Transcript TC-20041001-013a_TIA EMTEL_Security_10

Telecommunications Industry
Association
TIA’s Role in Homeland Security, Network
Security, Critical Infrastructure Protection,
National Security/Emergency Preparedness,
Emergency Services, and the Needs of First
Responders
TIA Contacts:
Dan Bart [email protected]
David Thompson [email protected]
Presentation Overview
 TIA Overview
– Trade Association, Standards Developer, Secretariat
Services
 TIA Standards Development Overview
 TIA Security/HS/CIP-related Activities
 TIA Engineering Committee (TR) Activities
Detailed Supplemental material: Compendium of Emergency
Communications and Communications Network Security-related
Work Activities within the TIA
– URL: http://www.tiaonline.org/standards/cip/EMTEL_sec.pdf
TIA Overview
Our Mission:
 TIA represents providers of communications and
information technology products and services for
the global marketplace through its core
competencies in standards development, domestic
and international advocacy, as well as market
development and trade promotion programs.
– Facilitates the convergence of new communications
networks while working for a competitive and innovative
market environment.
– Strives to further members' business opportunities,
economic growth and the betterment of humanity through
improved communications.
TIA Overview
TIA Website: www.tiaonline.org
 Full-service trade association serving the

communications and information technology
industry
TIA facilitates business development and a
competitive market environment for its 700
member companies through:
–
–
–
–
Domestic and international advocacy
Market development and marketing data
Trade Shows (domestic and international)
Standards Development and Secretariat Services
TIA Overview
 TIA is an American National Standards Institute
(ANSI)-accredited Standards Development
Organization (SDO)
– 5th largest ASDO measured by number of ANSs
 TIA is ITU-T Approved and Qualified:
– Rec. A.5 (referencing documents of other organizations in ITU-T
Recommendations)
– Rec. A.6 (Cooperation and exchange of information between
ITU-T and other SDOs)
 Reference to TIA documents in ITU-R
Recommendations
 TIA is Sector Member of ITU-D
TIA Standards
Development
Overview
TIA SDO Overview
 Standards development dates back to 1920’s
– As an ANSI-accredited SDO, TIA develops consensus-based,
voluntary industry standards for a wide variety of telecom products and
systems
– TR-8 is the oldest engineering committee and has provided standards
for private radio systems such as those used by public safety since
1944
– Its predecessor on the standards side, EIA, started as the Radio
Manufacturers Association (RMA) in 1924
 8 product-oriented Engineering Committees

(TR/FO)
Over 70 subcommittees and working groups
– Over 1,300 individuals from nearly 20 countries work in these
formulating groups
– Representatives from academia, manufacturers, service providers,
and end-users, including the government
TIA SDO Overview
 Standards projects and technical
documents
– Formulated according to guidelines established in the
Association's ANSI-approved Engineering Manual.
– Potential projects initiated by a technical contribution
to a TR/FO or subcommittee
• Request creation of a new standard or technical
document in a particular area of technology
 TIA has more than 1,000
standards/specifications published
– TIA and other sectors of EIA together are the 2nd largest
SDO after ASTM (measured by ANSs)
TIA SDO Overview
 TIA represents U.S. interests in the international
standards arena
– Active in ITU, IEC, ISO, JTC 1, CITEL, GSC, etc.
• Secretariat Services to:
– Several Technical Advisory Groups
– Working Advisory Groups
– International Technical Groups
– Partnership Projects
• 3GPP2 - Third Generation Wireless cdma2000® technology
•
Organizational Partner (OP) and 3GPP2 Secretariat
OP w/ ETSI in Project MESA (Mobile Broadband Specs for
Public Safety Users) Mobility for Emergency and Safety
Applications
– Participates in U.S. Department of State International
Telecommunication Advisory Committee (ITAC) and CITEL
PCCI and II Prep
TIA’s Role in Homeland
Security, Network Security,
Critical Infrastructure
Protection (CIP) , National
Security/Emergency
Preparedness (NSEP),
Emergency Services, and the
Needs of First Responders
TIA Security/HS/
CIP-related Activities
 TIA and TIA members have been involved for over 20
years in the activities of the President’s National Security
Telecommunications Advisory Committee (NSTAC)
– TIA attends NSTAC Business Meetings
– Monitors activities of the Industry Executive Subcommittee (IES)
– Participates in the work of NSTAC Task Forces such as Wireless
Task Force on Security (WTF) and new TF focusing on Next
Generation Networks (NGN) National Security/Emergency
Preparedness (NS/EP) needs
The President’s National Security
Telecommunications Advisory
Committee
(NSTAC)
• Created by Presidential Executive Order in 1982
• Typically composed of 30 Industry Chief Executives
• major communications and network providers
• information technology
• finance
• aerospace
• Works with National Communications System (NCS)
• Generates technical reports and recommendations for the
President regarding National Security / Emergency
preparedness (NS/EP) telecommunications
• Website (linked from TIA Web Site): www.ncs.gov/nstac/nstac.htm
WTF Security Charge
 The NSTAC Wireless Task Force (WTF) researched wireless
