gisfi_sp_201206241

advertisement
Overview and System Security
to Security Testing
Company:
Author(s):
Contact:
Purpose:
Document#:
GISFI_SP_201206241
NEC Corporation
Anand R. Prasad,
Chairman Security & Privacy Working Group
anand@bq.jp.nec.com
Discussion
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
Purpose
• Start committed relationship between TEC /
DOT and GISFI
• This workshop on network security requirements
is to
– Share initial information and
– Bring common understanding
• Next step:
– Work together on a committed work-plan
– Regularly meet and discuss:
• During GISFI meeting
• Separately just before or after a GISFI meeting
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
GISFI Security & Privacy WG
Tasks
• Work on security, privacy,
legal intercept and
algorithms
• Perform threat analysis
and identify requirements
• Develop
– recommendations
regarding the above
– security and privacy
solutions
– legal intercept solutions
• Bring Indian requirements
to international bodies
GISFI_SP_201206241
Activities
• Network security testing
requirements of India
• Proposed new topics
– Identity management
– Unsolicited communication
– Child security in cyber
space
• Inter-WGs
– Internet-of-things
– Service Oriented Networks
– Future Radio Networks
TEC-GISFI Workshop, 21 June, 2012
Security Testing Requirements
• Companies should fulfill ISO 27k
security guidelines
• Highest level of security from design,
development, deployment, maintenance to running of all
comm. products and networks
• Security testing of all products and network based on
Indian guidelines set as per Common Criteria (ISO 15408)
where testing:
–
–
–
–
performed by Indian labs from 1 April 2013 onwards – yearly
labs will be accredited by Indian government
test result will be certified by Indian government
only “type” testing will be done
• Products/network should fulfill Indian security
requirements, implementation should comply with
common security considerations and implemented as per
standard specification (e.g. 3GPP)
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
Impacts and Gaps
Impact of requirements
• Technical skills growth
• Security awareness
• Vendors will see delay in
sales and increase in
product cost
• Operator cost will increase
impacting rural deployment
• Potential trade impact
GISFI_SP_201206241
Gaps
• Lab: Accreditation and
certification method
• Common criteria
– CC level
– PP & STs – certify? who?
• Specification details
• Relation with CCRA, 3GPP
etc.
• Acceptable level of risk
• Define safe to connect
• How to test existing network
TEC-GISFI Workshop, 21 June, 2012
CC: Common Criteria
PP: Protection Profile
ST: Security Target
Testing Related
• Duration of testing: Longer time to wait will impact business
• Periodicity of testing: Given product can have monthly software or
firmware update
• Timing of testing: Before purchase will mean impact on vendors
while after purchase could mean issues for operators/service
providers
• Volume of testing, number of points: Type approval, extent/depth
of testing to be performed and level of value-chain to be touched
• Human resource: Initially sufficient people will not be available to
perform security tests. Steps to perform test and develop resources
should be a concern
• Cost of testing: Cost of testing will lead to impact on market.
• Responsibility of accidents: Vendors pay for the accidents due to
certified products? Security threats / attacks are maturing with time
thus there should be consideration from long-term perspective
• Confidentiality and intellectual property: How can the testing
“person” be certified? Also issue regarding escrow.
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
S&P Work Item
Following deliverables are expected:
• Requirement analysis and proposals
• (Framework) Complete security together with
terminology definitions and proposals
• Policy study and proposals
• Security architecture in mobile communication
systems: Comparison and proposals for India
• Monitoring
• Proposals for security testing
Planning to liaise with 3GPP and CCRA
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
Market Trend: Over-The-Top Services (OTT)
and Cyber Attacks
1.OTT is the killer app
 Impact:
-Loss of profit source and
no new source of profit
-Increase in CAPEX & OPEX
Advertisement
Over-the-top
services
HSS/
AAA
X-CSCF
2.Cyber attacks is increasing
 Impact:
- Increase in CAPEX & OPEX
- Dissatisfied customers
xGSN
MSC
MME
PDG
S/PGW
H(e)NBGW
RNC
WLAN AP
H(e)NB
NodeB
GISFI_SP_201206241
eNodeB
Market trend: Moving towards services
 Mobile operator becoming part of
“the Internet”
 OTT services is the killer app
 Cyber attack is increasing
TEC-GISFI Workshop, 21 June, 2012
Security Considerations
1.Overloading of network (DoS / DDoS)
2.Finding network topology (privacy)
3.Network element attacks
4.Protocol attack
5.Subscriber privacy issues
6.Fraudulent charging
Over-the-top
services
HSS/
AAA
X-CSCF
xGSN
MSC
MME
S/PGW
PDG
H(e)NBGW
RNC
NodeB
GISFI_SP_201206241
OAM attack, spoofing etc.
