Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

DOCUMENT #: GSC13-PLEN-57 FOR: Information

advertisement 
DOCUMENT #:
GSC13-PLEN-57
FOR:
Information
SOURCE:
Charles Brookson
AGENDA ITEM:
6.3
CONTACT(S):
charles@zeata.co.uk
Update on ETSI Security work
Charles Brookson
OCG Security Chairman
Submission Date:
June 27, 2008
OCG Security (1)
• Operational Co-ordination Sub-Group on Security
• Horizontal co-ordination structure for security issues
– Ensuring security is properly considered in each ETSI Technical
Body (TB)
– Detecting any conflicting or duplicate work
• Participation:
– TBs are free to nominate Members to participate in the work of the
group
• Working methods:
– Via email
– When necessary co-sited “joint security” technical working
meetings
– Issues sent to SECsupport@etsi.org
– Mailing list: OCG_SECURITY@LIST.ETSI.ORG
2
OCG Security (2)
Security Workshop
• ETSI holds an annual security workshop. The 3rd Workshop
held in January this year was well attended, and details can be
found on many security issues at
http://portal.etsi.org/securityworkshop/
• The next workshop is scheduled for 13th and 14th January
2009 in Sophia Antipolis, and contributions are welcome.
White Papers
• The latest edition of our Security White and Product Proofing
papers giving information and all security activities can be found
at: http://www.etsi.org/WebSite/technologies/WhitePapers.aspx
• The Security White paper is in the process of being updated
and a new edition will be published later this year.
3
ETSI Committees per Security Areas
Emergency
Telecommunications
Mobile/Wireless
Algorithms
SES
Security
Algorithms Group
of Experts
(SAGE)
MESA*
2G/3G Mobile
3GPP*
EMTEL
DECT
TETRA
AT
Electronic
Signatures
(ESI)
SmartCard
Platform
(SCP)
Smart Cards
Information Technology
Infrastructure
Next Generation
Networks
(TISPAN)
Fixed and
Convergent Networks
* ETSI is a founding partner for this partnership project
** Closed Committee
4
TETRA
• TErrestrial Trunked Radio
• Mobile radio communications
– Used for public safety services
• Security features include:
– Mutual Authentication
– Encryption
– Anonymity
5
Mobile Security
• IMEI (International Mobile Equipment Identity)
– Protection against theft
– Physical marking of the terminal
– Blacklisted by operator if stolen
• FIGS (Fraud Information Gathering System)
– Monitors activities of roaming subscribers
– Home network informed
– Fraudulent calls identified terminated
• Priority
– Public safety service
– Allows for high priority access
• Location
6
Algorithms
• ETSI is a world leader in creating cryptographic algorithms
and protocols to prevent fraud and unauthorised access to
ICT and broadcast networks, and to protect customers’
privacy
• ETSI SAGE (Security Algorithm Group of Experts)
– Centre of competence for algorithms in ETSI
• Algorithms for:
–
–
–
–
–
DECT
GSM, GPRS, EDGE
TETRA
UMTS
…
7
Smart Card Standardization
• ETSI Smart Card Standardization
– ETSI Technical Committee Smart Card Platform
(TC SCP)
– GSM SIM Cards: among most widely deployed smart cards ever
– Work extended with UMTS USIM Card and UICC Platform
• Current challenges
–
–
–
–
Expand the smart card platform
Implement Extensible Authentication Protocol (EAP) in Smart Cards
Allow users access to global roaming
UICC platform in secure financial transactions over mobile
communications systems
8
Lawful Interception
• Delivery of intercepted communications to Law Enforcement
Authorities
– To support criminal investigation
– To counter terrorism
• Applies to any data in transit
• ETSI Technical Committee LI
– defines the Handover interface
– from the Operator to
the Law Enforcement Authorities
9
Data Retention
• Data generated/processed in electronic communications services
need to be retained
– Required by EC since 2006 (Directive 2006/24/EC)
• Retention of Data is similar to LI
– Concerns stored traffic, rather than traffic in transit (LI)
• ETSI TC LI currently working on three deliverables
– Requirements
– Specification for Handover interface
– Security framework in Lawful Interception and Retained Data
environment
10
Electronic Signatures
• ETSI and CEN co-operation on the European Electronic Signature
• Goal: provide Europe with a
reliable electronic signatures framework
– Enabling electronic commerce
– Supporting eSignature EC Directive
• Current challenges
– eInvoicing
– Registered EMail (REM)
• International collaboration
– Certificate Policy mapped and aligned with US policy
– XML Signature Standard adopted in Japan
11
Future Challenges
• ETSI addressing a number of areas
• Issues on security are still open
– Security Metrics
– RFID Security and Privacy
– …
• ETSI is ready to address these challenges
– Supporting its Members
– Following its Members’ requirements
– Collaborating with other SDO’s
12
Related documents
ITU-T Workshop “New Horizons for Security Standardization” CV
ITU-T Workshop “New Horizons for Security Standardization” CV
ITU-T Workshop “Mobile Telecommunications and Fixed/Mobile Convergence – the realities going forward” CV
ITU-T Workshop “Mobile Telecommunications and Fixed/Mobile Convergence – the realities going forward” CV
Biography of Mr Joachim Pomy
Biography of Mr Joachim Pomy
R5-14xxxx_RAN5#65_TF160_SS_Vendors_Session-v2
R5-14xxxx_RAN5#65_TF160_SS_Vendors_Session-v2
Dr. Michael Fröhlich, is Senior Director of
Dr. Michael Fröhlich, is Senior Director of
The European perspective ETSI & Cenelec
The European perspective ETSI & Cenelec
Download
advertisement