security issues for NS/EP users, gaining a better
understanding of unique NS/EP security requirements and
determining where wireless vulnerabilities exist (e.g.,
customer devices, network interfaces, facilities)
 The task force provided policy recommendations to ensure
standards bodies and individual companies consider NS/EP
requirements when developing wireless connectivity
solutions
 The task force provided policy recommendations for the
NSTAC to consider providing to the President addressing how
Government agencies should assess their vulnerabilities
based on wireless technologies being deployed and specific
agency requirements
WTF Results
 Reports Include:
– Wireless Priority Service (WPS) Report
– Wireless Security Report
– Security of Internet-Enabled Wireless Devices Report
 Recommendations were accepted by the

NSTAC
committee and included in NSTAC report to
President
REPORTS:
http://www.ncs.gov/nstac/nstac_publications.html
NGN TF
 New 2004 NSTAC IES TF:
– ONGOING: Recent Task Force (TF) focus is on Next
Generation Networks (NGN) NS/EP needs:
• NSTAC IES NGN TF, NGN Description Working Group
• NSTAC IES NGN TF, NGN Scenarios and User
Requirements Working Group
• NSTAC IES NGN TF, NGN Near-Term Recommendations
Working Group
• Follow-on NSTAC TF NGN working groups may include
Incident Management, End-to-End Services and Threat
Modeling
TIA Security/HS/
CIP-related Activities
 Under Presidential Decision Directive 63 (PDD-63) TIA was
chosen as one of the Sector Coordinators for the
Information and Communications (I & C) Sector by the
Department of Commerce
– TIA continues in this role for Telecom Sector (with CTIA and USTA)
under Homeland Security Presidential
Directive 7 (HSPD-7)
 TIA is a non-Resident member of the 24x7 National
Coordinating Committee Telecommunications –
Information Sharing and Analysis Center (NCC Telecom
ISAC)
– Weekly NCC Telecom ISAC Staff meetings, coordination/outreach to
non-ISAC industry members and other activities, as requested by ISAC
– Includes national emergency alerting and member availability to assist
T-ISAC efforts as requested
 TIA is part of the Executive Notification System (ENS) of DHS
Information Assurance Infrastructure Protection Directorate
(DHS IAIP)
TIA Security/HS/CIP
 As a Sector Coordinator and neutral Industry
forum, TIA provided input to draft U.S. National
Response Plan, Private Sector Support Annex
(2003/2004)
– Via NCC T-ISAC and DHS Private Sector Office
 National Strategy to Secure Cyberspace
– The Strategy includes recognized critical [private] sector
developed strategies to secure their infrastructures.
• https://www.pcis.org/getDocument.cfm?urlLibraryDocID=40
– TIA, as part of PCIS, contributed towards then Information &
Communications sector input of Strategy (2003)
TIA Security/HS/CIP
 As a Sector Coordinator, TIA also holds a Board seat on
the Partnership for Critical Infrastructure Security (PCIS)

– PCIS addresses cross-sector and interdependency CIP issues
– PCIS meets bi-monthly with the Department of Homeland Security
(DHS) and other Sector Lead Agencies and the ISAC Council at
GMU-hosted meetings, and separately the other month
TIA is part of the Emergency Alert system of DHS
Information Assurance Infrastructure Protection Directorate
(DHS IAIP)
 TIA is active in ANSI’s Homeland Security Standards Panel
(HSSP), another cross-sector activity, but focusing only on
standards and conformity assessment
– TIA (Dan Bart) is the private sector Co-Chair of HSSP with NIST as
public sector Co-Chair, and he also co-chairs its Steering
Committee (SC)
– ANSI HSSP SC also functions as a TAG for the US
Expert to the ISO Advisory Group on Security (AGS)
TIA Security/HS/CIP
 TIA and TIA members have been involved in the activities of
President Bush’s National Infrastructure Advisory
Committee (NIAC)
– Recent activity includes Prioritization of Cyber Vulnerabilities Working
Group
 TIA and its members have participated on the FCC's Network
Reliability Council (NRC) and Network Reliability and
Interoperability Council (NRIC)
– The purpose is to assist with analysis of issues that can affect
reliability, security and other FCC-specified analysis areas and to
determine best practices to recover from natural or man-made
outages, including those that might be caused by a computer hacker
or terrorist, and create Best Practices
– NRIC VII (2004) Focus Groups involve Enhanced 9-1-1, Homeland
Security, Network Best Practices and Broadband
TIA Security/HS/CIP
 TIA closely monitored the work of the President’s
Commission on Critical Infrastructure Protection (PCCIP)—
[1996]
– PCCIP Commissioner presentations at SUPERCOMM ‘97 and
other TIA-hosted events
 TIA participated in and was on the Steering Committee of the
Information Security Exploratory Committee (ISEC) —[1999]
– NSTAC had previously proposed the creation of an Information
Security Standards Board (ISSB)
• Involving standards needs and conformity assessment
– Industry formed ISEC to evaluate ISSB Proposal
• ISEC advice included need for more education outreach efforts
•
about potential infrastructure threats, and current security products,
systems and groups
No case for ISSB at that time
TIA Security/HS/CIP
 TIA participates in NTIA’s Economic Security Working
Group (EconSec WG) meetings and participates in its
subgroups such as the International Outreach and R&D
subgroups as needed
