adopted several Resolutions with a focus on Security • Emergency Communications Resolution GSC-9/2 • Next Generation Networks Resolution GSC-9/3 • Cybersecurity Resolution GSC-9/4 • Public Protection and Disaster Relief (PPDR) Resolution GSC-9/9 TIA Security/HS/CIP-related Activities TIA Addresses needs of First Responders and Law Enforcement – TIA (and it predecessors) have been addressing the needs of private radio users like Public Safety users since 1944 in TR-8 (See MESA, Project 25 and TR-8 on TIA web site) • Cooperation agreement with APCO/NASTD/Federal agencies since 1992 on • Project 25 Established APCO Project 25 Interface Committee (APIC) under our Private Radio Section of Wireless Communications Division – TIA participated on the FCC’s National Coordinating Committee (NCC) for public safety, developed standards at request of NCC – TIA was appointed to the advisory committee of the National Public Safety Telecommunications Council (NPSTC) – TIA was appointed to the advisory committee for DHS SAFECOM – TIA is the Lead SDO on Lawfully Authorized Electronic Surveillance (LAES) standardization for CALEA – TIA appropriately contributes & presents works at ITU on PPDR/TDR TIA Security/HS/CIP-related Activities TIA Addresses needs of First Responders and Law Enforcement – Active public policy programs for urging spectrum for Public Safety and Funding for Public Safety Interoperability – Participated at DHS/NIST Public Safety Interoperability Workshop – Meetings with DHS SAFECOM Office – TIA moderated a Panel on Public Safety needs at SUPERCOMM 2003 – Briefings on MESA and other Public Safety-oriented programs at ITU (PPDR/TDR) and elsewhere – Briefings on TIA Public Safety-oriented activities like MESA to CDG Board (Dec 03), CIAJ (Jan 04, Jun 04) – Moderated Congressional Research Service (CRS) Panel on Public Safety needs (Nov 03) – Supported Global Disaster Information Network (GDIN) event (March 2004) TIA Security/HS/CIP-related Activities Other TIA Connections with Security/CIP – The Internet Security Alliance (ISA) is a member of the Electronic Industries Alliance (EIA) along with TIA, and ISA Executive Director is a Special Advisor to ANSI HSSP – TIA was part of ANSI/ESO (European Standards Organizations - CEN/CENELEC/ETSI) meetings in France 2004 and security standards were a topic on that agenda – Security and Privacy of Communications and Location information is an emerging topic for ISO TC 204 WG 16 Intelligent Transportation Systems (ITS) and TIA is a voting member of the US TAG to TC 204 and WAG Admin for WG16 – 3GPP2 develops specifications that ensure security within cdma2000® systems TIA Engineering Committee (TR) Activities TIA Engineering Committee TR-8 Mobile and Personal Private Radio Standards Chair: John Oblak, E.F. Johnson TIA Committee TR-8 TR-8 develops and maintains standards for private radio communications systems and equipment – Critical communications systems for public safety and emergency services • Analog and digital – For both voice and data applications; addressing all technical matters for systems and services, including definitions, interoperability, compatibility and compliance requirements – Over 50 years of standards formulation history TIA Committee TR-8 Activities include: – Project 25 • Committee for selecting voluntary common system standards for digital public safety radio communications (voice and data) – Incl. APCO, NASTD, NCS, selected North American Federal Agencies – Primary public service function of P25-compliant equipment and systems is emergency voice communications between line officers (i.e., police, firefighters) in the field and their dispatch points. Also limited “bursty” data • TIA TR-8 facilitates such work through its role as the ANSIaccredited SDO – TIA TR-8 102-series Family of Standards TIA Committee TR-8 Activities include: – Project 25 Public Safety objectives: • 1) a spectrum efficient solution that satisfies the spectrum • • • regulators requirements for narrow-banding, 2) a digital solution that offers the public safety community more services (such as short messages, caller ID, etc.) as well as better system command and control (an administrator can set up talk groups for the police in one jurisdiction, the police captains over the entire metro community, etc.), 3) a backward compatible solution to FM analog land mobile radios and to legacy systems for interoperability and to allow a migration path from analog to digital technologies, and 4) a solution that allows the public safety agencies to select among multiple vendors offering multiple options and features such that the agencies can select the radio system’s characteristics based upon their needs and funding requirements. TIA Committee TR-8 Console Console Console Interface Base station or fixed station RF SubSystem (RFSS) Mobile and portable radios