world class standards anfov - milano, 14 november 2007 – paolo de lutiis anfov - milano, 14...

ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS

World Class Standards

ANFOV - Milano, 14 November 2007

Autore:Paolo DE LUTIIS

Telecom ItaliaSecurity Innovation

ETSI TISPAN NGN Security

Presentazione per l’Osservatorio Sicurezza Anfov

ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 2


Table of Contents

ETSI TISPAN: WG7 activities

TISPAN NGN overview

TISPAN NGN security: Security areas Network Domain Security TISPAN IMS Security

• IMS-AKA• NASS bundled• HTTP DIGEST

Application security

TISPAN NGN Security Standards Main technical documents

Conclusion



ETSI TISPAN: WG7 activities



WG7 - security

TISPAN Working Group (WG) 7 is responsible for the management and co-ordination of the development of security specifications for TC TISPAN.

For TISPAN NGN, TISPAN WG7 is responsible for:

Defining the security requirements;

Defining the security architecture for NGN;

Conducting threat and risk analyses for specific NGN use cases;

Proposing security countermeasures;

WG7 security standardization process is risk-based. The Threats, Vulnerability and Risk Analysis (TVRA) methodology has been defined specifically to address the needs of the NGN security. The TVRA is ISO15408 (Common Criteria)-based



WG7 security – Current focus (NGN rel. 2):

Fixed-mobile convergence (authentication schema coexistence)

Media security

Network Address Translation

IPTV security

Impact of unsolicited communication in the NGN environment

Identity Management

Customer Premises Network Security



TISPAN NGN overview



TISPAN NGN outline

UMTS

FTTx

WiFi/WiMax

xDSLPSTN / ISDN

BroadcastIP Transport layer

NASS RACS

Service layer PES

Other…

UserProfile

ApplicationsP

ST

N

Other netw

ork

IMS



TISPAN NGN security



Security areas

NGN

Access Security

Interconnection Security

Intra-Operator Security

Subsystems



Security Domains

A security domain (TS 187 003) consists of the functional entities administered by a single authority (e.g. the same operator's network). A security domain is required to: protect the integrity and the confidentiality of its functional elements, ensure the availability of the elements and activities under its

protection.

Interdomain interfaces are protected by security gateway functions (SEGF)

SEGFs connect domains using IPsec in ESP tunnel mode with Internet Key Exchange (IKE) The actual inter-security domain policy is not standardized and is left

to the discretion of the roaming agreements of the operators



TISPAN NGN Security Domains

SEGF SEGF

SEGF

SEGF

SEGF

SEGF

SEGF

SEGFAccess NetworkSecurity Domain

Visited NetworkSecurity Domain

Home NetworkSecurity Domain

3Party ASPSecurity Domain

3Party ASPSecurity Domain

SEGF Securty Gateway Function

IPSEC tunnel



Access Security

Access domain registration involves access-level authentication and authorization procedures between the UE and the Access Network.

Fixed broadband access (and non-3GPP WLAN access) may employ different access domain registration methods based on the access network configuration and operator policy.

These solutions usually do not rely on any kind of security token. An AAA infrastructure is used for bearer-level registration.

TISPAN requirements (TS 187 001) states that NGN shall support both the use explicit (e.g. PPP or IEEE 802.1x) and/or implicit line authentication (e.g. MAC address authentication or line authentication) of the users/subscribers at the NASS layer.



IMS Security

The IMS is independent of the transport network. The identity of the accessing UE is checked at the edge of the

IMS. The nodes in the IMS domain will trust SIP messages with asserted identity headers.

At the border of the IMS the P-CSCF is in charge of authenticate the UE and insert within each SIP request an asserted identity (token). This identity is passed between nodes in the IMS domain, with no need for further authentication.

IMS Authentication options (TS 187 001): Full IMS security: Authentication and Key Agreement (AKA) as

defined by 3GPP (plus NAT traversal) Early deployment scenarios:

• NASS bundled authentication• HTTP DIGEST



IMS and call control

P-CSCF

I-CSCF

S-CSCF

P-CSCF

I-CSCF

S-CSCF

P-CSCF

I-CSCF

S-CSCF

Access Access

Visited Home Called

UPSF UPSFDNS



UE

Full IMS Security (IMS-AKA)

NASS

P-CSCF I/S-CFCS UPSF

IMS

NASS Auth.

UICC

User credential and

secret Key

IPSEC protects signalling confidentiality and integrity

User profile, credential and

keys

NGN and UE are mutually authenticated (AKA)

SIP protocol



UE

NASS Bundled Authentication (NBA)

NASS


IMS

NASS Auth.

SIP protocol

CLF

NO UICC and NO IMS

credential required

NO IPSEC, the signalling is transmitted

in the clear

The authentication is one-way: only the NGN authenticates the UE

User profile, no credential

required



HTTP Digest (HD)

UE

NASS


IMS

NASS Auth.

SIP Protocol

NO UICC required (user credential and keys in the UE

memory)

Explicit authenticationNO IPSEC: the signalling is

transmitted in the clear

User profile, credential and

keys

NGN and UE are mutually authenticated



Application Security (optional)

UE

UICC

AS

BSF UPSF

HD over TLS

GBA-u mode



ETSI TISPAN NGN Security Standards



Security ETSI TISPAN specifications

Main Technical Specification NGN Security requirements (TS 187 001) NGN Security architecture (TS 187 003) NGN Lawful Interception functional entities, information flow and

reference points (TS 187 005)

Main Technical Report (feasibility studies). NGN Threats, Vulnerability and Risk Analysis (TVRA) (TR 187 002) NAT traversal (TR 187 008) Media security (TR 187 007) Impact of unsolicited communication in the NGN (WI 07 025) Identity Management (WI 07 027) Data Retention (WI 07 032)

All the TISPAN activities related to the core IMS have been delegated to the 3GPP



Conclusions



Conclusions NGN is divided into Security domains. Domains are considered to

be trusted environment Core or intra-domain security is mainly under the responsibility of

the Operator Inter-domain security is provided by SEGF Access Authentication is performed on both service layer (e.g.

IMS) and network attachment (NASS) IMS-AKA (as defined by 3GPP plus NAT support) is the preferred

solution for IMS authentication: Identity and keys stored on smart card (UICC) Mutual authentication between Network and UE (AKA) IPSEC for the protection of the signalling only

Other authentication mechanisms (NBA, HD) have been defined for early deployment scenarios (short term solutions).

world class standards anfov - milano, 14 november 2007 – paolo de lutiis anfov - milano, 14...

Documents

wg7 security tispan

security architecture

security requirements

lutiis anfov milano

security domain ts

wg7 security current

tispan wg7

lutiis etsi tispan