– For example, bi-lateral meetings and multi-lateral meetings on
CIP; including government/industry delegations


• Examples: Italy, Canada, Australia, India, Japan
• Private meetings with other SDOs or multi-national companies
TIA is on the National Cyber Security Partnership
(NCSP) Steering Committee
TIA shares information with other SDOs and
international groups like the ITU and Global Standards
Collaboration (GSC) in these security-focused High
Interest Subject areas
TIA Security/HS/CIP-related
Activities
 Global Standards Collaboration
(http://www.gsc.etsi.org/)
– TIA is active in the GSC
– GSC-9 meeting in Seoul in May 2004
(http://www.tta.or.kr/gsc/index.jsp) adopted several
Resolutions with a focus on Security
• Emergency Communications Resolution GSC-9/2
• Next Generation Networks Resolution GSC-9/3
• Cybersecurity Resolution GSC-9/4
• Public Protection and Disaster Relief (PPDR) Resolution GSC-9/9
TIA Security/HS/CIP-related
Activities
 TIA Addresses needs of First Responders and Law
Enforcement
– TIA (and it predecessors) have been addressing the needs of private radio
users like Public Safety users since 1944 in TR-8 (See MESA, Project 25
and TR-8 on TIA web site)
• Cooperation agreement with APCO/NASTD/Federal agencies since 1992 on
•
Project 25
Established APCO Project 25 Interface Committee (APIC) under our Private
Radio Section of Wireless Communications Division
– TIA participated on the FCC’s National Coordinating Committee (NCC) for
public safety, developed standards at request of NCC
– TIA was appointed to the advisory committee of the National Public Safety
Telecommunications Council (NPSTC)
– TIA was appointed to the advisory committee for DHS SAFECOM
– TIA is the Lead SDO on Lawfully Authorized Electronic Surveillance (LAES)
standardization for CALEA
– TIA appropriately contributes & presents works at ITU on PPDR/TDR
TIA Security/HS/CIP-related
Activities
 TIA Addresses needs of First Responders and Law
Enforcement
– Active public policy programs for urging spectrum for Public Safety
and Funding for Public Safety Interoperability
– Participated at DHS/NIST Public Safety Interoperability Workshop
– Meetings with DHS SAFECOM Office
– TIA moderated a Panel on Public Safety needs at SUPERCOMM
2003
– Briefings on MESA and other Public Safety-oriented programs at ITU
(PPDR/TDR) and elsewhere
– Briefings on TIA Public Safety-oriented activities like MESA to CDG
Board (Dec 03), CIAJ (Jan 04, Jun 04)
– Moderated Congressional Research Service (CRS) Panel on Public
Safety needs (Nov 03)
– Supported Global Disaster Information Network
(GDIN) event (March 2004)
TIA Security/HS/CIP-related
Activities
 Other TIA Connections with Security/CIP
– The Internet Security Alliance (ISA) is a member of the
Electronic Industries Alliance (EIA) along with TIA, and ISA
Executive Director is a Special Advisor to ANSI HSSP
– TIA was part of ANSI/ESO (European Standards
Organizations - CEN/CENELEC/ETSI) meetings in France
2004 and security standards were a topic on that agenda
– Security and Privacy of Communications and Location
information is an emerging topic for ISO TC 204 WG 16
Intelligent Transportation Systems (ITS) and TIA is a voting
member of the US TAG to TC 204 and WAG Admin for WG16
– 3GPP2 develops specifications that ensure security within
cdma2000® systems
TIA Engineering
Committee (TR)
Activities
TIA
Engineering Committee
TR-8
Mobile and Personal Private Radio
Standards
Chair: John Oblak, E.F. Johnson
TIA Committee TR-8
 TR-8 develops and maintains standards
for private radio communications
systems and equipment
– Critical communications systems for public safety and
emergency services
• Analog and digital
– For both voice and data applications; addressing all
technical matters for systems and services, including
definitions, interoperability, compatibility and compliance
requirements
– Over 50 years of standards formulation history
TIA Committee TR-8
 Activities include:
– Project 25
• Committee for selecting voluntary common system
standards for digital public safety radio communications
(voice and data)
– Incl. APCO, NASTD, NCS, selected North American Federal
Agencies
– Primary public service function of P25-compliant equipment
and systems is emergency voice communications between
line officers (i.e., police, firefighters) in the field and their
dispatch points. Also limited “bursty” data
• TIA TR-8 facilitates such work through its role as the ANSIaccredited SDO
– TIA TR-8 102-series Family of Standards
TIA Committee TR-8
 Activities include:
– Project 25 Public Safety objectives:
• 1) a spectrum efficient solution that satisfies the spectrum
•
•
•
regulators requirements for narrow-banding,
2) a digital solution that offers the public safety community more
services (such as short messages, caller ID, etc.) as well as
better system command and control (an administrator can set up
talk groups for the police in one jurisdiction, the police captains
over the entire metro community, etc.),
3) a backward compatible solution to FM analog land mobile
radios and to legacy systems for interoperability and to allow a
migration path from analog to digital technologies, and
4) a solution that allows the public safety agencies to select
among multiple vendors offering multiple options and features
such that the agencies can select the radio system’s
characteristics based upon their needs and funding requirements.