RF SubSystem (RFSS) Base station or fixed station Inter RF SubSystem Interface (ISSI) Fixed Station Interface Base station or fixed station Data Network Interface Common Air Interface Network Management Interface Public Switched Telephone Network Network Management Telephone Interconnect Interface Subscriber data peripheral interface Project 25 System Interfaces TIA Committee TR-8 Activities include: – Project 25 • A searchable listing of published TIA 102-Series documents can be viewed and ordered by pointing browser to: http://www.tiaonline.org/standards/search_n_order.cfm – search with keyword “project 25” • P25 Public Safety Communications Interoperability FAQs – URL: http://www.tiaonline.org/standards/project_25/P25FAQ.pdf • TIA P25 Webpage: http://www.tiaonline.org/standards/project_25/ TIA Committee TR-8 Activities include: – Wideband Data Standards Project • U.S., regulatory decisions and plans helped to spur development of LMR wideband standards, including the dedication, by the FCC, of spectrum in the 700 MHz frequency band for wideband data • Channels are at 50 kHz, and can be aggregated to 150 kHz, allowing users data rates as high as 700 kbps – i.e., video, picture ID, and fingerprinting • The TIA-902 and 905 series of standards for this technology have been completed and can enable system deployment – Mainly handles data; however voice traffic is also supported – Interoperability primarily involves the over the air interface TIA Committee TR-8 Activities include: – Wideband Data Standards Project • Currently, in the U.S., only spectrum in the 700 MHz band has been allocated to implement standard wideband systems (and P25 for interoperability), where incumbent broadcast TV stations currently inhibit use – Systems cannot be deployed until the TV stations vacate from this band. Issue in deliberation; including Congressional activity to expedite transition • Wideband standards complement existing P25 standards (e.g., voice and low/medium data rates), operating at different frequencies and bandwidths and providing a different set of optimized capabilities for high speed data transfer TIA Committee TR-8 Project MESA (Public Safety Partnership) – Mobility for Emergency and Safety Applications – NGN mobile broadband communications capabilities • Due to commonalities, the European Telecommunications Standards • • Institute (ETSI) and TIA agreed to work collaboratively for the production of mobile broadband specifications for public safety as initiated by ETSI Project TETRA (under the name of DAWS -- Digital Advanced Wireless Services) and by TIA and APCO under APCO's Project 34 MESA involves all platforms and technologies that meet defined requirements (MESA SoR)—incl. private, commercial & public systems Capable of extremely high levels of security, yet contain standardized interfaces to public and private networks – Open to participation from all regions of the world • Currently has public safety and industry participants and observers from North America, Europe (East and Western) and Asia (including Korea) – Please refer to the www.projectmesa.org Website for further information TIA Committee TR-8 Project MESA (Public Safety Partnership) – In the U.S., the FCC allocated 50 MHz of spectrum in 4.9 GHz band for public safety broadband communications – TIA has since established a broadband data standards subcommittee, TR-8.8, which is developing standards for public safety communications in this band – TIA, as an Organizational Partner SDO, will regionally (N. America) transpose and publish MESA output • Ongoing contributions initiated through TIA to future broadband • standards process are expected to continue as technology, environment, and public safety needs evolve Note that similar to the wideband standards, the broadband standards will complement existing P25 standards TIA Engineering Committee TR-30 Multi-Media Access, Related Protocols and Interfaces Chair: Fred Lucas, FAL Associates TIA Committee TR-30 This Engineering Subcommittee is responsible for Data Circuit Terminating Equipment (DCE) and the interfaces between DCE's and Data Terminal Equipment (DTE), together with the transmission media to which they are connected (e.g., the Public Switched Telephone Network) – Standards include functional, electrical, and mechanical characteristics; involving such devices as modems, standard and IP facsimile and textphones Related to this compendium, activities presently being explored involve such topics as Internet/IP facsimile security and emergency accessibility service capabilities for textphones over IP and PSTN networks, involving national and international standards activity – The work done in this committee has emergency telecommunications service implications and aspects, including Enhanced Priority Treatment, Network Security, International Connectivity and