used to get subscriber
private data and cause
fraudulent charging
Protocol weaknesses used
to perform attack
Analyzing network to find
network topology
H(e)NB
Attacking specific network
eNodeB
elements
 Several attacks are possible on mobile
network
Overloading network with
 Newer services bring
newmalware,
business
botnets,
home
opportunities andmade
also terminals
threats etc.
 Complete
system security consideration
TEC-GISFI Workshop,
21 June, 2012
from the is necessary
WLAN AP
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
Subscriber Identity
Module (SIM)
Service (or service
provider)
Foreign Network
Radio Access
Network
(RAN)
Core Network (CN)
User Equipment (UE)
Internet
Local break-out
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
Service
Layer
External
Networks like
PSTN, Internet
etc.
Service
Control
e.g. IMS
Enablers
NGMN
PS core
Other Radio
Access
Networks e.g.
WiFi
GISFI_SP_201206241
NGMN
Radio
Access
Network
CS core
UTRAN
TEC-GISFI Workshop, 21 June, 2012
GERAN
Legacy
Mobile Systems Security Comparison
GSM
GPRS
UMTS
SAE/LTE
Security services
Ciphering
User authentication
Equivalent to wired
Ciphering
User authentication
Ciphering & integrity
Mutual auth.
Ciphering & integrity
Mutual auth.
Authentication
Authentication: 3 values
UMTS-AKA: 5 values
EPS-AKA: 5 values
Keys
Derivation of a ciphering key after auth.
Derivation of CK & IK
Separate keys for
each purpose
Key length
Shared key 128 bits
for authentication
Derived 64 bits out
of which 54 used for
ciphering
128 bits
128 bits
Key handling
Changed on authentication
Algorithm
A5/1 / 2 /3;
specification is
confidential. A5/3 is
based on Kasumi
GPRS Encryption
Algorithm (GEA):
GEA0, GEA1, GEA2
and GEA3
Kasumi from Rel. 4
SNOW 3G, AES and
ZUC
Security end-point
BTS
SGSN
RNC / SGSN
eNB for UP & RRC
MME for NAS
GISFI_SP_201206241
Network security
None
Shared key 128 bits
for authentication
Derived 64 bits for
ciphering
Changed on each
handover & more
TEC-GISFI Workshop, 21 June, 2012
None initially
MAPsec and IPsec
IPsec
Designing Security
• Determine the assets
• Determine the threats and risks to each asset  set
security requirements
• Design and implement
countermeasures for
the threats and residual
risks  economical
• Monitor, manage and
update the
implementation
• Deter, detect and react
against any attack
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
Common Criteria Testing
Certification
Product Test
Code Review
Design Review
PP
ST
Documentation
9 ~ 24 months
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
Accreditation & Certification
3.Result: Certified
or not certified
TEC/DOT &
CCRA,3GPP
Security
Security
Test
Lab
Security
Test
Lab
Test Lab
4.Result: Certified
or not certified
GISFI_SP_201206241
Vendors /
Operators
TEC-GISFI Workshop, 21 June, 2012
2.Send security test
results for certification
0.Security test labs
accredited by CCRA
taking care of Indian
needs as per TEC
1.Vendors/operators
request security
testing
CCRA: Common Criteria Recognition Arrangement
DOT: Department of Telecommunications
TEC: Telecommunications Engineering Centres
Finally
• Setting security requirements is important
and has its own benefits
• A balance need to be found between what
is needed and what can be done
• Current national requirements have gaps
• GISFI is working on several topics related
to security testing requirements
• GISFI proposes TEC/DOT to work
together on network security testing
requirements
GISFI_SP_201206241
TEC-GISFI Workshop, 21 June, 2012
Download