Global Standards Collaboration GSC#10 28 August – 2 September 2005 Sophia Antipolis, France Agenda Item: 5.6 GSC GSC10_gtsc3(05)04 ITU-T Security Standardization Herb Bertine Chairman ITU-T Study Group 17
Download ReportTranscript Global Standards Collaboration GSC#10 28 August – 2 September 2005 Sophia Antipolis, France Agenda Item: 5.6 GSC GSC10_gtsc3(05)04 ITU-T Security Standardization Herb Bertine Chairman ITU-T Study Group 17
Global Standards Collaboration GSC#10 28 August – 2 September 2005 Sophia Antipolis, France
Agenda Item: 5.6
GSC
GSC10_gtsc3(05)04
ITU-T Security Standardization
Herb Bertine Chairman ITU-T Study Group 17
ITU-T World Telecommunications Standardization Assembly (WTSA) GSC
Resolution 50, Cyberscecurity
Evaluate existing and evolving new Recommendations with respect to their robustness of design and potential for exploitation by malicious parties Raise awareness of the need to defend against the threat of cyber attack
Resolution 51, Combating spam
Report on international initiatives for countering spam Member States to take steps within their national legal frameworks to ensure measures are taken to combat spam
Resolution 52, Countering spam by technical means
Study Groups, in cooperation with other relevant groups, to develop as a matter of urgency technical Recommendations on countering spam
2
ITU-T Study Groups
www.itu.int/ITU-T/studygroups/com17 GSC
Study Group 17 is the Lead Study Group for Telecommunication Security www.itu.int/ITU-T/studygroups/com17/tel-security.html
Coordination/prioritization of security efforts Development of core security Recommendations Study Group 2 is responsible for defining the security requirements on the user point-of-view Study Group 4 covers security for the network management Study Group 9 develops security mechanisms for cable distribution systems Study Group 13 defines the security framework for NGN Study Group 16 concentrates on the security issues of Multimedia applications in next generation networks.
3
Awareness
GSC
SG 17 maintains a webpage providing for an overview on achievements of ITU-T on security standadization: security manual security compendium: • • • catalogue of approved ITU-T Recommendations related to telecommunication security extract of ITU-T approved security definitions listing of ITU-T security related Questions www.itu.int/ITU-T/studygroups/com17/tel-security.html
Many ITU-T workshops have security in their agenda (New horizons for security standardization, NGN (in collaboration with IETF), Cybersecurity Symposiums I and II, Home networking and Home services,…)
4
ITU-T Security Manual
December 2003, October 2004 GSC
Basic security architecture and dimensions Vulnerabilities, threats and risks Security framework requirements PKI and privilege management with X.509
Applications (VoIP, IPCablecom, Fax, Network Management, e-prescriptions) Security terminology Catalog of ITU-T security-related Recommendations List of Study Groups and security-related Questions www.itu.int/itudoc/itu-t/85097.pdf
www.itu.int/itudoc/itu-t/86435.pdf
5
GSC 6
SG 17 recent achievements
GSC
Security Architecture (X.805)
New 2003
For end-to-end communications Security Management System (X.1051)
New 2004
For risk assessment, identification of assets and implementation characteristics
Mobile Security
(X.1121 and X.1122)
New 2004
For mobile end-to-end data communications Telebiometric Multimodal Model (X.1081)
New 2004
A framework for the specification of security and safety aspects of telebiometrics
Public Key and Attribute Certificate Frameworks
(X.509)
Revision 2005
Ongoing enhancements as a result of more complex uses and alignment with the IETF
7
SG 16 recent achievements
GSC
Major restructuring of H.235v3 and annexes in stand-alone sub-series Version 4 Recommendations of H.235.x
New H.235.0 ( 2005 ) “Security framework for H-series (H.323 and other H.245-based) multimedia systems”
Overview of H.235.x sub-series and common procedures and baseline text
New H.235.1 ( 2005 ) “Baseline Security Profile“
Authentication & integrity for H.225.0 signaling using shared secrets
New
H.235.2 ( 2005 ) “Signature Security Profile”
Authentication & integrity for H.225.0 signaling using X.509 digital certificates and signatures
New
H.235.3 ( 2005 ) “Hybrid Security Profile”
Authentication & integrity for H.225.0 signaling using an optimized combination of X.509 digital certificates, signatures and shared secrets key management; specification of an optional proxy-based security processor