Quality of Service TIA Engineering Committee TR-34 Satellite Equipment and Systems Chair: Jeffrey Binckes, ICO-Teledesic Global, Ltd. TIA Committee TR-34 TIA TR-34 Engineering Committee is an established, open and ANSI-accredited forum for satellite technology development This TIA Engineering Committee recently reviewed the issue of Lawfully Authorized Electronic Surveillance (LAES) in support of Communications Assistance for Law Enforcement Act (CALEA) for satellite systems – Concluded that TR-34 could be an avenue (coordination, new work initiation) for applicable security and emergency service/accessibility related communications standards activity, if deemed by membership to be appropriate in the future. TIA Engineering Committee TR-41 User Premises Telecommunications Requirements Chair: Steve Whitesell, VTech TIA Committee TR-41 Work relates to telecommunication terminal equipment, user telecommunication systems, private telecommunication networks, private network mobility, unlicensed wireless user premises equipment, and auxiliary equipment and devices, used for voice service and integrated voice-data service. – Infrastructure assurance, network security and enhanced emergency telecommunications services are aspects addressed within this committee’s work – Work also includes regulatory, safety and environmental requirements, network security, QoS and applicable accounting and billing aspects. TIA Committee TR-41 Recent security issues that are being worked in the TR-41 committee include IP Telephony, as an emerging technology involving the amalgamation of telephony operations on a Local Area Network/Wide Area Network/Metropolitan Area Network (LAN/WAN/MAN) infrastructure. – The threats from telephony can be overlayed with the threats native to the IP environment, both passive (i.e., copying information in transit/during storage) and active (modifying information in transit/during storage or disruption of normal operations). In addition to threats against IP Telephony (IPT) infrastructure (i.e., routers, switches, authentication resources), greater exposure is also being directed towards threats against the IP Telephony application itself – Including toll fraud, unauthorized access to resources, unauthorized access to voice mail and other private user information. Other threats involve IPT endpoints (i.e., IP phones, gateways, “softphones”), passive and active attacks on the signaling stream (including eavesdropping) and other issues that are of importance. TR-41 Standards for Support of Emergency Calling Services and Network Security TR-41.1 – ANSI/TIA-464-C-2002, “Requirements for Private Branch Exchange (PBX) Switching Equipment” • Addresses enhanced or E9-1-1 requirements for Centralized Automatic Message Accounting (CAMA) trunks, establishes performance and technical criteria for interfacing and connecting with various elements of public/private telecommunications networks and helps to assure QoS – ANSI/TIA-689-A-2003, “Telecommunications - Multiline Terminal Equipment - PBX and KTS Support of Enhanced 9-1-1 Emergency Calling Service” • Requirements and recommendations for emergency telecommunications support • • of E9-1-1 emergency calling service for PBX and key telephone systems, specifically dialing, routing, network interface technical specifications and local notification May be used in design of multiline telecommunication systems (MLTS) that are installed in many businesses, hotels or campus environments TIA-689-A, with referenced documents, will provide guidance to manufacturers to build multiline equipment that helps emergency responders to determine the location of 9-1-1 calls placed by telephone stations connected to MLTS TR-41 Standards for Support of Emergency Calling Services and Network Security TR-41.4 – Reciprocal liaison between this Subcommittee and ETSI EMTEL regarding emergency services – The subcommittee is also tied in to the work of the National Emergency Numbering Association (NENA) through participation of individuals in both activities – PN-3-0061 (to be published as TSB-139), “IP Telephony Security Framework” • Examines Voice over IP (VoIP) telephone network security, IP network architectural security considerations, authentication, authorization, privacy, governmental requirements and the threat environment within the Customer Premises Equipment (CPE)/Enterprise space – Conveyed need for a security protocol suite tailored for devices with limited resources to the IETF TR-41 Standards for Support of Emergency Calling Services and Network Security TR-41.4 – TIA/TSB-146-2003, “Telecommunications - IP Telephony Infrastructures - IP Telephony Support for Emergency Calling Service” • Describes network architecture elements and their functionality needed for providing E9-1-1 or ECS support over IP terminals in an Enterprise-nonenterprise environment