Security Activities in ETSI Document No: GSC17-PLEN-08 Source: ETSI Contact: Adrian Scrase Source: Gerald McQuaid Chairman TC LI, Charles Brookson Chairman OCG Security, Gabrielle Owen Chairman ERM GSC Session: PLEN, Agenda Item: 6.3 Security Activities in ETSI Presenter: Adrian Scrase ETSI Chief Technical Officer (CTO)
ETSI Security Activities RFID and NFC Intelligent Transport Systems Quantum Key Distribution (QKD) Identity and access management for Networks and Services (INS) Information Security Indicators (ISI) Algorithms In 3GPP – wireless security
Improving security of RFID ETSI has been a leading contributor in response to the EC Mandate on Privacy and Security of RFID. ETSI has undertaken two detailed practical tests to determine the risk of illicit reading and writing to the data content of RFID tags. ETSI is participating in the generation of reports and standards to improve the level of privacy and security for users of RFID. RFID chip manufacturers have responded to public concerns by improving the integrity of their designs.
Progress 1/4 3GPP: progress on LTE and IMS Various LTE security aspects IMS media plane security Intelligent Transport Systems, new specs on: Security Architecture and Security Management, Trust and Privacy Management, Access Control and Confidentiality Machine-to-Machine Release 2 to enhance the protection of security information Security aspects of EC mandates related to Smart Energy Activities expected to merge the oneM2M SDOs partnership
Progress 2/4 Lawful Interception / Data Retention Report on generic request/delivery interface (eWarrant) Progress on Dynamic Triggering and Cloud for LI/DR Electronic Signatures ETSI and CEN prepared rationalized framework, covering all types of AdES – new numbering for revised docs Smart Cards Specification for UICC fourth form factor Specs for Secure Channel between UICC and Terminal endpoint Future Networks New specs on LI and Operational Security Assurance Profile Future work from TC TISPAN to TC NTECH
Progress 3/4 Broadcast Two specs on Second Generation DVB Interactive Satellite System Identity and Access Management for Networks and Services (INS) Specs on architecture and on security and privacy requirements Information Security Indicators (ISI) Progress on first set of five specs: ISI indicators, event classification, maturity levels, how to produce security indicators and events
Progress 4/4 NFC and RFID security standards work ‘Privacy by Design’ initiative Cybersecurity work with other ESOs Cloud including security Security algorithms including new 3GPP and LTE authentication and privacy Information on these and other areas: Throughout the Annual 8th ETSI Security Workshop http://www.etsi.org/securityworkshop ETSI Security White Paper January 2013 with links to Standards (with 3GPP) www.etsi.org/securitywhitepaper
TC LI – Main items TC LI is the prime leader in maintaining LI and DR standards within the Global Standards Groups. Maintenance of LI and DR deliverables Preparation and publication of revised deliverables as agreed by TC LI#31 in Split (inclusion of new features/services, corrections, improvements) Progress on new deliverables TS on the Dynamic Triggering of Interception Two TRs on Lawful Interception and Data Retention in Cloud and virtual services
TC LI – Main items Started new specification to define a specific Warrantry electronic interface between two systems Under discussion Investigation into standardising the X1 provisioning interface underway.
Detailed work in progress TC LI continues to maintain the suite of Lawful Interception and Data Retention publications by updating them regularly. Work is on-going on a TS, expected to be published in 2013, providing a standardised mechanism for the dynamic triggering and revocation of the interception of communications content to take account of the increasingly dynamic configuration of CSPs and networks. This involves important security aspects, as the dynamic triggering functions need to be carried out with adequate levels of security to protect them from misuse or eavesdropping of the related commands. It is also essential that the triggering interface does not impact the underlying security of the network or services being intercepted.
Detailed work in progress TC LI continues its work on DR/LI for Cloud Computing with two TRs to provide recommendations on requests for handover and delivery of stored information associated with cloud/virtual services. The reports, expected to be published in 2013, are intended to identify any DR/LI work necessary to ensure that there are no technical obstacles in the converged cloud/virtual service environment to this aspect of regulation, thus ensuring, that RD/LI obligations can be maintained while allowing businesses to utilise the advantages and innovations of Cloud Services. This activity is closely aligned with SA3 LI’s reviews of the same subject.
TC LI – Liaison Activities Liaison Relationships Permanent active relationship with 3GPP/SA3-LI Active relationship started with ISO SC27, ISO SC38, and ITU-T SG13 (and it's JCA-cloud) Liaisons (at TC LI#32) Received from ITU-T SG13 JCA-cloud on cooperation Sent as reply to ITU-T SG13 JCA-cloud with information on TC LI work on Cloud 12