etsi security presentation
Post on 19-Mar-2022
3 Views
Preview:
TRANSCRIPT
ETSI Security Workshop January 2007
1
ETSI Security Activities OverviewCharles Brookson
ETSI OCG Sec Chairman, UK DTIcbrookson@iee.org
Dionisio ZumerleETSI Secretariat
dionisio.zumerle@etsi.org
ETSI Security Workshop January 2007 2
Agenda
Overview and OCG SecurityMobile and Wireless SecurityAlgorithmsSmart CardsNext Generation Networks SecurityLawful InterceptionElectronic SignaturesFuture Challenges
ETSI Security Workshop January 2007 3
ETSI Committees per Security AreasMobile/Wireless Algorithms
Information TechnologyInfrastructure
Fixed and Convergent Networks
2G/3G Mobile3GPP*
ElectronicSignatures
(ESI)Next Generation
Networks(TISPAN)
LawfulInterception
(LI)
SmartCardPlatform
(SCP)
SecurityAlgorithms Group
of Experts(SAGE)
TETRA
MESA*
EMTEL
Emergency Telecommunications
Smart Cards
Mobile
Com
mer
ce**
DECT
AT
SES
* ETSI is a founding partner for this partnership project** Closed Committee
ETSI Security Workshop January 2007 4
OCG Security
Operational Co-ordination ad hoc Group on SecurityHorizontal co-ordination structure for security issues
Ensuring security is properly considered in each ETSI Technical Body (TB)Detecting any conflicting or duplicate work
Participation:TBs are free to nominate Members to participate in the work of the group
Working methods:Via email When necessary co-sited “joint security” technical working meetingsIssues sent to SECsupport@etsi.orgMailing list: OCG_SECURITY@LIST.ETSI.ORG
ETSI Security Workshop January 2007 5
Agenda
Overview and OCG Security
Mobile and Wireless SecurityAlgorithmsSmart CardsNext Generation Networks SecurityLawful InterceptionElectronic SignaturesFuture Challenges
ETSI Security Workshop January 2007 6
GSM and 3G
IMEI (International Mobile Equipment Identity)Protection against theftPhysical marking of the terminalBlacklisted by operator if stolen
FIGS (Fraud Information Gathering System)Monitors activities of roaming subscribersHome network informedFraudulent calls identified terminated
PriorityPublic safety service Allows for high priority access
Location
ETSI Security Workshop January 2007 7
TETRA
TErrestrial Trunked RadioMobile radio communications
Used for public safety services Security features include:
Mutual AuthenticationEncryptionAnonymity
ETSI Security Workshop January 2007 8
Agenda
Overview and OCG SecurityMobile and Wireless Security
AlgorithmsSmart CardsNext Generation Networks SecurityLawful InterceptionElectronic SignaturesFuture Challenges
ETSI Security Workshop January 2007 9
Algorithms
ETSI is a world leader in creating cryptographic algorithms and protocols to prevent fraud and unauthorised access to ICT and broadcast networks, and to protect customers’ privacyETSI SAGE (Security Algorithm Group of Experts)
Centre of competence for algorithms in ETSIAlgorithms for:
DECTGSM, GPRS, EDGETETRAUMTS…
ETSI Security Workshop January 2007 10
GSM and UMTS Algorithms
GSM and EDGEA3, A5 and A8 – used in most GSM networks all over the world
GPRSGEA3 – encryption algorithms used
UMTS radio interface (UTRA)UEA1 and UIA1Providing Encryption and IntegrityUEA2 and UIA2 just releasedFor more info: ETSI TR 133 908
ETSI Security Workshop January 2007 11
Agenda
Overview and OCG SecurityMobile and Wireless SecurityAlgorithms
Smart CardsNext Generation Networks SecurityLawful InterceptionElectronic SignaturesFuture Challenges
ETSI Security Workshop January 2007 12
Smart cardsSmart cards
Micro-processor equipped TokensAble to store and process information
• Private key• Biometric template• …
Provide Strong AuthenticationUsed in:
• Banking• Healthcare• Telecoms• IT• …
ETSI Security Workshop January 2007 13
Smart Card Standardization
ETSI Smart Card StandardizationETSI Technical Committee Smart Card Platform (TC SCP)GSM SIM Cards: among most widely deployed smart cards everWork extended with UMTS USIM Card and UICC Platform
Current challengesExpand the smart card platform Implement Extensible Authentication Protocol (EAP) in Smart CardsAllow users access to global roamingUICC platform in secure financial transactions over mobile communications systems
ETSI Security Workshop January 2007 14
Agenda
Overview and OCG SecurityMobile and Wireless SecurityAlgorithmsSmart Cards
Next Generation Networks SecurityLawful InterceptionElectronic SignaturesFuture Challenges
ETSI Security Workshop January 2007 15
ETSI TISPAN WG7
NGN concept: fixed-mobile network convergence to packet-switched technology delivering multimedia servicesETSI extending the 3GPP IMS concepts in TISPAN Committee designing NGN
(TISPAN = TTelecommunication and IInternet converged SServices and PProtocols for AAdvanced NNetworking)
Working Group 7 NGN competence centre for security with a group of security expertsWG7 standardizes NGN security
www.tispan.org
ETSI Security Workshop January 2007 16
NGN R1 Security Standards
NGN Release 1Threat, Vulnerabilities, Risk Analysis
TR 187 002
NGN Architecture (NASS, RACS, …) IMS Security Architecture
NGN Release 1Security Requirements
TR 187 001
NGN Release 1 Security Architecture TS 187 003
Security Components and Building Blocks
CountermeasuresSecurity FunctionsSecurity Services
Security Domains
NGN Release 2 Security Architecture
ETSI Security Workshop January 2007 17
Agenda
Overview and OCG SecurityMobile and Wireless SecurityAlgorithmsSmart CardsNext Generation Networks Security
Lawful InterceptionElectronic SignaturesFuture Challenges
ETSI Security Workshop January 2007 18
What is Lawful Interception?
Delivery of intercepted communications to Law Enforcement Authorities
To support criminal investigationTo counter terrorism
Applies to data in transitnot a search of records
Applied to any data in transitSignallingSpeechVideoEmailWeb
ETSI Security Workshop January 2007 19
Simple architecture
Correspondent
Handover interface
Interception interface
target
Monitor
ETSI Security Workshop January 2007 20
Agenda
Overview and OCG SecurityMobile and Wireless SecurityAlgorithmsSmart CardsNext Generation Networks SecurityLawful Interception
Electronic SignaturesFuture Challenges
ETSI Security Workshop January 2007 21
Electronic Signatures
ETSI and CEN co-operation on the European Electronic SignatureGoal: provide Europe with a reliable electronic signatures framework
Enabling electronic commerceSupporting eSignature EC Directive
Current challengeseInvoicingRegistered EMail (REM)
International collaborationCertificate Policy mapped and aligned with US policyXML Signature Standard adopted in Japan
ETSI Security Workshop January 2007 22
Agenda
Overview and OCG SecurityMobile and Wireless SecurityAlgorithmsSmart CardsNext Generation Networks SecurityLawful InterceptionElectronic Signatures
Future Challenges
ETSI Security Workshop January 2007 23
Future Challenges
A number of issues are openProduct ProofingDRMNGN Retained Data…
Security Standards for the Future Technologies are the Next ChallengeETSI can meet that challenge
top related