TIA Committee TR-8
Console
Console
Console Interface
Base station or fixed
station
RF SubSystem (RFSS)
Mobile and
portable radios
RF SubSystem (RFSS)
Base station or fixed
station
Inter RF SubSystem
Interface (ISSI)
Fixed Station Interface
Base station or fixed
station
Data Network
Interface
Common Air
Interface
Network Management
Interface
Public Switched
Telephone Network
Network Management
Telephone
Interconnect Interface
Subscriber data peripheral
interface
Project 25 System Interfaces
TIA Committee TR-8
 Activities include:
– Project 25
• A searchable listing of published TIA 102-Series documents can
be viewed and ordered by pointing browser to:
http://www.tiaonline.org/standards/search_n_order.cfm
– search with keyword “project 25”
• P25 Public Safety Communications Interoperability FAQs
– URL: http://www.tiaonline.org/standards/project_25/P25FAQ.pdf
• TIA P25 Webpage: http://www.tiaonline.org/standards/project_25/
TIA Committee TR-8
 Activities include:
– Wideband Data Standards Project
• U.S., regulatory decisions and plans helped to spur
development of LMR wideband standards, including the
dedication, by the FCC, of spectrum in the 700 MHz
frequency band for wideband data
• Channels are at 50 kHz, and can be aggregated to 150
kHz, allowing users data rates as high as 700 kbps
– i.e., video, picture ID, and fingerprinting
• The TIA-902 and 905 series of standards for this
technology have been completed and can enable system
deployment
– Mainly handles data; however voice traffic is also supported
– Interoperability primarily involves the over the air interface
TIA Committee TR-8
 Activities include:
– Wideband Data Standards Project
• Currently, in the U.S., only spectrum in the 700 MHz band
has been allocated to implement standard wideband
systems (and P25 for interoperability), where incumbent
broadcast TV stations currently inhibit use
– Systems cannot be deployed until the TV stations vacate
from this band. Issue in deliberation; including
Congressional activity to expedite transition
• Wideband standards complement existing P25 standards
(e.g., voice and low/medium data rates), operating at
different frequencies and bandwidths and providing a
different set of optimized capabilities for high speed data
transfer
TIA Committee TR-8
 Project MESA (Public Safety Partnership)
– Mobility for Emergency and Safety Applications
– NGN mobile broadband communications capabilities
• Due to commonalities, the European Telecommunications Standards
•
•
Institute (ETSI) and TIA agreed to work collaboratively for the production
of mobile broadband specifications for public safety as initiated by ETSI
Project TETRA (under the name of DAWS -- Digital Advanced Wireless
Services) and by TIA and APCO under APCO's Project 34
MESA involves all platforms and technologies that meet defined
requirements (MESA SoR)—incl. private, commercial & public systems
Capable of extremely high levels of security, yet contain standardized
interfaces to public and private networks
– Open to participation from all regions of the world
• Currently has public safety and industry participants and observers from
North America, Europe (East and Western) and Asia (including Korea)
– Please refer to the www.projectmesa.org Website for further
information
TIA Committee TR-8
 Project MESA (Public Safety
Partnership)
– In the U.S., the FCC allocated 50 MHz of spectrum in 4.9 GHz
band for public safety broadband communications
– TIA has since established a broadband data standards
subcommittee, TR-8.8, which is developing standards for
public safety communications in this band
– TIA, as an Organizational Partner SDO, will regionally (N.
America) transpose and publish MESA output
• Ongoing contributions initiated through TIA to future broadband
•
standards process are expected to continue as technology,
environment, and public safety needs evolve
Note that similar to the wideband standards, the broadband
standards will complement existing P25 standards
TIA
Engineering Committee
TR-30
Multi-Media Access, Related Protocols
and Interfaces
Chair: Fred Lucas, FAL Associates
TIA Committee TR-30
 This Engineering Subcommittee is responsible for Data
Circuit Terminating Equipment (DCE) and the
interfaces between DCE's and Data Terminal
Equipment (DTE), together with the transmission media
to which they are connected (e.g., the Public Switched
Telephone Network)
– Standards include functional, electrical, and mechanical
characteristics; involving such devices as modems, standard and IP
facsimile and textphones
 Related to this compendium, activities presently being
explored involve such topics as Internet/IP facsimile
security and emergency accessibility service
capabilities for textphones over IP and PSTN networks,
involving national and international standards activity
– The work done in this committee has emergency telecommunications
service implications and aspects, including Enhanced Priority
Treatment, Network Security, International Connectivity and Quality of
Service
TIA
Engineering Committee
TR-34
Satellite Equipment and Systems
Chair: Jeffrey Binckes, ICO-Teledesic
Global, Ltd.