8
SG 16 recent achievements
GSC
New H.235.4 ( 2005 ) “Direct and Selective Routed Call Security”
New H.235.5 ( 2005 ) “Framework for secure authentication in RAS using weak shared secrets”
Key management procedures in corporate and interdomain environments to obtain key material for securing H.225.0 call signaling in GK direct-routed/selective routed scenarios Secured password (using EKE/SPEKE approach) in combination with Diffie-Hellman key agreement for stronger authentication during H.225.0 signaling
New H.235.6 ( 2005 ) “Voice encryption profile with native H.235/H.245 key management”
Key management and encryption mechanisms for RTP
New H.235.7 ( within H.235” 2005 ) “Usage of the MIKEY Key Management Protocol for the Secure Real Time Transport Protocol (SRTP)
Usage of the MIKEY key management for SRTP
9
SG 16 recent achievements
GSC
New H.235.8 ( 2005 ) “Key Exchange for SRTP using secure Signalling Channels”
SRTP keying parameter transport over secured signaling channels (IPsec, TLS, CMS)
New H.235.9 ( 2005 ) “Security Gateway Support for H.323”
Discovery of H.323 Security Gateways (SG represents an H.323 NAT/FW ALG) and key management for H.225.0 signaling
10
SG 4 recent achievements: Security of the Management Plane (M.3016-series)
GSC
Approved earlier this year (
2005 ), the M.3016 series is viewed as a key aspect of NGN Management; it is included
in the NGN Management Roadmap to be issued by the NGNMFG In M.3060 on the Principles of NGN Management
The M.3016 series consists of 5 parts:
M.3016.0: Overview M.3016.1: Requirements M.3016.2: Services M.3016.3: Mechanisms M.3016.4: Profile proforma
The role of M.3016.4 is unique in that it provides a template for other SDOs and forums to indicate for their membership what parts of M.3016 are mandatory or optional 11
Study Group 17 Security Questions, 2005-2008
GSC Q.7/1 Security 7 Management
* ISMS-T *Incident Management *Risk Assessment Methodology *etc… *X.1051
Telecom Systems Users Telecom Systems Q.8/17 Telebiometrics
*Multimodal Model Framework *System Mechanism *Protection Procedure *X.1081
*Mobile Secure Communications *Home Network Security *Security Web Services *X.1121, X.1122
Cyber Security
*Incident Handling Operations *Security Strategy
Q.9/1 7 Q.6/1 7
*Countering SPAM ( proposed Q.1717)
Q.5/1 7 Security Architecture & Frameworks
* Architecture, Model, Concepts, Frameworks, *etc… *X.800 series *X.805
Q.4/1 7 Communications System Security Project
*Vision, Project Roadmap, …
12
ITU-T Security work in development
GSC
Q.2/17: Directory services, Directory systems, and public key/attribute certificates
The Directory: Public-key and attribute certificate frameworks (X.509) • The 5 th edition entered Last Call period for approval on 1 August 2005 Consider new work on NGN directory protocol
Q.4/17: Communications systems security project
Security Baseline for Network Operators Project • Proposes a security baseline for network operators that will provide meaningful criteria against which each network operator can be assessed if required
Q.5/17: Security architecture and framework
Applications of ITU-T Rec. X.805
• covering division of the security features between the networkservice provider and the user • specifying procedures for network security assessment based on X.805 security architecture
13
ITU-T Security work in development
GSC
Q.6/17: Cybersecurity
X.sno, framework for secure network operations X.vds, vulnerability data schema X.sds, spyware/deceptive software X.silc, security incident life-cycle processes X.svlc, security vulnerability life-cycle processes
Q.7/17: Security management
X.ism-1, code of practice for information security management X.ism-2, ISMS requirements specification X.1051, amendments/revision
Q.8/17: Telebiometrics
X.physiol, Physiological quantities, their units and letter symbols X.tsm-1, General telebiometric system models, protocol and data contents X.tsm-2, Profile of client verification model on TSM X.tpp, Guideline on technical and managerial countermeasures for biometric data security
14
ITU-T Security work in development
GSC
Telebiometric database
ITU is constructing a database of safe limit value pertaining to interfaces between telebiometric equipment and humans This work is being done in collaboration with ISO TC 12 and IEC TC 25 We would appreciate the help of PSOs in populating the database.
