Prime PSO: ATIS Presenter: Art Reilly SOURCE: ATIS TITLE: NGN – Cyber Security (PPSO) AGENDA ITEM: GTSC4; 5.5 CONTACT: Art Reilly (arreilly@cisco.com) GSC11_GTSC4_27 High Interest Subject: NGN – Cyber Security ATIS, ETSI and ITU (T and D) Prime PSO: ATIS Presenter: Art Reilly GSC: Standardization Advancing Global Communications

Security TOPS* Focus Group Key Findings 14 key topics in 3 categories with 3 priority levels: Transport Packet filtering, SS7 firewall & interface, Wireless security, Secure transport control & signaling … Management EMS interface, configuration management, security event management and attack determination and mitigation, security management system framework … Application Audio, video, messaging, firewall/NAT transparency * TOPS – ATIS Technology and OPerationS Council GSC: Standardization Advancing Global Communications

Inter-Committee Security Review Group (ISRG) Purpose Serve as a venue where all security work conducted by ATIS committees is discussed to: Identify possible synergies, Identify & discuss potential new issues, Dependencies, and Timelines for completing existing and potential new network security issues. GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications PTSC’s suite of security documents In Letter Ballot Completed GSC: Standardization Advancing Global Communications

IP to IP Interconnection Documents with security components Completed Completed GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications WG7 security: TISPAN Working Group (WG) 7 is responsible for the management and co-ordination of the development of security specifications for TC TISPAN. For TISPAN NGN Release 1, TISPAN WG7, assisted by the specialist task force STF292, has: Defined security requirements; Defined a security architecture for NGN R1; Conducted threat and risk analyses for specific NGN use cases; Proposed countermeasures. WG7 security standardisation is risk-based: Using the STF292 methodology for Systematic threat, vulnerability and risk analysis (TVRA) GSC: Standardization Advancing Global Communications

ETSI TISPAN WG7 - Challenges New threats and risks landscape Authentication issues and identity management Continued work on authentication to NASS and to IMS services: HW-based ISIM (UICC/USIM) and/or Equivalent and/or SW-based ISIM authentication, Single-sign on/ID Management Various, unique identities in the NGN environment Emergency services issues (authentication, authorisation, location ID) Interworking of various security mechanisms Challenges addressed in Cooperation with other bodies: 3GPP SA3 Harmonization of access security solutions Media security and SSO AT NGN@Home Residential gateways Home networking security NGN Terminal security ECMA Corporate network NGCN security interactions with NGN ·NOTE: conditional access technology relies today primarily on proprietary solutions, using smartcards for authenticated access to digital TV, games etc. this also needs to be taken into account when fixed and mobile and digital TV are all IP…. GSC: Standardization Advancing Global Communications

Status of WG7 Security Work Release 1: NGN Lawful Intercept (LI), WI 07013 Ongoing cooperation with TC LI and liaison with 3GPP SA3 LI WG7 approval expected in June, 2006 Release 2 : Continued focus on threat, vulnerability and risk analysis, requirements, and architecture NGN security countermeasures New work planned: SSO, media security Security standardisation methods Threat, vulnerability, and risk analysis (STF292) Assurance techniques (STF292) Security guidelines Deployment (STF292) IPsec (STF292) Keying (STF292) GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications For more information ATIS www.atis.org ATIS - PTSC PTSC work program may be extended to accept tasking from the ATIS NGN Focus Group Results ATIS PTSC current work program can be found at: http://www.atis.org/0191/issues.asp GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications For more information ATIS – Performance, Reliability, Quality of Service Committee (PRQC) Technical Report on Security For Next Generation Networks -- An End User Perspective http://contributions.atis.org/upload/PRQC/PRQC/PRQC-2005-127.doc Update Security Terms within T1.523-2001, TELECOM GLOSSARY http://contributions.atis.org/upload/PRQC/PRQC/PRQC-2006-029R1.doc GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications For more information ETSI European Telecommunication Standardisation Institute www.etsi.org TISPAN security specialist task force leader scott.cadzow@etsi.org TISPAN security working group chair judith.rossebo@telenor.com GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications For more information ITU ITU-T SG 17 www.itu.int/ITU-T/studygroups/com17/index.asp ITU-D Question 11/1 on Creating a Culture of Cybersecurity www.itu.int/md/Do6-DAP.1.1.1-060307-TD-0030/en Meeting on WSIS Plan of Action Line C5 ; Building Confidence and Security in the use of ICTs www.itu.int/osg/spu/cybersecurity Global Cybersecurity Gateway www.itu.int/cybersecurity/index.html GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications BACKUPS GSC: Standardization Advancing Global Communications

Background – ATIS Security ATIS Technical OPerationS (TOPS) Council Security Focus Group established in 2003 Security Focus Group (FG) has provided outstanding work with the completion of Work Plan Addendums I & II Security remains “high-priority” within the industry Essential to continue to fulfill objectives in Addendums and identify new security concerns for the industry Inter-Committee Security Review Group (ISRG) established in 2006 GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications ATIS Packet Technologies and Systems Committee (PTSC) Security treated with a multi-pronged approach: A suite of U.S. security standards will be developed; and Every standard produced will have a security section The PTSC will channel its applied security work into the ITU-T, particularly SG 11 & 13 GSC: Standardization Advancing Global Communications

GSC: Standardization Advancing Global Communications ATIS Packet Technologies and Systems Committee (PTSC) PTSC Active Issues with a major security component: S0003 Create a Security Roadmap Standard   S0005 Create an SS7/BICC Network NNI Interconnection Security Standard   S0006 Create a VoP/Multimedia Control and Signaling Standard   S0007 Create a UNI Access and Signaling Security Standard   S0009 Create a standard defining the NNI for IP-IP Network Interconnection Supporting Multimedia Services S0023 Vertical Signaling Interface to Communicate QoS and Reliability/Priority Parameters Between the Application Layer and the User Plane in IP Networks S0024 Session/Border Control Function Definition and Requirements S0025 NNI Numbering and Routing Capabilities and Procedures S0026 SIP History-Info S0027 IP Device (SIP UA) to Network Interface Standard S0030 Signaling to Support Call Admission Control and Traffic Management PTSC SAC   S0031 Packet Priority and Priority Call Processing S0032 Minimum Security Mechanisms for Messaging Applications S0033 End to End User Authentication and Signaling Security S0039 Packet Priority and Priority Call Processing - Phase 2 S0040 IP-NNI for VoIP and Multimedia Services in NGN GSC: Standardization Advancing Global Communications