Transcript Colombo, Sri Lanka, 7-10 April 2009

FORUM ON NEXT GENERATION STANDARDIZATION
(Colombo, Sri Lanka, 7-10 April 2009)
Security & Regulatory Issues in NGN
NK Goyal
President, Communications & Manufacturing
Association of India (CMAI)
Chairman Emeritus, Telecom Equipment Manufacturers
Association of India (TEMA)
Director, National Fertilizers Ltd. NFL ( Govt. of India
Undertaking)
7-10th April, 2009 Sri Lanka
[email protected]
[email protected]
+91 98 111 29879
www.nkgoyals.com
Colombo, Sri Lanka, 7-10 April 2009
Indian Telecom Sector
281 Access service licensees. Of these,
121 UAS licenses were awarded in
January, 2008.
The total number of telephone connections
stood at 400.05 million at the end of
January, 2009. Second largest in world.
Monthly additions 10-15 Millions
The overall tele-density is 40.50% and the
rural tele-density is only 13.13%.
Colombo, Sri Lanka, 7-10 April 2009
2
Next Generation Networks
An ITU-T defined telecommunications Network
architectures & Technologies
NGN is a broadband Network where service layer,
transport layer & application layers have an
independent function of each other
An Internet with an IMS architecture is NGN
An evolutionary approach from PSTN/ISDN
networks to advanced network called NGN
Move from current H.323 protocol to Session
based Session Initiation Protocol
Colombo, Sri Lanka, 7-10 April 2009
3
Regulation of
“Plain Old Telephone
Service (POTS)”
Numbering
Consumer
protection
Security
Privacy
Quality of
Service
Emergency
Access
Interconnection
Competition
“Next Generation”
Longer term issues
Short term issues
Regulatory implications of
Colombo, Sri Lanka, 7-10 April 2009
NGN
Source: ASTAP05_WS.IP&NGN-09
Core policy areas:
•Competition (level-playing
field), Interconnection
•Consumer (QOS, privacy,
emergency access)
•Security & legal interception
4
Scope for self-regulation
4
Typical attacks in SIP
Malformed Message Attacks
Buffer Overflow Attacks
Denial-of Service attacks
RTP session hijacking
Injection of unauthentic RTP packets
into existing RTP flows
Re-use of compromised SIP credentials
Hostile SIP network elements
Colombo, Sri Lanka, 7-10 April 2009
5
Session Border Controller
An insecure network cannot charge for its use or
provide a guaranteed QoS service, because
unauthorized users cannot be prevented from
overusing limited network resources.
SBCs can provide security and protection against
unauthorized access into the trusted network
invalid or malicious calls, including Denial of
Service (DoS) attacks
bandwidth theft by authorized users
unusual network conditions, for example a
major emergency.
Colombo, Sri Lanka, 7-10 April 2009
6
NGN Security
Security requirements for Transport
Home Network domain
Core Network
Interfaces
Security requirements for Service
IMS domain
Transport stratum to IMS domain
IMS to Application domain security
Application domain security
Home Network to Application domain security
Home Network-to-IMS domain security
Open service platform to valued-added service provider
security
Colombo, Sri Lanka, 7-10 April 2009
7
LI Challenges
Majority of mass telecommunication traffic today
doesn’t traverse any part of the well-controlled
Circuit Switched network:
IP multimedia traffic between GPRS/UMTS
mobile phones
The traffic to and from Internet exchanged on
high bandwitdhISPs (ADSL, FTTH, cable…)
Telephone traffic between two VoIP terminals,
maybe connected to different VoIP operators.
Encrypted traffic without proper mechanisms
Decentralized Peer to Peer networks
Colombo, Sri Lanka, 7-10 April 2009
8
Challenges for NGN security
• Network Address Translation (NAT): Calls may not materialized
in due to NAT implementation in some router & firewall.
• SIP: Message are sent in plain, uuencoded text although
encryption option is available but there is no standard.
• RTP: Vulnerable to interception & alteration
• Code & script attacks: SIP phone are potentially vulnerable to
attack from executable code or scripts. It may results in denial
of service.
• No standard Spam detection solutions
Colombo, Sri Lanka, 7-10 April 2009
9
Cyber Security
With the growing number of applications to
exploit on the converged Mobile IP Networks, a
plethora of online avenues and revenues to pilfer,
and many more corporate networks to hack,
cyber-criminals appear to have no shortage of
targets to pursue.
The heightened interest and response from law
enforcement worldwide in bringing cyber
criminals to justice may well result in malicious
hackers being increasingly aggressive and
creative in their efforts.
The threat of Malware, Trojans and lots others
and it’s impact to operators is also big challenge.
Colombo, Sri Lanka, 7-10 April 2009
10
Summary of Next Gen Security
& Other aspects
3G/NGN/4G/IMS security issues seems to remain a threat
for a good amount of time in near future.
Technical security of NGN systems well designed but likely
to suffer implementation problems
Increased connectivity means the security exposure will
become more serious and harder to manage
Protocols such as SIP (e.g. in IMS model) likely to be
abused by NGP (next generation phreakers)
Open and distributed nature
Lack of inherent security mechanisms
Increasingly complicated network concept
Running of mission critical Applications
Deployed before fully matured likely to cause operational
problems
Few expert solutions for effective management
Require time and Cost consuming
Integration and configuration
Colombo, Sri Lanka, 7-10 April 2009
11
Where is my cell phone mama..
I want to SMS to God that I have reached safely!
Colombo, Sri Lanka, 7-10 April 2009
12