TIA Committee TR-34
 TIA TR-34 Engineering Committee is an established,

open and ANSI-accredited forum for satellite
technology development
This TIA Engineering Committee recently reviewed the
issue of Lawfully Authorized Electronic Surveillance
(LAES) in support of Communications Assistance for
Law Enforcement Act (CALEA) for satellite systems
– Concluded that TR-34 could be an avenue (coordination, new
work initiation) for applicable security and emergency
service/accessibility related communications standards activity,
if deemed by membership to be appropriate in the future.
TIA
Engineering Committee
TR-41
User Premises Telecommunications
Requirements
Chair: Steve Whitesell, VTech
TIA Committee TR-41
 Work relates to telecommunication terminal
equipment, user telecommunication systems, private
telecommunication networks, private network mobility,
unlicensed wireless user premises equipment, and
auxiliary equipment and devices, used for voice service
and integrated voice-data service.
– Infrastructure assurance, network security and enhanced
emergency telecommunications services are aspects
addressed within this committee’s work
– Work also includes regulatory, safety and environmental
requirements, network security, QoS and applicable
accounting and billing aspects.
TIA Committee TR-41
 Recent security issues that are being worked in the TR-41
committee include IP Telephony, as an emerging technology
involving the amalgamation of telephony operations on a
Local Area Network/Wide Area Network/Metropolitan Area
Network (LAN/WAN/MAN) infrastructure.
– The threats from telephony can be overlayed with the threats native to
the IP environment, both passive (i.e., copying information in
transit/during storage) and active (modifying information in
transit/during storage or disruption of normal operations).
 In addition to threats against IP Telephony (IPT)
infrastructure (i.e., routers, switches, authentication
resources), greater exposure is also being directed towards
threats against the IP Telephony application itself
– Including toll fraud, unauthorized access to resources, unauthorized
access to voice mail and other private user information.
 Other threats involve IPT endpoints (i.e., IP phones,
gateways, “softphones”), passive and active attacks on the
signaling stream (including eavesdropping) and other issues
that are of importance.
TR-41 Standards for Support of
Emergency Calling Services and
Network Security
 TR-41.1
– ANSI/TIA-464-C-2002, “Requirements for Private Branch Exchange
(PBX) Switching Equipment”
• Addresses enhanced or E9-1-1 requirements for Centralized Automatic Message
Accounting (CAMA) trunks, establishes performance and technical criteria for
interfacing and connecting with various elements of public/private
telecommunications networks and helps to assure QoS
– ANSI/TIA-689-A-2003, “Telecommunications - Multiline Terminal
Equipment - PBX and KTS Support of Enhanced 9-1-1 Emergency
Calling Service”
• Requirements and recommendations for emergency telecommunications support
•
•
of E9-1-1 emergency calling service for PBX and key telephone systems,
specifically dialing, routing, network interface technical specifications and local
notification
May be used in design of multiline telecommunication systems (MLTS) that are
installed in many businesses, hotels or campus environments
TIA-689-A, with referenced documents, will provide guidance to manufacturers to
build multiline equipment that helps emergency responders to determine the
location of 9-1-1 calls placed by telephone stations connected to MLTS
TR-41 Standards for Support of
Emergency Calling Services and
Network Security
 TR-41.4
– Reciprocal liaison between this Subcommittee and ETSI EMTEL
regarding emergency services
– The subcommittee is also tied in to the work of the National
Emergency Numbering Association (NENA) through participation
of individuals in both activities
– PN-3-0061 (to be published as TSB-139), “IP Telephony Security
Framework”
• Examines Voice over IP (VoIP) telephone network security, IP
network architectural security considerations, authentication,
authorization, privacy, governmental requirements and the threat
environment within the Customer Premises Equipment
(CPE)/Enterprise space
– Conveyed need for a security protocol suite tailored for devices with
limited resources to the IETF
TR-41 Standards for Support of
Emergency Calling Services and
Network Security
 TR-41.4
– TIA/TSB-146-2003, “Telecommunications - IP Telephony Infrastructures
- IP Telephony Support for Emergency Calling Service”
• Describes network architecture elements and their functionality needed for
providing E9-1-1 or ECS support over IP terminals in an Enterprise-nonenterprise environment Network.
