International Telecommunication Union Eighth Global Standards Collaboration (GSC) Meeting - Ottawa,...
-
Upload
morgan-tucker -
Category
Documents
-
view
214 -
download
0
Transcript of International Telecommunication Union Eighth Global Standards Collaboration (GSC) Meeting - Ottawa,...
International Telecommunication Union
Eighth Global Standards Collaboration (GSC) Meeting - Ottawa, Canada, 27 April-1 May 2003
Security Security StandardizationStandardization
in ITU-Tin ITU-THerbert Bertine
Co-Chairman ITU-T Study Group 17
Ninth Global Standards Collaboration (GSC-9) Meeting – Seoul Korea, 9-13 May 2004
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
2
ITU Plenipotentiary Conference 2002Resolution PLEN/2 - Strengthening the role
of ITU in information and communication network
securityresolves1 to review ITU's current activities in information
and communication network security;2 to intensify work within existing ITU study
groups in order to: a) reach a common understanding on the
importance of information and communication network security by studying standards on technologies, products and services with a view to developing recommendations, as appropriate;
b) seek ways to enhance exchange of technical information in the field of information and communication network security, and promote cooperation among appropriate entities;
c) report on the result of these studies annually to the ITU Council.
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
3
ITU-T Study Groupshttp://www.itu.int/ITU-T/
o SG 2 Operational aspects of service provision, networks and performance
o SG 3 Tariff and accounting principles including related telecommunications economic and policy
issues o SG 4 Telecommunication management, including TMN o SG 5 Protection against electromagnetic environment effects o SG 6 Outside plant o SG 9 Integrated broadband cable networks and television and
sound transmission o SG 11 Signalling requirements and protocols o SG 12 End-to-end transmission performance of networks and
terminals o SG 13 Multi-protocol and IP-based networks and their
internetworking o SG 15 Optical and other transport networks o SG 16 Multimedia services, systems and terminals o SG 17 Data networks and telecommunication softwareo SSG Special Study Group "IMT-2000 and beyond" o TSAG Telecommunication Standardization Advisory Group
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
4
ITU-T Security Manual
December 2003
o Basic security architecture and dimensionso Vulnerabilities, threats and riskso Security framework requirementso PKI and privilege management with X.509o Applications (VoIP, IPCablecom, Fax,
Network Management, e-prescriptions)o Security terminology o Catalog of ITU-T security-related
Recommendationso List of Study Groups and security-related
Questions
http://www.itu.int/ITU-T/edh/files/security-manual.pdf
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
5
ITU-T Security Building Blocks
Network Management SecurityM.3010–Principles for a telecommunications management networkM.3016–TMN Security OverviewM.3210.1–TMN management services for IMT-2000 security managementM.3320–Management requirements framework for the TMN X-InterfaceM.3400–TMN management functions
Televisions and Cable SystemsJ.91–Technical methods for ensuring privacy in long-distance international television transmissionJ.93–Requirements for conditional access in the secondary distribution of digital television on cable television systemsJ.170–IPCablecom security specification
Systems ManagementX.733–Alarm reporting functionX.735–Log control functionX.736–Security alarm reporting functionX.740–Security audit trail functionX.741–Objects and attributes for access control
FacsimileT.30 Annex G–Procedures for secure Group 3 document facsimile transmission using the HKM and HFX systemT.30 Annex H–Security in facsimile Group 3 based on the RSA algorithmT.36–Security capabilities for use with Group 3 facsimile terminalsT.503–Document application profile for the interchange of Group 4 facsimile documentsT.563–Terminal characteristics for Group 4 facsimile apparatus
Multimedia CommunicationsH.233–Confidentiality system for audiovisual servicesH.234–Encryption key management and authentication system for audiovisual servicesH.235–Security and encryption for H-series (H.323 and other H.245-based) multimedia terminalsH.323 Annex J–Packet-based multimedia communications systems – Security for H.323 Annex F (Security for simple endpoint types)H.350.2–Directory services architecture for H.235H.530–Symmetric security procedures for H.323 mobility in H.510
