Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Next Generation Network Security ( Direction and Status of FG NGN Work)

advertisement 
International Telecommunication Union
Next Generation Network
Security
(Direction and Status of FG NGN Work)
Igor Faynberg, Bell Labs/Lucent
Technologies,
Leader of FGNGN Security Capability (WG 5)
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
Outline
ITU-T
o
o
o
o
The ITU-T Focus Group on Next Generation
Networks (FGNGN): Reason for existence,
goals, deliverables, structure
Relation to work of other SDOs
Immediate needs
Back-up materials
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
2
ITU-T NGN Focus Group
ITU-T
o ITU-T created NGN Focus Group to address Telecommunication
industry’s urgent need for specifications for NGN in May, 2004.
First results of NGN FG (NGN Release 1) are expected in May,
2005
o "Through this initiative ITU-T is bringing all players together in
an environment where they can create truly global
specifications for the service-aware network of the future, to
deliver dynamic, customized services on a massive scale."
Herb Bertine, ITU-T SG 17 Chairman
o ITU-T recognizes that the need for global standards is critical as
most operators expect to move to an IP infrastructure
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
3
Major Goals
ITU-T
o Nomadicity—seamless communications in a multi-
service, multi-protocol, and multi-vendor environment
o Rich set of applications (unified messaging, home
networking, etc.)
o International Standards that unify the regional and
topical work on services, network and systems
architectures for the next generation of IP-enabled
communication systems
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
4
Structure of the NGN FG
ITU-T
Chairman: Chae-sub Lee, KT, Korea
Vice-Chairmen: Dick Knight, BT, UK and Ronald Ryan, Nortel Networks, USA
WG
WG 1
WG 2
WG 3
Area
Leaders
Affiliation
SR (Service
Requirements)
Group
M. Carugi
Nortel Networks S.A., France
B.Hirshman
Sprint Corporation, USA
FAM (Functional
Architecture and
Mobility) Group
K. Knightson
Industry Canada
T. Towle
Lucent Technologies, USA
N. Morita
NTT Corporation, Japan
H. Lu
Lucent Technologies, USA
K. Mainwaring
Cisco Systems, Sweden
H. Kim
KT, Korea
QoS (Quality of
Service) Group
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
5
Structure of the NGN FG (cont.)
ITU-T
WG
WG 4
Area
CSC (Control and
Signalling Capability)
Group
Leaders
Affiliation
R. Muench
Alcatel SEL AG,
Germany
C. Buyukkoc
ZTE Corporation, USA
W. Feng
Huawei Technologies, China
WG 5
SeC (Security
Capability) Group
I. Faynberg
Lucent Technologies, USA
WG 6
Evo (Evolution) Group
G. Koleyni
Nortel Networks, Canada
D. Fan
SCNB Telecom.
Standards, China
J. Lintao
MII of China
D. Meyer
Cisco Systems, USA
K. Dickerson
BT, UK
WG 7
FPBN (Future Packetbased Bearer
Networks) Group
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
6
NGN Subsystem Architecture
Overview
ITU-T
Applications
Based on
3GPP IMS R6
Other Multimedia
Subsystems …
IP Connectivity
Access Network
And related subsystems
( R T S P-b a s e d )
Streaming services
Network
Attachment
Subsystem
(SIP -b a s e d )
IP Multimedia Subsystem
(Core IMS)
PSTN
(SIP -I b a s e d )
PSTN/ISDN Emulation
Subsystem
Resource and
Admission Control
Subsystem
GW
GW
GW
GW
Access Transport
Network
IP
Core Transport Network
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
7
Highlights of the working document
Guidelines for NGN security
ITU-T
o Overview of relevant global
security standards
o Security in NGN
• NGN threat model (based on
ITU-T X.800 and X.805
Recommendations)
• Security risks in NGN
• Selection of OSI layers for
security provisions
• Granularity of protection
o Security Dimensions and
Mechanisms (based on ITUT X.805)
• Access control
• Authentication
•
•
•
•
•
•
Non-repudiation
Data confidentiality
Communication security
Data integrity
Availability
Privacy
o Elements of security
framework for NGN
• Access security:
Authentication,
Authorization, and
Accounting framework for
NGN
• Security framework for
Mobility in NGN
• Link-layer security for NGN
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
8
Highlights of the working document
Guidelines for NGN security (cont.)
ITU-T
• Security framework for
home networks
• Security framework for
end-to-end data
communication
• Security framework for
intrusion-tolerant NGN
• Reference Security
Model for NGN
o Components of the NGN
security
•
•
•
•
•
IP-CAN security
Network domain security
IMS access security
Application security
Security of Open
Service/application
Framework in NGN
o IMS security mechanisms
based on the use of
Universal Integrated Circuit
Card (UICC)
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
9
Highlights of the working document NGN
security requirements for Release 1
ITU-T
o Security requirements
(general considerations
based on the concepts of
X.805)
o Security requirements for
Transport Stratum
• Home Network domain
• Home Network to IP-CAN
domain interface
• The IP-CAN
• IP-CAN to Core Network
interface
• Core Network
o Security requirements for
Service Stratum
• IMS domain
• Transport stratum to IMS
domain
• IMS to Application domain
security
• Application domain security
• Home Network to Application
domain security
• Home Network-to-IMS domain
security
• Open service platform to
valued-added service provider
security
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
10
ITU-T Recommendation X.805
Security Architecture—the foundation of NGN
Security studies
ITU-T
End-user plane
Control plane
Privacy
Destruction
Availability
Data integrity
THREATS
Corruption
Removal
Disclosure
Interruption
ATTACKS
8 Security dimensions
Management plane
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
Communication security
Data confidentiality
Infrastructure security
Non-repudiation
VULNERABILITIES
Authentication
Services security
Access control
Security layers
Applications security
X.805_F3
11
Key Tasks
ITU-T
Key Work Items:
• Resolve how IMS is to handle 3GPP vs. 3GPP2
Differences
• Key distribution (for end-users and network
elements)
• AAA for DSL access and QoS authorization
• Hop-by-hop SIP security vs. end-to-end
• Establish standard for VoIP Firewall traversal
• Identity management
• SPAM control (voice messaging)
•Convergence with IT security (firewall traversal for
VoIP)
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
12
Relation to work of other SDOs
ITU-T
ITU-T
SG 13
ITU-T
SG 17
ISO/JTC
SC 27
IETF
ITU-T
FGNGN
ETSI
TISPAN
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
ATIS
13
Immediate Needs
ITU-T
CONTRIBUTIONS!
ITU- T Cybersecurity II Symposium
29 March 2005, Moscow, Russian Federation
29 March 2005
14
Related documents
Chae Sub LEE
Chae Sub LEE
IETF Security Work Magnus Nyström Technical Director, RSA Security
IETF Security Work Magnus Nyström Technical Director, RSA Security
Download
advertisement