– Addresses ECS calls placed from fixed, mobile, remote dial-in or wireless access
VoIP terminals. Does not address devices connected to VoIP networks through
gateways
– PN-3-4726-RV1 (to be published as TSB-146-A), “Telecommunications IP Telephony Infrastructures - IP Telephony Support for Emergency
Calling Service”
• Being developed as TIA/TSB-146 revision and applicable to emergency
•
•
telecommunications services
Note that recently published European emergency call handling requirements
(e.g., ETSI SR 002 180) have been made available to project and are being taken
into consideration (i.e., coordination of E9-1-1/E1-1-2 and PSAP elements)
Coordination with TIA TR-45 is also being proposed with regard to E1-1-2
requirements for cdma2000® systems operating in Europe
TR-41 Standards for Support of
Emergency Calling Services and
Network Security
 TR-41.4
– PN-3-0172, “Enterprise Location Information Server Interfaces”
• This purpose of this project is to standardize the application protocol
interfaces between the Location Information Server (LIS) application
functions and other Enterprise emergency call service entities
– PN-3-0185, “Link Level Discovery Protocol (LLDP) – Media
Endpoint Discovery (MED)”
• This project provides extensions to the IEEE 802.1AB™ base
protocol, to allow for many advanced multi-vendor interoperation
features in a VoIP network environment, including basic
configuration, network policy configuration, Emergency Call Service/
E9-1-1 location support, inventory control, and more
 TR-41.9
– Work involves requirements for connection of terminal equipment to the
telephone network (i.e., ANSI/TIA-968-A-2003)
Threats Against IP
Telephony
A brief dissertation
by
Bob Bell, Cisco
Chair - TR-41.4
IP Telephony Infrastructure
Background
 IP Telephony is a new and emerging
technology
 Marriage of telephony operations on a
LAN/WAN/MAN infrastructure
 Brings the threats from Telephony and
overlays them with the threats native
to the IP environment
Types of Threats
 Internal vs. external
 Passive vs. active
 Threats against the application
 Threats against the Infrastructure
 Threats against the endpoints
 Threats against the signaling streams
 Threats against the media streams
Internal vs. External
 Most widely published attacks are from the
outside
– Hacked Web Sites
– Denial of Service to eCommerce
 Internal attacks are not widely published
– Snooping in company private information
– Misuse of company resources
 FBI states that 70-80% of attacks against
enterprise IP systems are internal not
external
Passive vs. Active
 Passive threats involve copying
information in transit or during storage
– Copying email
– Copying files from servers
– Telephony Bugging/Illegal wiretaps
 Active threats involve the modification of
information in transit or during storage
and the disruption of normal operations
– Deleting critical company files/information
– Modification of critical company information
– DoS attacks against critical resources
Threats against the
application
 Threats directed against the IP
Telephony application itself include:
– Toll Fraud
– Unauthorized access to resources
– Unauthorized access to Voice Mail and
other user private information
 Not new, but have greater exposure
Threats against IPT
Infrastructure
 Infrastructure elements include:
–
–
–
–
Proxies/Call Agents
Routers and Switches
Authentication Resources
Centralized call related resources (e.g.,
Conference Bridges)
Threats against the IPT
endpoints
 IP Telephony endpoints include:
– IP Phones
– Gateways
– “SoftPhones”
 Limitations/Challenges
 Special considerations
Threats against the
Signaling Stream
 Passive Threats
– Monitoring signaling information to determine
calling patterns
– Extracting/recovering user identification
information from signaling streams.
 Active Threats
– Instituting “Man-in-the-Middle” attacks
– Modifying signaling to redirect/block calls
– Enabling phones to act as “bugging” devices
Threats against the Media
Stream
 Passive threats include eavesdropping
and recording of phone conversations
 Active threats include the on-the-fly
modification of phone conversations
Summary
 Threats are not new
 Threats are not unique to IP
Telephony
 Threats are addressable
 It will take work
 Come join us in our work
– Coordinate efforts
TIA
Engineering Committee
TR-45
Mobile and Personal
Communications Systems
Cheryl Blum
Chair TR-45 and TIA HOD
3GPP2
Lucent Technologies
TIA Committee TR-45
 Develops performance, compatibility,
interoperability and service standards for mobile
and personal communications systems
 Comprised of 6 Subcommittees and several adhoc groups, including:
– TR-45 Ad-Hoc Authentication Group (AHAG) – Responsible for
Security Assessment Issues including selection of
cryptographic algorithms to support TR-45 security
mechanisms
– TR-45 Lawfully Authorized Electronic Surveillance (LAES)
coordination - Responsible for standards development to
support CALEA and related industry solutions
– TR-45.2 Ad-Hoc Emergency Services Group involving such
issues as Enhanced 9-1-1 (E-911)
TIA Committee TR-45
 Involved in the development of security features

since the early 90s (i.e., Authentication, Signaling
Message Encryption and Voice Privacy)
Joint Standards Development Work with ATIS to
address legislated and mandated security services
– Emergency Services (e.g., E-911 location)
– Lawfully Authorized Electronic Surveillance (CALEA)
 Developed a standards for Wireless Priority Service

(WPS) for CDMA Systems in parallel with WPS
Industry Requirements work
Developed a Priority Access and Channel
Assignment (PACA) technique, a queued originate
mechanism that may be used to support a priority
access scheme in the event that either radio or
network resource is congested.
