Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

NGN Security Martin Dolly Technology Consultant AT&T Labs

advertisement 
International Telecommunication Union
ITU-T
NGN Security
Martin Dolly
Technology Consultant
AT&T Labs
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
Overview
ITU-T
o Why NGN Security?
o Major Issues
o ITU Work on NGN Security
o Question 15 SG13, NGN Security
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
2
Why Security? (Threat examples)
ITU-T
o Subscriber’s
o NGN Provider’s
Perspective:
Perspective:
• Eavesdropping, theft
of PIN codes
• Tele-spam
• Identity theft
• Infection by viruses,
worms, and spyware
• Loss of privacy (call
patterns, location,
etc.)
• Flooding Attacks
• Theft of service
• Denial of service
• Disclosure of network
topology
• Non-audited
configuration changes
• Additional related
risks to the PSTN…
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
3
Major Issues for NGN Security Standardization
ITU-T
o Key distribution (for end-users and network
o
o
o
o
o
o
elements) and Public Key Infrastructure
“Network privacy”—topology hiding and
NAT/Firewall traversal for real-time applications
Convergence with IT security
Management of security functions (e.g., policy)
Guidelines on the implementation of the IETF
protocols (e.g., IPsec options)
Security for supporting access: DSL, WLAN, and
cable access scenarios
Security guidelines for handling multiple access
technologies in NGN
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
4
ITU Work on NGN Security
ITU-T
o SG 13: Lead Study Group on the NGN
o
o
o
o
standardization.
SG 17: Lead Study Group on Telecommunication
Security
SG 4: Lead Study Group on Telecommunication
Management — Management Plane security
SG 11: Lead Study Group on signaling and
protocols—security of the Control and Signalling
planes
SG 16: Lead Study Group on multimedia
terminals, systems and applications—
Multimedia security
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
5
Question 15, SG13, NGN Security
ITU-T
o Question 15 (NGN security) of SG 13 –ITU-T lead Rapporteur
group for NGN Security
o Q.15/13 major tasks are:
• Lead the NGN-specific security project-level issues within SG 13
and with other Study Groups.
• Ensure that:
— the developed NGN architecture is consistent with accepted
security principles
— Ensure that AAA principles are integrated as required throughout
the NGN
• Major Projects:
— Security Requirements and Mechanisms & Procedures
— Certificate Management
— Authentication and Authorization
— IdM (Identity Management
— AAA for specific access technologies
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
6
X.805 Approach to Security
ITU-T
End-user plane
Control plane
THREATS
Privacy
Destruction
Availability
Data integrity
Communication security
Data confidentiality
Infrastructure security
Non-repudiation
VULNERABILITIES
Authentication
Services security
Access control
Security layers
Applications security
Corruption
Removal
Disclosure
Interruption
ATTACKS
8 Security dimensions
Management plane
X.805_F3
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
7
NGN Connectivity
ITU-T
Next Generation
Network
ANI
Other
Service
Providers
Customer
Equipment
Application Servers
Other NGNs
Service
Stratum
Home
networks
Softswitch
Other IPbased
Networks
CSCF
Transport
Enterprise
networks
PSTN
UNI
Connectivity to
un-trusted
customer
equipment
NNI
Connectivity to
trusted and untrusted networks
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
8
Security and Authentication/Authorization Relationships
ITU-T
Other Service
ANI
Provider ANI
Service Provider A
Domain
Residential
CPEs
Application Servers
Service Provider B
Domain
NNI
Service Stratum
Users
Residential
CPEs
Access
Home
Softswitch CSCF
networks (xDSL, Cable,
FTTP, WiFi,
WiMAX)
Enterprise
CPEs
Transport
Enterprise
Transit
Enterprise
Networks
NNI
Application Servers
Service Stratum
Softswitch CSCF
Transport
Home
networks
Users
Access
(xDSL, Cable,
FTTP, WiFi,
Enterprise
WiMAX)
CPEs
NNI
Enterprise
Networks
Users
Users
Network Provided Security on Hop by Hop Basis
for End-to-End Communications
UNI
UNI
Signalling
Media/bearer
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
9
3rd Party
Provider
ITU-T
Service Provider A
(7)
Application Servers
(3)
Service Provider B
Application Servers
Service Stratum
Service Stratum
(8)
Softswitch
CSCF
Softswitch
CSCF
Access
Access
Transport
User
Device
Transit
Transport
Device User
(1)
(2)
(4)
(5)
(6)
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
10
NGN Security Trust Model
ITU-T
NGN
Elements
Network Elements
owned by the NGN
provider
Trusted
Zone
Trusted but
Vulnerable
Zone
Border Elements
Network Elements not
necessarily owned by the
NGN
provider
Provider-operated
equipment (e.g.,
outside plant
equipment)
CPE-BE
CPE
Untrusted
Zone
CPE-BE
CPE
CPE
CPE
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
11
NGN Peering Trust Model
ITU-T
Provider B from
Provider A’s point of view
Provider A
NGN
Network
Elements
Trusted
zone
NGN
Network
Elements
Border
Element
Trusted but
Vulnerable
zone
Border
Element
Untrusted
zone
Untrusted
zone
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
12
“Trusted but Vulnerable” Border Elements
ITU-T
NGN
Provider’s
Network
NBE
CPE/CPE BE
Service
Stratum
FE
NBE
Other NGN
Provider
Service
Stratum
FE
Transport
Stratum
FE
Transport
Stratum
FE
AS/WS-BE
AS/WS
DCB-BE
DCB Systems
OAMP-BE
OAMP Systems
Other IP
Network
Provider
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
13
ITU-T
Thank You
ITU-T/OGF Workshop on Next Generation Networks and Grids
Geneva, 23-24 October 2006
14
Related documents
Chae Sub LEE
Chae Sub LEE
Download
advertisement