Network. – Addresses ECS calls placed from fixed, mobile, remote dial-in or wireless access VoIP terminals. Does not address devices connected to VoIP networks through gateways – PN-3-4726-RV1 (to be published as TSB-146-A), “Telecommunications IP Telephony Infrastructures - IP Telephony Support for Emergency Calling Service” • Being developed as TIA/TSB-146 revision and applicable to emergency • • telecommunications services Note that recently published European emergency call handling requirements (e.g., ETSI SR 002 180) have been made available to project and are being taken into consideration (i.e., coordination of E9-1-1/E1-1-2 and PSAP elements) Coordination with TIA TR-45 is also being proposed with regard to E1-1-2 requirements for cdma2000® systems operating in Europe TR-41 Standards for Support of Emergency Calling Services and Network Security TR-41.4 – PN-3-0172, “Enterprise Location Information Server Interfaces” • This purpose of this project is to standardize the application protocol interfaces between the Location Information Server (LIS) application functions and other Enterprise emergency call service entities – PN-3-0185, “Link Level Discovery Protocol (LLDP) – Media Endpoint Discovery (MED)” • This project provides extensions to the IEEE 802.1AB™ base protocol, to allow for many advanced multi-vendor interoperation features in a VoIP network environment, including basic configuration, network policy configuration, Emergency Call Service/ E9-1-1 location support, inventory control, and more TR-41.9 – Work involves requirements for connection of terminal equipment to the telephone network (i.e., ANSI/TIA-968-A-2003) Threats Against IP Telephony A brief dissertation by Bob Bell, Cisco Chair - TR-41.4 IP Telephony Infrastructure Background IP Telephony is a new and emerging technology Marriage of telephony operations on a LAN/WAN/MAN infrastructure Brings the threats from Telephony and overlays them with the threats native to the IP environment Types of Threats Internal vs. external Passive vs. active Threats against the application Threats against the Infrastructure Threats against the endpoints Threats against the signaling streams Threats against the media streams Internal vs. External Most widely published attacks are from the outside – Hacked Web Sites – Denial of Service to eCommerce Internal attacks are not widely published – Snooping in company private information – Misuse of company resources FBI states that 70-80% of attacks against enterprise IP systems are internal not external Passive vs. Active Passive threats involve copying information in transit or during storage – Copying email – Copying files from servers – Telephony Bugging/Illegal wiretaps Active threats involve the modification of information in transit or during storage and the disruption of normal operations – Deleting critical company files/information – Modification of critical company information – DoS attacks against critical resources Threats against the application Threats directed against the IP Telephony application itself include: – Toll Fraud – Unauthorized access to resources – Unauthorized access to Voice Mail and other user private information Not new, but have greater exposure Threats against IPT Infrastructure Infrastructure elements include: – – – – Proxies/Call Agents Routers and Switches Authentication Resources Centralized call related resources (e.g., Conference Bridges) Threats against the IPT endpoints IP Telephony endpoints include: – IP Phones – Gateways – “SoftPhones” Limitations/Challenges Special considerations Threats against the Signaling Stream Passive Threats – Monitoring signaling information to determine calling patterns – Extracting/recovering user identification information from signaling streams. Active Threats – Instituting “Man-in-the-Middle” attacks – Modifying signaling to redirect/block calls – Enabling phones to act as “bugging” devices Threats against the Media Stream Passive threats include eavesdropping and recording of phone conversations Active threats include the on-the-fly modification of phone conversations Summary Threats are not new Threats are not unique to IP Telephony Threats are addressable It will take work Come join us in our work – Coordinate efforts TIA Engineering Committee TR-45 Mobile and Personal Communications Systems Cheryl Blum Chair TR-45 and TIA HOD 3GPP2 Lucent Technologies TIA Committee TR-45 Develops performance, compatibility, interoperability and service standards for mobile and personal communications systems Comprised of 6 Subcommittees and several adhoc groups, including: – TR-45 Ad-Hoc Authentication Group (AHAG) – Responsible for Security Assessment Issues including selection of cryptographic algorithms to support TR-45 security mechanisms – TR-45 Lawfully Authorized Electronic Surveillance (LAES) coordination - Responsible for standards development to support CALEA and related industry solutions – TR-45.2 Ad-Hoc Emergency Services Group involving such issues as Enhanced 9-1-1 (E-911) TIA Committee TR-45 Involved in the development of security features since the early 90s (i.e., Authentication, Signaling Message Encryption and Voice Privacy) Joint Standards Development Work with ATIS to address legislated and mandated security services – Emergency Services (e.g., E-911 location) – Lawfully Authorized Electronic Surveillance (CALEA) Developed a standards for Wireless Priority Service (WPS) for CDMA Systems in parallel with WPS Industry Requirements work Developed a Priority Access and Channel Assignment (PACA) technique, a queued originate mechanism that may be used to support a priority access scheme in the event that either radio or network resource is congested. TR-45 Security Features Authentication, Signaling Message Encryption, Privacy are supported in TIA/EIA-41 Networks and their radio technologies – TDMA, CDMA, AMPS-based systems – Authentication • Verification of the identity of the mobile equipment • Performed on every service request • Concept based on an authentication challenge – Signaling Message Encryption • Ensures privacy over signaling channels by encryption of signaling information – Privacy • Encryption keys used to ensure privacy over traffic channels In the ongoing interest of security, enhancements to these basic security features have been adopted by TR-45 to support Enhanced Subscriber Authentication (ESA) and Enhanced Subscriber Privacy (ESP) mechanisms for 3G Systems TR-45.2 Ad-Hoc Emergency Services Group 1996 Chair: Larry A. Young [Sprint] – FCC Released Enhanced 9-1-1 (E-911) Requirements 1997 – Joint Standards Work with TIA and Committee T1 resulted in publication of JSTD-034, Enhanced Emergency Services Phase 1 2000 – In August, Joint Standard document, J-STD-036, Enhanced Wireless 9-1-1 Phase 2 was published. Standard supports both network-based and handset-based solutions. 2002 – In July, Joint Standard, J-STD-036-A was published with enhancements to original version 2003 – In March, addendum J-STD-036-A-1 was published including Interim Position and enhancements to Non-dialable Callback Numbers. 2004 – Joint Standard, J-STD-036-B is scheduled to be published 4Q with MEID and Interim Position for GSM TR-45.1 TR-45 Standards for Support of Emergency Services and Position Determination – – TIA/EIA/TSB-119, Enhanced System Access Procedures for E911 Calls for Analog Cellular TIA/EIA/IS-817, Position Determination Service Standard for Analog Systems – – TIA-881 “TIA/EIA-41-D Location Services Enhancements” published March 2004 TIA-843 “Wireless Intelligent Network Support for Location Based Services” published August 2004 PN-3-0054 (scheduled to be published October 2004 as TIA-917), “TIA/EIA-41 Support for Wireless Priority Service (WPS)” TR-45.2 – TR-45.3 – ANSI/TIA/EIA-136 Series, TDMA 3G Wireless – Support for Emergency Calls, Emergency Information Broadcast, and for System Assisted Mobile Positioning through Satellite (SAMPS) TR-45.4 – – TIA-2001-C (IOS v4.3), Interoperability Specification (IOS) for cdma2000(r) Access Network Interfaces - Support for Emergency Calls and Position Determination PN expected 2004 to address WPS for CDMA interfaces – TIA-2000-D, cdma2000® Spread Spectrum Systems – Support for Emergency Calls – TIA-801-A, Position Determination Service Standard for Dual Mode Spread Spectrum Systems – TIA-916, Minimum Performance Specification for TIA/EIA/IS-801 Mobile Stations TR-45.5 TR-45 LAES Ad-Hoc Group Chair: Terri Brooks 1994 – CALEA Legislation introduced to Subcommittee TR-45.2 by Law Enforcement 1997 – Joint Standards Work with TIA and Committee T1 resulted in publication of TIA/T1 J-STD-025 as safe harbor standard for CALEA. Standard challenged at FCC over nine features not included and two that were. 1999 – FCC released the Third Report and Order validating six of the nine punch list items and indicating that further work needed to be done on the packet data solution in the standard. FCC supported level of location information provided. 2000 – J-STD-025-A published in April containing six punch list items. 