TR-45 Security Features
 Authentication, Signaling Message Encryption, Privacy are
supported in TIA/EIA-41 Networks and their radio technologies –
TDMA, CDMA, AMPS-based systems
– Authentication
• Verification of the identity of the mobile equipment
• Performed on every service request
• Concept based on an authentication challenge
– Signaling Message Encryption
• Ensures privacy over signaling channels by encryption of signaling
information
– Privacy
• Encryption keys used to ensure privacy over traffic channels
 In the ongoing interest of security, enhancements to these basic
security features have been adopted by TR-45 to support
Enhanced Subscriber Authentication (ESA) and Enhanced
Subscriber Privacy (ESP) mechanisms for 3G Systems
TR-45.2 Ad-Hoc Emergency
Services Group
 1996
Chair: Larry A. Young [Sprint]
– FCC Released Enhanced 9-1-1 (E-911) Requirements
 1997
– Joint Standards Work with TIA and Committee T1 resulted in publication of JSTD-034, Enhanced Emergency Services Phase 1
 2000
– In August, Joint Standard document, J-STD-036, Enhanced Wireless 9-1-1 Phase
2 was published. Standard supports both network-based and handset-based
solutions.
 2002
– In July, Joint Standard, J-STD-036-A was published with enhancements to original
version
 2003
– In March, addendum J-STD-036-A-1 was published including Interim Position and
enhancements to Non-dialable Callback Numbers.
 2004
– Joint Standard, J-STD-036-B is scheduled to be published 4Q with MEID and
Interim Position for GSM
 TR-45.1
TR-45 Standards for Support of
Emergency Services
and Position Determination
–
–
TIA/EIA/TSB-119, Enhanced System Access Procedures for E911 Calls for Analog Cellular
TIA/EIA/IS-817, Position Determination Service Standard for Analog Systems
–
–
TIA-881 “TIA/EIA-41-D Location Services Enhancements” published March 2004
TIA-843 “Wireless Intelligent Network Support for Location Based Services” published
August 2004
PN-3-0054 (scheduled to be published October 2004 as TIA-917), “TIA/EIA-41 Support for
Wireless Priority Service (WPS)”
 TR-45.2
–
 TR-45.3
–
ANSI/TIA/EIA-136 Series, TDMA 3G Wireless – Support for Emergency Calls, Emergency
Information Broadcast, and for System Assisted Mobile Positioning through Satellite
(SAMPS)
 TR-45.4
–
–
TIA-2001-C (IOS v4.3), Interoperability Specification (IOS) for cdma2000(r) Access Network
Interfaces - Support for Emergency Calls and Position Determination
PN expected 2004 to address WPS for CDMA interfaces
–
TIA-2000-D, cdma2000® Spread Spectrum Systems – Support for Emergency Calls
–
TIA-801-A, Position Determination Service Standard for Dual Mode Spread Spectrum Systems
–
TIA-916, Minimum Performance Specification for TIA/EIA/IS-801 Mobile Stations
 TR-45.5
TR-45 LAES Ad-Hoc Group
Chair: Terri Brooks
 1994
– CALEA Legislation introduced to Subcommittee TR-45.2 by Law
Enforcement
 1997
– Joint Standards Work with TIA and Committee T1 resulted in
publication of TIA/T1 J-STD-025 as safe harbor standard for CALEA.
Standard challenged at FCC over nine features not included and two
that were.
 1999
– FCC released the Third Report and Order validating six of the nine
punch list items and indicating that further work needed to be done on
the packet data solution in the standard. FCC supported level of
location information provided.
 2000
– J-STD-025-A published in April containing six punch list items.
 2000
– Industry held two Joint Experts Meetings during 2H/2000 to explore
packet data solutions
TR-45 LAES Ad-Hoc Group
 2000
– J-STD-025 and J-STD-025-A sent for ANSI ballot. Ballots resolved in LAES AdHoc meeting in July
 2000
– In August, US Court of Appeals vacates four of the six punch list items. ANSI/JSTD-025 published as ANSI document. J-STD-025-A suspended pending
further information from the FCC on the punch list items
 2002
– In April, FCC issues Order on Remand reinstating the four vacated punch list
items
 2002
– In November, J-STD-025-A is re-balloted as an ANSI document
 2003
– The Jointly developed ANS was published as ANSI-J-STD-025-A-2003,
“Lawfully Authorized Electronic Surveillance”
 2004
– The joint TIA/ATIS developed J-STD-025-B to address refining of packet data
solutions is currently in the ANSI balloting process, undergoing a second
default ballot round. Anticipate publication no later than 2005.
