Overview and System Security to Security Testing Company: Author(s): Contact: Purpose: Document#: GISFI_SP_201206241 NEC Corporation Anand R. Prasad, Chairman Security & Privacy Working Group anand@bq.jp.nec.com Discussion GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012 Purpose • Start committed relationship between TEC / DOT and GISFI • This workshop on network security requirements is to – Share initial information and – Bring common understanding • Next step: – Work together on a committed work-plan – Regularly meet and discuss: • During GISFI meeting • Separately just before or after a GISFI meeting GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012 GISFI Security & Privacy WG Tasks • Work on security, privacy, legal intercept and algorithms • Perform threat analysis and identify requirements • Develop – recommendations regarding the above – security and privacy solutions – legal intercept solutions • Bring Indian requirements to international bodies GISFI_SP_201206241 Activities • Network security testing requirements of India • Proposed new topics – Identity management – Unsolicited communication – Child security in cyber space • Inter-WGs – Internet-of-things – Service Oriented Networks – Future Radio Networks TEC-GISFI Workshop, 21 June, 2012 Security Testing Requirements • Companies should fulfill ISO 27k security guidelines • Highest level of security from design, development, deployment, maintenance to running of all comm. products and networks • Security testing of all products and network based on Indian guidelines set as per Common Criteria (ISO 15408) where testing: – – – – performed by Indian labs from 1 April 2013 onwards – yearly labs will be accredited by Indian government test result will be certified by Indian government only “type” testing will be done • Products/network should fulfill Indian security requirements, implementation should comply with common security considerations and implemented as per standard specification (e.g. 3GPP) GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012 Impacts and Gaps Impact of requirements • Technical skills growth • Security awareness • Vendors will see delay in sales and increase in product cost • Operator cost will increase impacting rural deployment • Potential trade impact GISFI_SP_201206241 Gaps • Lab: Accreditation and certification method • Common criteria – CC level – PP & STs – certify? who? • Specification details • Relation with CCRA, 3GPP etc. • Acceptable level of risk • Define safe to connect • How to test existing network TEC-GISFI Workshop, 21 June, 2012 CC: Common Criteria PP: Protection Profile ST: Security Target Testing Related • Duration of testing: Longer time to wait will impact business • Periodicity of testing: Given product can have monthly software or firmware update • Timing of testing: Before purchase will mean impact on vendors while after purchase could mean issues for operators/service providers • Volume of testing, number of points: Type approval, extent/depth of testing to be performed and level of value-chain to be touched • Human resource: Initially sufficient people will not be available to perform security tests. Steps to perform test and develop resources should be a concern • Cost of testing: Cost of testing will lead to impact on market. • Responsibility of accidents: Vendors pay for the accidents due to certified products? Security threats / attacks are maturing with time thus there should be consideration from long-term perspective • Confidentiality and intellectual property: How can the testing “person” be certified? Also issue regarding escrow. GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012 S&P Work Item Following deliverables are expected: • Requirement analysis and proposals • (Framework) Complete security together with terminology definitions and proposals • Policy study and proposals • Security architecture in mobile communication systems: Comparison and proposals for India • Monitoring • Proposals for security testing Planning to liaise with 3GPP and CCRA GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012 Market Trend: Over-The-Top Services (OTT) and Cyber Attacks 1.OTT is the killer app Impact: -Loss of profit source and no new source of profit -Increase in CAPEX & OPEX Advertisement Over-the-top services HSS/ AAA X-CSCF 2.Cyber attacks is increasing Impact: - Increase in CAPEX & OPEX - Dissatisfied customers xGSN MSC MME PDG S/PGW H(e)NBGW RNC WLAN AP H(e)NB NodeB GISFI_SP_201206241 eNodeB Market trend: Moving towards services Mobile operator becoming part of “the Internet” OTT services is the killer app Cyber attack is increasing TEC-GISFI Workshop, 21 June, 2012 Security Considerations 1.Overloading of network (DoS / DDoS) 2.Finding network topology (privacy) 3.Network element attacks 4.Protocol attack 5.Subscriber privacy issues 6.Fraudulent charging Over-the-top services HSS/ AAA X-CSCF xGSN MSC MME S/PGW PDG H(e)NBGW RNC NodeB GISFI_SP_201206241 OAM attack, spoofing etc. used to get subscriber private data and cause fraudulent charging Protocol weaknesses used to perform attack Analyzing network to find network topology H(e)NB Attacking specific network eNodeB elements Several attacks are possible on mobile network Overloading network with Newer services bring newmalware, business botnets, home opportunities andmade also terminals threats etc. Complete system security consideration TEC-GISFI Workshop, 21 June, 2012 from the is necessary WLAN AP GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012 Subscriber Identity Module (SIM) Service (or service provider) Foreign Network Radio Access Network (RAN) Core Network (CN) User Equipment (UE) Internet Local break-out GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012 Service Layer External Networks like PSTN, Internet etc. Service Control e.g. IMS Enablers NGMN PS core Other Radio Access Networks e.g. WiFi GISFI_SP_201206241 NGMN Radio Access Network CS core UTRAN TEC-GISFI Workshop, 21 June, 2012 GERAN Legacy Mobile Systems Security Comparison GSM GPRS UMTS SAE/LTE Security services Ciphering User authentication Equivalent to wired Ciphering User authentication Ciphering & integrity Mutual auth. Ciphering & integrity Mutual auth. Authentication Authentication: 3 values UMTS-AKA: 5 values EPS-AKA: 5 values Keys Derivation of a ciphering key after auth. Derivation of CK & IK Separate keys for each purpose Key length Shared key 128 bits for authentication Derived 64 bits out of which 54 used for ciphering 128 bits 128 bits Key handling Changed on authentication Algorithm A5/1 / 2 /3; specification is confidential. A5/3 is based on Kasumi GPRS Encryption Algorithm (GEA): GEA0, GEA1, GEA2 and GEA3 Kasumi from Rel. 4 SNOW 3G, AES and ZUC Security end-point BTS SGSN RNC / SGSN eNB for UP & RRC MME for NAS GISFI_SP_201206241 Network security None Shared key 128 bits for authentication Derived 64 bits for ciphering Changed on each handover & more TEC-GISFI Workshop, 21 June, 2012 None initially MAPsec and IPsec IPsec Designing Security • Determine the assets • Determine the threats and risks to each asset set security requirements • Design and implement countermeasures for the threats and residual risks economical • Monitor, manage and update the implementation • Deter, detect and react against any attack GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012 Common Criteria Testing Certification Product Test Code Review Design Review PP ST Documentation 9 ~ 24 months GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012 Accreditation & Certification 3.Result: Certified or not certified TEC/DOT & CCRA,3GPP Security Security Test Lab Security Test Lab Test Lab 4.Result: Certified or not certified GISFI_SP_201206241 Vendors / Operators TEC-GISFI Workshop, 21 June, 2012 2.Send security test results for certification 0.Security test labs accredited by CCRA taking care of Indian needs as per TEC 1.Vendors/operators request security testing CCRA: Common Criteria Recognition Arrangement DOT: Department of Telecommunications TEC: Telecommunications Engineering Centres Finally • Setting security requirements is important and has its own benefits • A balance need to be found between what is needed and what can be done • Current national requirements have gaps • GISFI is working on several topics related to security testing requirements • GISFI proposes TEC/DOT to work together on network security testing requirements GISFI_SP_201206241 TEC-GISFI Workshop, 21 June, 2012