Global Standards Collaboration (GSC) 14 Security and Lawful Intercept DOCUMENT #: GSC14-PLEN-008 FOR: Presentation SOURCE: TIA AGENDA ITEM: 6.3 CONTACT(S): Cheryl Blum Frank Quick (Chair TR-45 AHAG) John Oblak (Chair TR-8) TIA Security and Lawful Intercept 1 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009

Current Activities - Security TIA Committee TR-45 supports security standards development for US TDMA (TIA-136) and CDMA (TIA-2000 and TIA-856) Most of TR-45’s work involves transposition of specifications developed by 3GPP2 TSG-S WG4 Current efforts: Security framework for Femto-cells Update of the Common Cryptographic Algorithms (CCA) 2 Geneva, 13-16 July 2009

Current Activities - Security Engineering Committee TR-8 has a subcommittee focused on Encryption Standards, TR-8.3 A block encryption Protocol document, TIA-102.AAAD-A has been approved for ballot in 2009 TR-8 has standards for Advanced Encryption, Data Encryption, and OTAR For overviews of these areas see ANSI/TIA-102.AAAB-A, ANSI/TIA-102.AAAB-A, and TIA-102.AACB 3 Geneva, 13-16 July 2009

Strategic Direction TIA expects its TR-45 security work to continue to be driven by 3GPP2 Much of 3GPP2 security work is input taken directly from IETF or 3GPP documents There is at present little need for new work by TIA on security in TR-45 Equipment Numbering Identifier security (e.g., MEID, IMEI, ESN) Consider an International regulatory adoption of common Equipment Numbering Identifier security requirements TR-34 will be reviewing adding authentication security per flow to TIA-1039 This will be an important improvement to network security Geneva, 13-16 July 2009

Challenges Inconsistent implementation of security in the networks Security is perceived as preventing fraud adequately, may lead to complacency in some systems Cost and complexity are usually cited as reasons for not using authentication Geneva, 13-16 July 2009

Next Steps/Actions TIA plans to continue to monitor the security environment faced by operators and users Any issues identified that are not addressed by 3GPP or 3GPP2 will be studied by TR-45 TR-8, TR-34, and other TIA Engineering Committees will continue to work on Security requirements in their respective standards scope Geneva, 13-16 July 2009

Global Standards Collaboration (GSC) 14 Lawful Intercept 7 Geneva, 13-16 July 2009

Current Activities TIA TR-45.8 (Core Network) Recently published TIA-1118, “LAES (Lawfully Authorized Electronic Surveillance) for cdma2000® WLAN Interworking” Lawful Intercept of subject accessing cdma2000® packet data services via a WLAN FBI-CIU request for new project, LAES for cdma2000® Femtocells 8 Geneva, 13-16 July 2009

Current Activities in TR-45.8 TR-45.8 LI Group developed a Report for TR-45 on Potential Technical Impacts of the Department of Justice (DOJ) petition to the FCC regarding asserted deficiencies in the LAES Capabilities for cdma2000® Packet Data Services (as specified in ANSI/J-STD-025-B) Asserted deficiencies include: More precise location information Reporting of summary communication content packet header information as IRI More precise timing information Security, Performance, and Reliability enhancements No projects have been undertaken to address the impacts identified in the report Awaiting a final ruling from the FCC Report shared with ATIS PTSC LAES and WTSC LI Groups 9 9 9 9 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009

Security and Lawful Intercept in ISO TC 204 TIA is International Secretariat to ISO TC 204 and US TC204 TAG ADMIN TR 11766 Lawful Interception in ITS and CALM TR 11769 Data retention for law enforcement in ITS and CALM NP 13181-1 CALM Security Part 1: Framework NP 13181-2 CALM Security Part 2: Threat Vulnerability and Risk Analysis NP 13181-3 CALM Security Part 3: Objectives and requirements NP 13181-4 CALM Security Part 4: Countermeasures 10 10 10 10 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009

Strategic Directions For TR-45 Continue collaboration and coordination with LI development in groups such as ATIS WTSC and PTSC and 3GPP SA3 LI. Other TIA-supported activities will continue to evolve and enhance their standards as the Threat, the Technology, and Timing – (need for faster implementations) - the 3 T’s keep changing. 11 11 11 11 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009

Challenges Final rulings of DOJ petition could impact or affect capabilities supported by other technologies. Imperative to maintain close coordination with other LI groups. Keeping pace with support of LI capabilities with the ongoing introduction of new features and services while maintaining LI standards already implemented Consideration of the unique issues presented with access to the Internet e.g., Local Breakout Communications protocols involved in New and Novel Technology areas such as “Smart Grid.” 12 12 12 12 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009

LI Next Steps/Actions TR-45 LAES for new CDMA features and services New work item introduced in June for support of LI for Femto Cells Assess LAES impact on the eHRPD Possible support for Server-based conferencing 13 13 13 13 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009 Geneva, 13-16 July 2009

Supplementary Slides Geneva, 13-16 July 2009

Recent TR-45 Security Standards TIA-946-A Enhanced Cryptographic Algorithms TIA-1097-A Security Mechanisms Using GBA TIA-1098-A Generic Bootstrapping Architecture (GBA) Framework TIA-1141 IMS Security for 2G R-UIMs Geneva, 13-16 July 2009