Non-ANS version of 025-B published in 2004
Future TR-45 LAES Work
 2004 (September)
– Going forward: The LAES work, undertaken within TIA as Lead
SDO, has been reorganized and divided as appropriate among
the TR-45 LAES Ad Hoc, the TR-45.2 (LAES for IMS) and the
TR-45.6 (LAES for packet data system) subcommittees
• Project Numbers and capabilities documentation will be available
in near future
Wireless Priority Service
for CDMA Systems
 WPS is a voluntary service based on FCC R&O 00


242 (WT Docket No. 96-86)
WPS is provided to National Security/Emergency
Preparedness (NS/EP) Personnel and supports 5
levels of priority assigned by National
Communications System personnel.
WPS is primarily for voice and circuit-switched data
calls and requires no modifications to existing
handsets
WPS invoked on a per-call basis by dialing the star
digit code (*272) + DN
– WPS User MS validated by Wireless Priority Service Center
– WPS call request is given priority treatment (e.g., queued) when no
radio channels are available in the originating or terminating wireless
network
– Call is completed (based on priority level) when a
radio traffic channel becomes available
Wireless Priority Service
for CDMA Systems
 Standards Development work being
done in TR-45.2 to address WPS for
CDMA systems
– Project Number PN-3-0054 initiated 2001
– Document balloted in February 2003
– HLR validation of WPS user added and document issued
for 2nd ballot in August 2004
– Approved for Publication as TIA-917 (September 2004)
– Editor – Atul Thaper, Verizon Wireless
 Standards Development work beginning
in TR-45.4 to address WPS for CDMA
interfaces
– Project Number request anticipated in September, 2004.
Wireless Priority Service
for CDMA Systems
 Industry Requirements (IR) work was done in
parallel with the standards work
– WPS Initial Operating Capability (IOC) IRs for CDMA and
GSM Systems Developed in February 2002. Focused on
originating radio network priority
– WPS Final Operating Capability (FOC) IRs. Focused on
priority in the radio network (originating and terminating)
and the landline network
• GSM – Completed September 2002
• CDMA – Completed June 2004
– CDMA WPS IR and standards project PN-3-0054, which
supports both IOC and FOC, are closely aligned
– Development of WPS IR requirements for packet currently
in progress
TIA TR-45
Ad hoc Authentication Group
(AHAG)
Chair: Frank Quick, QUALCOMM Inc.
3rd Generation (3G) cdma2000 ®
Security
 3GPP AKA protocol (Global Roaming)
– Mutual authentication between Mobile and Network
 128-bit root secret K
– Entity Authentication (SHA-1 Algorithm)
– 128-bit key for Message Auth (EHMAC)
– 128-bit key for AES Encryption (Rijndael Algorithm)
 Backwards compatibility
 R-UIM support
 Air interface and Network algorithm

negotiation
Mobile IP, Radius/Diameter, CHAP
authentication
2G and 3G Security Standards
 Common Cryptographic Algorithms (CCA)
–
–
–
–
–
Developed in 1992, latest revision D.1 Sept. 2000
Security limited by ITAR (US Export Regulations)
CDMA: 40-bit private long code mask (voice not encrypted)
TDMA: 520-bit fixed voice privacy mask
64-bit authentication and signaling encryption keys
 Enhanced Cryptographic Algorithms (TIA946)
– Published June 2003
– No longer subject to strength limitations
• But encryption technology is still export controlled!
– 128-bit keys for Authentication and Encryption
– Strong Public Algorithms (SHA-1, HMAC/ENMAC, AES)
AMPS (Analog)
IS-95 CDMA
ETACS (Analog)
IS-136 TDMA
DHKE
®
AES Encryption cdma2000 1x (3G)
1xEV-DO
RADIUS AAA
CHAP, PAP 2G Security, R-UIM
GSM
TDMA/GSM/GPRS/EDGE (2.5G)
2G TR-45 2G GSM Security
A5.1, 2 Encryption
cdma2000® Release A
cdma2000® Release B
2G Authentication
AES Encryption
cdma2000® Release C, D
3GPP AKA – SHA-1
AES Encryption
HMAC, EHMAC
MIP Authentication
RADIUS/DIAMETER, IPsec, SIP IMS
UMTS/3GSM/WCDMA (3G)
3GPP AKA
KASUMI
MILENAGE MAC
SIP IMS, MAPsec
Application
End-to-End Security (PGP, CONDOR)
Presentation
Session
Transport
Network
Data Link
Physical
Transport Layer Security (WAP, TLS , SRTP)
MIP, IPsec
TR-45 Privacy and Authentication
TR-45 Contacts
 TR-45 Chair/HOD to 3GPP2: Cheryl Blum
• Technical Manager
Lucent Technologies, Inc.
[email protected]
 TR-45 AHAG Chair: Frank Quick
• Sr. VP, Corporate R&D
QUALCOMM Incorporated
[email protected]
 TIA Contact: Dan Bart
• Senior Vice President, Standards and Special Projects
[email protected]
Thank you for
your time
 Other sources of related information:
– TIA HS/CIP Activities: http://www.tiaonline.org/standards/cip/
– TIA Standards: http://www.tiaonline.org/standards/