Security Architecture FrameworkX.800–Security architectureX.802–Lower layers security modelX.803–Upper layers security modelX.805–Security architecture for systems providing end-to-end communicationsX.810–Security frameworks for open systems: OverviewX.811–Security frameworks for open systems: Authentication frameworkX.812–Security frameworks for open systems: Access control frameworkX.813–Security frameworks for open systems: Non-repudiation frameworkX.814–Security frameworks for open systems: Confidentiality frameworkX.815–Security frameworks for open systems: Integrity frameworkX.816–Security frameworks for open systems: Security audit and alarms framework
Security TechniquesX.841–Security information objects for access controlX.842–Guidelines for the use and management of trusted third party servicesX.843–Specification of TTP services to support the application of digital signatures
ProtocolsX.273–Network layer security protocolX.274–Transport layer security protocol
Security in Frame RelayX.272–Data compression and privacy over frame relay networks
Directory Services and AuthenticationX.500–Overview of concepts, models and servicesX.501–ModelsX.509–Public-key and attribute certificate frameworksX.519–Protocol specifications
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
6
ITU-T Study Group 17
o Lead Study Group for Communication System Securityhttp://www.itu.int/ITU-T/studygroups/com17/cssecurity.html
• Coordination/prioritization of security efforts• Development of core security Recommendations
o Led ITU-T Workshop on Security 13-14 May 2002http://www.itu.int/ITU-T/worksem/security/index.html
• Security requirements and telecommunication reliability• Hot topics on IP-based network security• Security management• Biometric authentication
o Initiated the ITU-T Security Project• Provide vision and direction for future work• Reflect situation of current work
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
7
Existing Recommendations in X.800-series
Security ArchitectureX.800
Lower LayersSecurity Model
X.802
Upper LayersSecurity Model
X.803
Security Frameworks: Overview X.810
Auth
enticatio
n
Fram
ework
Access C
on
trol
Fram
ework
Non-R
epudiatio
n
Fram
ework
Con
fiden
tiality
Fram
ework
Integ
rity
Fram
ework
・・・
Generic Upper Layers Security: Overview X.830
Secu
rity E
xch
ang
e
Serv
ice Ele
ment
Pro
tecting
Tra
nsfer
Syntax
Specificatio
n
Secu
rity
Info
rmatio
n O
bje
ct
Guid
elin
e on th
e
Use o
f TT
P
・・・
・・・
Communication SystemSecurity
Information Security Management(Telecom ISMS)
Mobile Security
Tele-biometrics
NEW
Current work items
Study Group 17 Security Focus
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
8
ITU-T SG 17 Security Focus
o Public Key and Attribute Certificate Frameworks (X.509) Revision 2005• Ongoing enhancements as a result of more complex
useso Security Architecture (X.805) Approved 2003
• For end-to-end communicationso Security Management System (X.1051) New
• For risk assessment, identification of assets and implementation characteristics
o Mobile Security (X.1121 and X.1122) New• For mobile end-to-end data communications
o Telebiometric Multimodal Model (X.1081) New• A framework for the specification of security and safety
aspects of telebiometrics
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
9
X.805: Security Architecturefor End-to-End Communications
3Security layers
3 Security Planes
• Vulnerabilities can exist in each Layer, Plane and Dimension• 72 Security Perspectives (3 Layers 3 Planes 8 Dimensions)
X.805
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
10
ITU-T X.805 Approach
Bell Labs Advanced Technologies Lucent Technologies - Proprietary 21
Access Control
Authentication
Non-repudiation
Data Confidentiality
Module NineModule SixModule ThreeUser Plane
Module EightModule FiveModule TwoControl/Signaling Plane
Module SevenModule FourModule OneManagement Plane
Applications LayerServices LayerInfrastructure Layer
Communication Security
Data Integrity
Availability
Privacy
The 8 Security DimensionsAre Applied to Each Security Perspective
Execute– Top Row for Analysis
of Management Network
– Middle Column for Analysis of Network Services
– I ntersection of Each Layer and Plane for analysis of Security Perspective
X.805
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
11
ITU-T X.805
Provides A Holistic Approach:o Comprehensive, End-to-End Network View of Securityo Applies to Any Network Technology
• Wireless, Wireline, Optical Networks• Voice, Data, Video, Converged Networks
o Applies to Any Scope of Network Function• Service Provider Networks• Enterprise Networks• Government Networks• Management/Operations, Administrative Networks• Data Center Networks
o Can Map to Existing Standards o Completes the Missing Piece of the Security Puzzle of
what to do nextX.80
5
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
12
Security Management
o Requirements for Telecommunications of Information Security Management System (T-ISMS)
- specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the telecommunication’s overall business risks.