The telebiometric database will be publicly available on the ITU-T website: www.itu.int/BiometricDB/Home
15
ITU-T Security work in development
GSC
Q.9/17: Secure communication services
X.homesec-1, Framework for security technologies for home network X.homesec-2, Certificate profile for the device in the home network X.msec-3, General security value added service (policy) for mobile data communication X.msec-4, Authentication architecture in mobile end-to-end data communication X.crs, Correlative reacting system in mobile network X.websec-1, based on OASIS standard SAML, Security Assertion Markup Language X.websec-2, based on OASIS standard XACML, eXtensible Access Control Markup Language
Proposed Q.17/17: Countering SPAM
X.gcs, Guideline on countering SPAM X.fcs, Technical framework for countering SPAM X.tcs, Technical means for countering SPAM
16
ITU-T Security work in development
GSC
Q.11/4 – Protocols for management interfaces
Security Management System Requirements (M.xxxx)
Q.1513 – NGN security
Ensure that the developed NGN architecture is consistent with established security principles. Will further process the security related FGNGN deliverables
17
ITU-T Security work in development
GSC
Security Deliverables from NGN Focus Group
Deliverable Title Current Draft Target Date
Security Requirements for NGN Release 1 FGNGN-OD-00132 November 2005 Guidelines for NGN Security FGNGN-OD-00173 November 2005
Both draft specifications are planned to be moved to SG 13 for processing as new ITU-T Recommendations
18
ITU-T Security work in development
GSC
Q.25/16 - Multimedia Security in Next Generation Networks (NGN-MM-SEC) Standardizes MM Security for H.323 systems and for Advanced multimedia (MM) applications including NGN
Anti-DDOS countermeasures for Multimedia and for (H.323 based) NAT/FW proxy Federated Security Architecture for Internet-based Conferencing (H.FSIC) Security for MM-QoS (H.mmqos.security) Negotiate security protocols (IPsec or TLS) for H.323 signaling (H.460.spn) MM security aspects of Vision H.325
“Next-generation Multimedia Terminals and Systems”
19
Concluding Observations
GSC
Security is
everybody's business
Collaboration with other SDOs is
necessary
Security needs to be
designed in upfront
Security must be an
ongoing effort
Systematically addressing independent of what the be – X.805 is helpful here
vulnerabilities
(intrinsic properties of networks/systems) is key so that protection can be provided
threats
(which are constantly changing and may be unknown) may
20
Global Standards Collaboration GSC#10 28 August – 2 September 2005 Sophia Antipolis, France
Thank you !
GSC
GSC
Additional material on recently approved security Recommendations in Study Group 17
22
Three main issues that X.805 addresses
GSC
The security architecture addresses three essential issues:
What kind of protection is needed and against what threats?
What are the distinct types of network equipment and facility groupings that need to be protected?
What are the distinct types of network activities that need to be protected?
X.805
23
X.805: Security Architecture for End-to-End Communications
GSC VULNERABILITIES THREATS Destruction Corruption Removal Disclosure Interruption ATTACKS
X.805
Vulnerabilities can exist in each Layer, Plane and Dimension 72 Security Perspectives (3 Layers Ò 3 Planes Ò 8 Dimensions) 24
X.805: Three security layers
GSC Vulnerabilities Can Exist In Each Layer THREATS Destruction Corruption Removal Disclosure Interruption ATTACKS
• •
3 - Applications Security Layer:
Network-based applications accessed by end-users Examples: – Web browsing – – – Directory assistance Email E-commerce • •
1 - Infrastructure Security Layer:
Fundamental building blocks of networks services and applications Examples: – Individual routers, switches, servers – – Point-to-point WAN links Ethernet links • •
2 - Services Security Layer:
Services Provided to End-Users Examples: – – – – Frame Relay, ATM, IP Cellular, Wi-Fi, VoIP, QoS, IM, Location services Toll free call services • •
Each Security Layer has unique vulnerabilities, threats Infrastructure security enables services security enables applications security
X.805
25
X.805: Three security planes
Vulnerabilities Can Exist In Each Layer and Plane THREATS Destruction Corruption Removal Disclosure Interruption ATTACKS GSC
•
1 - End-User Security Plane:
Access and use of the network by the customers for various purposes: – Basic connectivity/transport – Value-added services (VPN, VoIP, etc.) – Access to network-based applications (e.g., email) • •
3 - Management Security Plane:
The management and provisioning of network elements, services and applications Support of the FCAPS functions • •
2 - Control/Signaling Security Plane:
Activities that enable efficient functioning of the network Machine-to-machine communications
X.805
• •
Security Planes represent the types of activities that occur on a network.
