ITU-T RecommendationX.805 Security Architecture for Systems Providing End-to-End

Communications

IETF 63 meeting

Zachary Zeltsan, Bell Laboratories,

Lucent TechnologiesRapporteur of Question 5 SG 17

2

Outline

Origin of the ITU-T Recommendation X.805 - Security Architecture for Systems Providing End-to-End Communications

Three main issues that X.805 addresses Security Dimensions Security Layers Security Planes ITU-T X.805 Security Architecture ITU-T Recommendation X.805 as a base for security work in

FGNGN Security Capability WG

3

Origin of the ITU-T Recommendation X.805

• ITU-T Recommendation X.805 Security architecture for systems providing end‑to‑end communications had been developed by ITU-T SG 17 (ITU-T Lead Study Group on Telecommunication Security) and was published in October 2003.

• The group has developed a set of the well-recognized Recommendations on security. Among them are X.800 Series of Recommendations on security and X.509 - Public-key and Attribute Certificate Frameworks.

4

Three main issues that X.805 addresses

The security architecture addresses three essential issues:

1. What kind of protection is needed and against what threats?

2. What are the distinct types of network equipment and facility groupings that need to be protected?

3. What are the distinct types of network activities that need to be protected?

5

ITU-T X.800 Threat Model(simplified)

X

X1 - Destruction (an attack on availability):

– Destruction of information and/or network resources

2 - Corruption (an attack on integrity):

– Unauthorized tampering with an asset

3 - Removal (an attack on availability):

– Theft, removal or loss of information and/or other resources

4 - Disclosure (an attack on confidentiality):

– Unauthorized access to an asset

5 - Interruption (an attack on availability):

– Interruption of services. Network becomes unavailable or unusable

6

Điều khiển truy nhập

Nhận thực người dùng

Chứng minh tránh phủ nhận

Bảo mật dữ liệu

Đảm bảo an toànKhi truyền dữ liệu

Đảm bảo tính toàn vẹn dữ liệu

Đảm bảo tính khả dụng

Đảm bảo tính riêng tư

• Hạn chế và điều khiển việc truy nhập vào các phần tử mạng, dịch vụ và ứng dụng.

• Ví dụ: Mật khẩu, danh sách điều khiển truy cập ACL, firewall

• Ngăn chặn khả năng người sử dụng nào đó từ chối hành động mà họ đã thực hiện vào mạng.

• Ví dụ: cơ chế ghi lại sự kiện hệ thống, sử dụng chữ ký số.

• Đảm bảo dòng thông tin chỉ đi từ nguồn đến đích mong muốn, các điểm trung gian không thể truy nhập vào dòng thông tin.

• Ví dụ: VPN, MPLS, L2TP

• Đảm bảo cho người sử dụng hợp lệ luôn có thể sử dụng các phần tử mạng, các dịch vụ và các ứng dụng

• Ví dụ: hệ thống phát hiện / ngăn ngừa truy nhập trái phép (IDS / IPS)…

• Nhận dạng người sử dụng để kiểm tra tính đúng đắn của người sử dụng.

• Ví dụ: khoá chia sẻ, sử dụng hạ tầng khoá công cộng, chữ ký số, chứng chỉ số.

• Đảm bảo tính bí mật cho dữ liệu của người sử dụng•Ví dụ: Sử dụng mật mã

• Đảm bảo rằng dữ liệu nhận được và được phục hồi là giống với dữ liệu đã được gửi đi từ nguồn.

• Ví dụ: thuật toán MD5, chữ ký số, phần mềm chống Virus

• Đảm bảo tính riêng tư cho nhận dạng và việc sử dụng mạng của người sử dụng

• Ví dụ: NAT, sử dụng mật mã

Eight Security Dimensions applied to each Security Perspective (layer and plane)

7

How the Security Dimensions Map to the Security Threats

SecurityDimension

X.800 Security Threats

Destruction Corruption Removal Disclosure Interruption

Access Control

Authentication

Non-Repudiation Data Confidentiality Communication Security

Data Integrity

Availability

Privacy

8

Security Layers

• Concept of Security Layers represents hierarchical approach to securing a network

• Mapping of the network equipment and facility groupings to Security Layers could be instrumental for determining how the network elements in upper layers can rely on protection that the lower layers provide.