2000 – Industry held two Joint Experts Meetings during 2H/2000 to explore packet data solutions TR-45 LAES Ad-Hoc Group 2000 – J-STD-025 and J-STD-025-A sent for ANSI ballot. Ballots resolved in LAES AdHoc meeting in July 2000 – In August, US Court of Appeals vacates four of the six punch list items. ANSI/JSTD-025 published as ANSI document. J-STD-025-A suspended pending further information from the FCC on the punch list items 2002 – In April, FCC issues Order on Remand reinstating the four vacated punch list items 2002 – In November, J-STD-025-A is re-balloted as an ANSI document 2003 – The Jointly developed ANS was published as ANSI-J-STD-025-A-2003, “Lawfully Authorized Electronic Surveillance” 2004 – The joint TIA/ATIS developed J-STD-025-B to address refining of packet data solutions is currently in the ANSI balloting process, undergoing a second default ballot round. Anticipate publication no later than 2005. Non-ANS version of 025-B published in 2004 Future TR-45 LAES Work 2004 (September) – Going forward: The LAES work, undertaken within TIA as Lead SDO, has been reorganized and divided as appropriate among the TR-45 LAES Ad Hoc, the TR-45.2 (LAES for IMS) and the TR-45.6 (LAES for packet data system) subcommittees • Project Numbers and capabilities documentation will be available in near future Wireless Priority Service for CDMA Systems WPS is a voluntary service based on FCC R&O 00 242 (WT Docket No. 96-86) WPS is provided to National Security/Emergency Preparedness (NS/EP) Personnel and supports 5 levels of priority assigned by National Communications System personnel. WPS is primarily for voice and circuit-switched data calls and requires no modifications to existing handsets WPS invoked on a per-call basis by dialing the star digit code (*272) + DN – WPS User MS validated by Wireless Priority Service Center – WPS call request is given priority treatment (e.g., queued) when no radio channels are available in the originating or terminating wireless network – Call is completed (based on priority level) when a radio traffic channel becomes available Wireless Priority Service for CDMA Systems Standards Development work being done in TR-45.2 to address WPS for CDMA systems – Project Number PN-3-0054 initiated 2001 – Document balloted in February 2003 – HLR validation of WPS user added and document issued for 2nd ballot in August 2004 – Approved for Publication as TIA-917 (September 2004) – Editor – Atul Thaper, Verizon Wireless Standards Development work beginning in TR-45.4 to address WPS for CDMA interfaces – Project Number request anticipated in September, 2004. Wireless Priority Service for CDMA Systems Industry Requirements (IR) work was done in parallel with the standards work – WPS Initial Operating Capability (IOC) IRs for CDMA and GSM Systems Developed in February 2002. Focused on originating radio network priority – WPS Final Operating Capability (FOC) IRs. Focused on priority in the radio network (originating and terminating) and the landline network • GSM – Completed September 2002 • CDMA – Completed June 2004 – CDMA WPS IR and standards project PN-3-0054, which supports both IOC and FOC, are closely aligned – Development of WPS IR requirements for packet currently in progress TIA TR-45 Ad hoc Authentication Group (AHAG) Chair: Frank Quick, QUALCOMM Inc. 3rd Generation (3G) cdma2000 ® Security 3GPP AKA protocol (Global Roaming) – Mutual authentication between Mobile and Network 128-bit root secret K – Entity Authentication (SHA-1 Algorithm) – 128-bit key for Message Auth (EHMAC) – 128-bit key for AES Encryption (Rijndael Algorithm) Backwards compatibility R-UIM support Air interface and Network algorithm negotiation Mobile IP, Radius/Diameter, CHAP authentication 2G and 3G Security Standards Common Cryptographic Algorithms (CCA) – – – – – Developed in 1992, latest revision D.1 Sept. 2000 Security limited by ITAR (US Export Regulations) CDMA: 40-bit private long code mask (voice not encrypted) TDMA: 520-bit fixed voice privacy mask 64-bit authentication and signaling encryption keys Enhanced Cryptographic Algorithms (TIA946) – Published June 2003 – No longer subject to strength limitations • But encryption technology is still export controlled! – 128-bit keys for Authentication and Encryption – Strong Public Algorithms (SHA-1, HMAC/ENMAC, AES) AMPS (Analog) IS-95 CDMA ETACS (Analog) IS-136 TDMA DHKE ® AES Encryption cdma2000 1x (3G) 1xEV-DO RADIUS AAA CHAP, PAP 2G Security, R-UIM GSM TDMA/GSM/GPRS/EDGE (2.5G) 2G TR-45 2G GSM Security A5.1, 2 Encryption cdma2000® Release A cdma2000® Release B 2G Authentication AES Encryption cdma2000® Release C, D 3GPP AKA – SHA-1 AES Encryption HMAC, EHMAC MIP Authentication RADIUS/DIAMETER, IPsec, SIP IMS UMTS/3GSM/WCDMA (3G) 3GPP AKA KASUMI MILENAGE MAC SIP IMS, MAPsec Application End-to-End Security (PGP, CONDOR) Presentation Session Transport Network Data Link Physical Transport Layer Security (WAP, TLS , SRTP) MIP, IPsec TR-45 Privacy and Authentication TR-45 Contacts TR-45 Chair/HOD to 3GPP2: Cheryl Blum • Technical Manager Lucent Technologies, Inc. cjblum@lucent.com TR-45 AHAG Chair: Frank Quick • Sr. VP, Corporate R&D QUALCOMM Incorporated fquick@qualcomm.com TIA Contact: Dan Bart • Senior Vice President, Standards and Special Projects dbart@tiaonline.org Thank you for your time Other sources of related information: – TIA HS/CIP Activities: http://www.tiaonline.org/standards/cip/ – TIA Standards: http://www.tiaonline.org/standards/