Each Security Plane is applied to every Security Layer to yield nine security Perspectives (3 x 3)
•
Each security perspective has unique vulnerabilities and threats 26
X.805 Approach
GSC Management Plane Control/Signaling Plane User Plane Infrastructure Layer Module One Module Two Module Three Services Layer Applications Layer Module Four Module Seven Module Five Module Six Module Eight Module Nine
X.805
Execute
–
Top Row for Analysis of Management Network
–
Middle Column for Analysis of Network Services
–
Intersection of Each Layer and Plane for analysis of Security Advanced Technologies Lucent Technologies - Proprietary
Access Control Authentication Non-repudiation Communication Security Data Integrity Availability Data Confidentiality Privacy
The 8 Security Dimensions Are Applied to Each Security Perspective 21 27
X.805
GSC
Provides A Holistic Approach: Comprehensive, End-to-End Network View of Security Applies to Any Network Technology Wireless, Wireline, Optical Networks Voice, Data, Video, Converged Networks Applies to Any Scope of Network Function Service Provider Networks Enterprise Networks Government Networks Management/Operations, Administrative Networks Data Center Networks Can Map to Existing Standards Completes the Missing Piece of the Security Puzzle of what to do next
X.805
28
Security Management
GSC
Information security management system – Requirements for telecommunications (ISMS-T)
specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the telecommunication’s overall business risks leverages ISO/IEC 17799:2000, Information technology, Code of practice for information security management based on BS 7799-2:2002, Information Security Management Systems — Specifications with Guidance for use
X.1051
29
Information Security Management Domains defined in ISO/IEC 17799
GSC 30
ISMS
Information Security Management System
GSC
X.1051
Organizational security Asset management Personnel security Physical and environmental security Communications and operations management Access control System development and maintenance
31
Mobile Security
GSC
X.1121
X.1122
Multi-part standard
Framework of security technologies for mobile end-to-end data communications
describes security threats, security requirements, and security functions for mobile end-to-end data communication from the perspectives of the mobile user and application service provider (ASP)
Guideline for implementing secure mobile systems based on PKI
describes considerations of implementing secure mobile systems based on PKI, as a particular security technology
32
Security framework for mobile end-to-end data communications
GSC Data communication Mobile Terminal (Mobile User) Mobile Network General communication Framework Open Network Data communication Data communication Mobile Terminal (Mobile User ) Gateway Framework Mobile Security Gateway
Security threats Relationship of security threats and models Security requirements Relationship of security requirements and threats Security functions for satisfying requirements
X.1121
Application Server (ASP) Application Server (ASP) 33
Secure mobile systems based on PKI
Mobile user’s side CA
General Model
Mobile Terminal (Mobile User) RA CA Repository Mobile User VA Mobile Network ASP’s VA Open Network GSC ASP’s side CA Repository Application Server (ASP) Mobile user’s side CA
Gateway Model
RA CA Repository Mobile User VA Mobile Terminal (Mobile User) Mobile Network
X.1122
ASP Application Service Provider CA Certification Authority RA Registration Authority VA Validation Authority
ASP’s VA ASP’s side CA Repository Open Network Application Server (ASP) 34
Telebiometrics
GSC
A model for security and public safety in telebiometrics that can assist with the derivation of safe limits for the operation of telecommunications systems and biometric devices provide a framework for developing a taxonomy of biometric devices; and facilitate the development of authentication mechanisms, based on both static (for example finger-prints) and dynamic (for example gait, or signature pressure variation) attributes of a human being A taxonomy is provided of the interactions that can occur where the human body meets devices capturing biometric parameters or impacting on the body
X.1081
35
Telebiometric Multimodal Model: A Three Layer Model
GSC
the scientific layer
5 disciplines: physics, chemistry, biology, culturology, psychology
the sensory layer – 3 overlapping classifications of interactions
video (sight), audio (sound), chemo (smell, taste), tango (touch); radio (radiation) - each with an out (emitted) and in (received) state behavioral, perceptual, conceptual postural, gestural, facial, verbal, demeanoral, not-a sign
the metric layer
7 SI base units (m, kg, s, A, K, mol, cd)
X.1081
36