9

Three Security Layers

• Each Security Layer has unique vulnerabilities, threats• Infrastructure security enables services security enables applications security

Infrastructure Security

Applications Security

Services Security

THREATS

VULNERABILITIES

ATTACKS

Destruction

Disclosure

Corruption

Removal

Infrastructure Security

Applications Security

Services SecurityVULNERABILITIES

InterruptionVulnerabilities Can ExistIn Each Layer

1 - Infrastructure Security Layer:• Fundamental building blocks of networks

services and applications• Examples:

– Individual routers, switches, servers– Point-to-point WAN links– Ethernet links

2 - Services Security Layer:• Services Provided to End-Users• Examples:

– Frame Relay, ATM, IP– Cellular, Wi-Fi,– VoIP, QoS, IM, Location services– Toll free call services

3 - Applications Security Layer:• Network-based applications accessed by

end-users• Examples:

– Web browsing– Directory assistance– Email– E-commerce

10

Example: Applying Security Layers to IP Networks

Applying Security Layers to IP Networks

Infrastructure Security Layer– Individual routers, servers– Communication links

Services Security Layer– Basic IP transport– IP support services (e.g., AAA, DNS, DHCP)– Value-added services: (e.g., VPN, VoIP, QoS)

Applications Security Layer– Basic applications (e.g. FTP, web access)– Fundamental applications (e.g., email)– High-end applications (e.g., e-commerce, e-training)

11

Security Planes

• Concept of Security Planes could be instrumental for ensuring that essential network activities are protected independently (e.g. compromise of security at the End-user Security Plane does not affect functions associated with the Management Security Plane).

• Concept of Security Planes allows to identify potential network vulnerabilities that may occur when distinct network activities depend on the same security measures for protection.

12

• Security Planes represent the types of activities that occur on a network.• Each Security Plane is applied to every Security Layer to yield nine security

Perspectives (3 x 3)• Each security perspective has unique vulnerabilities and threats

Three Security Planes

Infrastructure Security

Applications Security

Services Security

End User Security

Control/Signaling Security

Management Security

VULNERABILITIES

Security Layers

Security Planes

Infrastructure Security

Applications Security

Services Security

End User Security

Control/Signaling Security

Management Security

VULNERABILITIES

Security Layers

Security Planes

Vulnerabilities Can ExistIn Each Layer and Plane

THREATS

ATTACKS

Destruction

Disclosure

Corruption

Removal

Interruption

1 - End-User Security Plane:• Access and use of the network by the

customers for various purposes:– Basic connectivity/transport– Value-added services (VPN, VoIP, etc.)– Access to network-based applications

(e.g., email)

2 - Control/Signaling Security Plane:• Activities that enable efficient functioning of

the network• Machine-to-machine communications

3 - Management Security Plane:• The management and provisioning of

network elements, services and applications

• Support of the FCAPS functions

13

Example: Applying Security Planes to Network Protocols

End User Security Plane Activities

•End-user data transfer•End-user – application interactions

Protocols• HTTP, RTP, POP, IMAP• TCP, UDP, FTP• IPsec, TLS

Control/Signaling Security Plane Activities

•Update of routing/switching tables•Service initiation, control, and teardown•Application control

Protocols

• BGP, OSPF, IS-IS, RIP, PIM

• SIP, RSVP, H.323, SS7.• IKE, ICMP• PKI, DNS, DHCP, SMTP

Management Security Plane

•Operations•Administration•Management•Provisioning

Activities Protocols•SNMP•Telnet•FTP•HTTP

14

Acc

ess

Man

agem

ent

Infrastructure Security

Applications Security

Services Security

End User Security

Control/Signaling Security

Management Security

8 Giải pháp an ninh

Dat

a C

onfi

den

tial

ity

Com

mu

nic

atio

n S

ecu

rity

Inte

grit

y

Ava

ilab

ilit

y

Pri

vacy

Au

then

tica

tion

Non

-rep

ud

iati

on

Security Layers

Security PlanesĐ

iều

kh

iển

tru

y cậ

p

Lớp an ninh cơ sở hạ tầng

Lớp an ninh ứng dụng

Lớp an ninh dịch vụ

Mặt phẳng an ninh người dùng

Mặt phẳng an ninh điểu khiển

Mặt phẳng an ninh quản lý

Mối đe dọa

Các lỗ hổng

Tấn công

Bảo

mật

dư

c li

ệu

An

toà

n t

ruyề

n t

hôn

g ti

n

Đảm

bảo

tín

h t

oàn

vẹn

dữ

liệu

Tín

h k

hả

dụ

ng

Tín

h r

iên

g tư

Nh

ận t

hự

c n

gườ

i dù

ng

-C

hứ

ng

min

h t

rán

h p

hủ

nh

ận

Lớp an ninh

Mặt phẳng an ninh

ITU-T X.805: Security Architecture for Systems

Providing End-to-End Communications

Có thể tồn tại ở mỗi lớp, mỗi mặt phẳng an ninh

Phá hủy

Làm lộ

Làm sai lệch

Xóa

Làm gián đoạn

15

– Quản lý mạng: top row – Dịch vụ mạng: middle column– Module an ninh: Giao điểm lớp với mặt