- leverages ISO/IEC 17799:2000, Information technology, Code of practice for information security management
- based on BS 7799-2:2002, Information Security Management Systems — Specifications with Guidance for use X.105
1
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
13
3. Asset classification& control
2. Organizational Security
1. Security policy
5. Physical & environmental security
4. Personnel security
7. Access control
10. Compliance
9. Business continuitymanagement
8. Systems development &maintenance
Information Assetsfor Telecom
6. Communications &operations management
Information Security Management Domains defined in ISO/IEC 17799
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
14
o Organizational securityo Asset managemento Personnel securityo Physical and environmental securityo Communications and operations managemento Access controlo System development and maintenance
ISMS
Information Security
Management System
X.1051
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
15
Mobile Security
Multi-part standard o Framework of security technologies for mobile
end-to-end data communications - describes security threats, security requirements, and security
functions for mobile end-to-end data communication - from the perspectives of the mobile user and application
service provider (ASP)
o Guideline for implementing secure mobile systems based on PKI
- describes considerations of implementing secure mobile systems based on PKI, as a particular security technology
o Security Policy (under development)- different quality of security service needs to satisfy various requirements of security services of both user and ASP
X.1121
X.1122
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
16
Mobile Network Open Network
Data communication
Application Server
(ASP)
Mobile Terminal
(Mobile User)
Datacommunication
Application Server
(ASP)
Mobile Terminal
(Mobile User)
Datacommunication
GeneralCommunicati
onFramework
GatewayFramewor
k
• Security threats
• Relationship of security threats and models
• Security requirements
• Relationship of security requirements and threats
• Security functions for satisfying requirementsX.1121
Security framework for mobileend-to-end data communications
Mobile Securit
yGatew
ay
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
17
Mobile Network
Open Network
Application Server
(ASP)
Mobile Terminal
(Mobile User)
MobileUser VA
ASP’s VA
Mobile user’s side CA
CA
RA
Repository
Repository
ASP’s side CA
Mobile Network
Open Network
Application Server
(ASP)
Mobile Terminal
(Mobile User)
MobileUser VA
ASP’s VA
Mobile user’s side CA
CA
RA
Repository
Repository
ASP’s side CAGatewa
yModel
General Model
X.1122
Secure mobile systems based on PKI
ASP Application Service Provider CA Certification AuthorityRA Registration AuthorityVA Validation Authority
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
18
Telebiometrics
o A model for security and public safety in telebiometrics that can -• assist with the derivation of safe limits for the
operation of telecommunications systems and biometric devices
• provide a framework for developing a taxonomy of biometric devices; and
• facilitate the development of authentication mechanisms, based on both static (for example finger-prints) and dynamic (for example gait, or signature pressure variation) attributes of a human being.
o A taxonomy is provided of the interactions that can occur where the human body meets devices capturing biometric parameters or impacting on the body. X.108
1
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
19
Telebiometric Multimodal Model:A Three Layer Model
o the scientific layer• 5 disciplines: physics, chemistry, biology,
culturology, psychology
o the sensory layer – 3 overlapping classifications of interactions• video (sight), audio (sound), chemo (smell,
taste), tango (touch); radio (radiation) - each with an out (emitted) and in (received) state
• behavioral, perceptual, conceptual• postural, gestural, facial, verbal, demeanoral,
not-a-sign
o the metric layer• 7 SI base units (m, kg, s, A, K, mol, cd)X.108
1
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
20
Networks and Systemson Cyber Security for Telecom*Vulnerability information sharing…*Incident handling operations*Security Strategy
Applications & ServicesSecurity for telecom *Mobile secure communications *Secure communication services *Security web services *X.1121, X.1122
Q.I
Q.L
Q.JQ.H
Communication System Security *Vision, Project Roadmap, Compendia, …Q10G
Telebiometrics Technology *Telebiometric Model *Telebiometric Authentication *X.1081
Q.K
SecurityArchitecture& Framework
*Architecture, Model, Concepts, Frameworks,* etc…*X.800 series*X.805
SecurityManagement*T-ISMS*Incident Management*Risk Assessment Methodology*etc…*X.1051
TelecomSystems
Telecom Systems Users
Study Group 17 Security Questions
Ninth Global Standards Collaboration (GSC-9) Meeting - Seoul, Korea, 9-13 May 2004
21
Concluding Observations
o Security is everybody's business
o Security needs to be designed in upfront
o Security must be an ongoing effort
o Systematically addressing vulnerabilities (intrinsic properties of networks/systems)is key so that protection can be provided independent of what the threats (which are constantly changing and may be unknown) may be – X.805 is helpful here