Global Standards Collaboration (GSC) 14 DOCUMENT #: GSC14-GTSC7-012 FOR: Presentation SOURCE: ATIS AGENDA ITEM: GTSC7; 4.2 CONTACT(S): Art Reilly (arreilly@cisco.com) ATIS Cybersecurity Art Reilly, Cisco Geneva, 13-16 July 2009 Fostering worldwide interoperability Highlight of Current Activities (1) ATIS’ Packet Technologies and Systems Committee (PTSC) Completed: UNI and NNI signalling security standards UNI and NNI testing standards Encourages interfaces to support logging, thereby facilitating the creation of incident reports Geneva, 13-16 July 2009 Fostering worldwide interoperability 2 Highlight of Current Activities (2) PTSC continues to focus on securityrelated topics that will ensure robust signalling and communications standards and network implementations that will provide adequate protection and support for multimedia and emergency services in the current cybersecurity environment: Authentication Security Mechanisms Location Identity Management Certificate Management PTSC has also initiated an activity which will define interconnection test suites Geneva, 13-16 July 2009 Fostering worldwide interoperability 3 Highlight of Current Activities (3) PTSC’s focus is on specifying security considerations for Layers 1 through 5 for UNIs, NNIs and SNIs Generation of templates will: Attempt to limit number of available interconnection options, without compromising the desired flexibility in implementing the services, thereby facilitating interoperability Facilitate interconnection negotiations Ensure adequate security will be provided Geneva, 13-16 July 2009 Fostering worldwide interoperability 4 Highlight of Current Activities (4) ATIS’ Network Performance, Reliability, and QoS Committee (PRQC) Approved User-Network Interface (UNI) Media Plane Security Standard for Evolving VoIP/Multimedia Networks (ATIS-0100024.2009) Currently working on Standard for Media Plane Performance Security Impairments Standard for Evolving VoIP/Multimedia Networks (Issue A035) Document potential QoS degradations associated with security mechanisms Identify potential security problems associated with QoS mechanisms Current/Future work: Development of Standards extending from the work outlined in ATIS-0100014, Information & Communications Security for NGN Converged Services IP Networks and Infrastructure Geneva, 13-16 July 2009 Fostering worldwide interoperability 5 Highlight of Current Activities (5) ATIS’ Telecom Management and Operations Committee (TMOC) Recently completed work: ATIS-0300074.2009, Guidelines and Requirements for Security Management Systems Includes an ATIS TMOC proforma requirements statement for security aligning with ITU-T M.3410 TMOC will continue to address: Management aspects of security, especially concerning NGN Carrier Interconnection arrangements and VoIP Registry Database Provisioning Geneva, 13-16 July 2009 Fostering worldwide interoperability 6 Strategic Direction ATIS continues to develop a suite of security standards that well facilitate secure interconnection of: transport facilities signalling facilities services ATIS is not focusing on: Security Mechanisms for Messaging Applications Tracking ATIS is looking to ITU-T to address the messaging and tracking areas in the short term. If ITU-T does not address this subject, ATIS may reconsider work in this area. Geneva, 13-16 July 2009 Fostering worldwide interoperability 7 Challenges SIP security solutions are tailored to be end to end. SIP/SIPPING/SIMPLE/etc. RFCs have well written security sections that are not fully implemented in vendor products. Security solutions have an impact on delay and performance. Availability of ITU-T Recommendations which can be used to facilitate secure transport and service interconnection. Geneva, 13-16 July 2009 Fostering worldwide interoperability 8 Next Steps/Actions ATIS will continue on its current path of generating a complete suite of standards that can be used to facilitate interconnection negotiations and result in interconnection scenarios that are secure. Geneva, 13-16 July 2009 Fostering worldwide interoperability 9 Proposed Resolution Continued support for GSC-13 Security Related Resolutions: Resolution GSC-13/4 - Identity Management Resolution GSC-13/11 - Cybersecurity Resolution GSC-13/25 - Personally Identifiable Information Protection Geneva, 13-16 July 2009 Fostering worldwide interoperability 10 Supplemental Slides Geneva, 13-16 July 2009 Fostering worldwide interoperability 11 Supplemental Slides PTSC Issues may be found at: http://www.atis.org/0191/issues.asp PTSC Active Issues which have a security component are: Issue # Title S0033 End to End User Authentication and Signaling Security S0051 ATIS NGN Identity Management Requirements S0052 UNI Terminal Adapter Requirements S0053 UNI Configuration S0055 Security Mechanisms S0058 ATIS NGN Identity Management Framework S0059 ATIS NGN Identity Management Use Cases S0060 ATIS NGN Identity Management Mechanisms S0061 Certificate Management S0063 ATIS ETS Authentication S0065 Enterprise Network Support in NGN S0073 Security Guidelines for DBF Interface S0074 Security Guidelines for Carrier Interconnection (NNI) Geneva, 13-16 July 2009 Fostering worldwide interoperability 12 Supplemental Slides PRQC Issues may be found at: http://www.atis.org/0010/issues.asp PRQC Active Issues which have a security component are: Issue # Title A0010 User Plane Security Requirements in NGNs A0014 Network-Network Interface (NNI) User Plane Security A0019 ETS Authentication in Multiple IP-based Service Domains A0029 Establishment of an ATIS Security Baseline A0035 Impact of Security on QOS Performance in NGNs A0045 Service-specific Security Mechanism Implementation Options Geneva, 13-16 July 2009 Fostering worldwide interoperability 13