phẳng

Điều khiển truy cập

Nhận thực

Tránh phủ nhận

Bảo mật dữ liệu

Lớp cơ sở hạ tầng

Lớp dịch vụ Lớp ứng dụng

Mặt phẳng quản lý Module 1 Module 4 Module 7

Mặt phẳng điều khiển

Module 2 Module 5 Module 8

Mặt phẳng người sử dụng

Module 3 Module 6 Module 9

An toàn truyền thông

Toàn vẹn dữ liệu

Tính khả dụng

Tính rieng tư

8 biện pháp an ninh được áp dụng vào mỗi module an ninh

Modular Form of X.805

Provides a systematic, organized way for performing network security assessments and planning

16

Module 3 – Infrastructure Layer – End-User Plane

ww

w.l

uc

en

t.c

om

/se

cu

rity

Security Dimension

Security Objectives

Access ControlEnsure that only authorised personnel or devices are allowed access to end-user data that is transiting a network element or communications link or is resident in an offline storage device.

Authentication

Verify the identity of the person or device attempting to access end-user data that is transiting a network element of communications link or is resident in an offline storage device.

Authentication techniques may be required as part of Access Control.

Non-Repudiation

Provide a record identifying each individual or device that accessed end-user data that is transiting a network element or communications link, or is resident in offline devices and that the action was performed. The record is to be used as proof of access to end-user data.

Data Confidentiality

Protect end-user data that is transiting a network element or communications link, or is resident in an offline storage device against unauthorised access or viewing. Techniques used to address access control may contribute to providing data confidentiality for end-user data.

Communication Security

Ensure that end-user data that is transiting a network element or communications link is not diverted or intercepted as it flows between the end points (without an authorised access)

Data Integrity Protect end-user data that is transiting a network element or communications link or is resident in offline storage devices against unauthorised modification, deletion, creation and replication.

Availability Ensure that access to end-user data resident in in offline storage devices by authorised personnel and devices cannot be denied.

PrivacyEnsure that network elements do not provide information pertaining to the end-users network activities (eg. Users geographic location, websites visited, content etc.) to unauthorised personnel.

17

Summary: X.805 Provides a Holistic Approach to Network

Security Comprehensive, end-to-end network view of security

Applies to any network technology– Wireless, wireline, optical networks– Voice, data, video, converged networks

Applies to variety of networks– Service provider networks– Enterprise (service provider’s customer) networks– Government networks– Management/operations, administrative networks– Data center networks

Is aligned with other security ITU-T Recommendations and ISO standards

18

ITU-T Recommendation X.805 is a Base for Security work in FGNGN

Security Capability WG

Guidelines for NGN security and X.805 NGN threat model (based on ITU-T X.800 and X.805

Recommendations)

Security Dimensions and Mechanisms (based on ITU-T X.805)Access controlAuthenticationNon-repudiationData confidentiality

Communication securityData integrityAvailabilityPrivacy

NGN security requirements for Release 1 and X.805 General considerations based on the concepts of X.805

19

AcronymsAAA Authentication, Authorization, Accounting

ACL Access Control List

ATM Asynchronous Transfer Mod

BC Business Continuity

BGP Border Gateway Protocol

DHCP Dynamic Host Configuration Protocol

DNS Domain Name Service

DR Disaster Recovery

FCAPS Fault-management, Configuration, Accounting, Performance, and Security

FTP File Transfer Protocol

HTTP Hyper Text Transfer Protocol

ICMP Internet Control Message Protocol

IDS Intrusion Detection System

IKE Internet Key Exchange protocol

IM Instant Messaging

IMAP Internet Message Access Protocol

IPS Intrusion Prevention System

IPsec IP security (set of protocols)

IS-IS Intermediate System-to-Intermediate System (routing protocol)

L2TP Layer Two Tunneling Protocol

MPLS Multi-Protocol Label Switching

NAT Network Address Translation

OSPF Open Shortest Path First

PIM Protocol-Independent Multicast

PKI Public Key Infrastructure

POP Post Office Protocol

QoS Quality of Service

RIP Routing Information Protocol

RSVP Resource Reservation Setup Protocol

RTP Real-time Transport Protocol

SIP Session Initiation Protocol

SMTP Simple Mail Transfer Protocol

SNMP Simple Network Management Protocol

SS7 Signaling System 7

TCP Transmission Control Protocol

TLS Transport Layer Security protocol

UDP User Datagram Protocol

VoIP Voice over IP

VPN Virtual Private Network

20

Thank you!