DOCUMENT #:
GSC13-GTSC6-18
FOR:
Information
SOURCE:
Charles Brookson
AGENDA ITEM:
4.2
CONTACT(S):
charles@zeata.co.uk
Update on
ETSI Cyber Security work
Charles Brookson
OCG Security Chairman
Largely based on presentations given by
Judith E. Y. Rossebø
ETSI TISPAN WG7 Chairman
Telenor R&I
Submission Date:
June 27, 2008
ETSI TISPAN WG7
• NGN concept: fixed-mobile network convergence to packetswitched technology delivering multimedia services
• ETSI TISPAN is extending the 3GPP IMS concepts in
designing NGN
• TISPAN Working Group 7 is the NGN competence centre for
security with a group of security experts standardizing NGN
security
www.tispan.org
2
TISPAN NGN
• ETSI TISPAN proposes an architecture basis consisting of a range
of subsystems:
–
–
–
–
–
Access network attachment subsystem (NASS)
Resource and admission control sub-system (RACS)
PSTN-ISDN emulation subsystem (PES)
IP Multimedia Subsystem (IMS) (3GPP)
IPTV Subsystem
• TISPAN is adopting standards from other bodies where
appropriate
– Aspects relating to common IMS are not standardized by TISPAN,
but if identified shall be transferred to the responsibility of 3GPP
Telecommunication and Internet converged Services and
Protocols for Advanced Networking
3
TISPAN NGN Architecture
4
TISPAN NGN R1 security:
• NGN Security requirements (TS 187 001)
• NGN eTVRA (TR 187 002)
– Threat and risk analyses for specific NGN
use cases
• NGN Security architecture (TS 187 003)
• NGN Lawful Interception functional
entities, information flow and reference
points (TS 187 005)
5
TISPAN NGN R2 security (1/2):
• NGN Security requirements (TS 187 001)
– Builds on the R1 version of the TS
– Defines also security requirements for IPTV, Business
Communication, Media Security, Home Networking, and for
countering UC
• NGN eTVRA (TR 187 002)
– Threat and risk analyses for specific NGN use cases such as NAT
traversal, RACS, Media Security, and Unsolicited Communication;
• NGN Security architecture (TS 187 003)
– Work is ongoing on defining the security architecture for IPTV, Home
Networking, FMC, Media Security, H.248, Corporate Networks
• NGN Lawful Interception functional entities, information flow and
reference points (TS 187 005)
– Builds on the R1 version of the TR
6
TISPAN NGN R2 security (2/2):
• Generalized NAT traversal feasibility study (TR
187 007)
– TB approved December, 2007
• Media security (TR 187 008)
• Impact of unsolicited communication in the NGN
• New work item on data retention and its impact
on the NGN
7
NGN Feasibility Studies Feed into
TISPAN Core Security Documents:
WI 07022
NAT
Traversal
Feasibility
Study Report
WI 07021
Feasibility
Study on
Media
Security
TR 187 001
NGN Security
Requirements
TR 187 002
NGN eTVRA
WI 07025
Feasibility Study
of Prevention of
Unsolicited
Communication
in the NGN
WI 07027
Identity
Management
issues
TS 187 003
NGN Security
Architecture
TS 187 006
NGN Countermeasures
8
Topics for future work
• TISPAN NGN security beyond Release 2
–
–
–
–
IPTV security (enhancement of stage 2, definition of stage 3)
Adding UC prevention as a feature (stage 1, stage 2, stage 3)
Media security provisioning (stage 1, stage2)
Additional work on NAT-T (e.g. interaction with RACS, interaction with IPTV,
security analysis of use of STUN)
– Enhanced security for NASS, RACS
– Security for CNG/CND (stage 1, stage 2, stage 3)
• Implications for AGCF security
–
–
–
–
–
Security for NGCN
FMC (taking into account requirements of the FMCA)
Diameter and Radius AVP profiling
Application layer security on the NGN (e.g. TELCO 2.0)
Analyse the inter-relation between security features and architecture of the
NGN (IPTV, NAT-T, NASS, RACS etc.) in terms of how to employ consistent
security architecture and mechanisms
• Develop general rules, patterns, and templates to ease the employment of the
NGN in practice and to facilitate risk control
9