Transcript Security and regulatory issues in the NGN environment

NGN- Regulatory and Security
Issues
S. K. Gupta, Advisor (CN&IT)
Telecom Regulatory Authority of India
Agenda
 Background
 NGN
Regulatory Imperatives
 NGN
Security Imperatives
06/04/2016
TRAI
2
Background

Why
Regulate
NGN ?
Why NGN?
◦ Convergence of Telecom,
Information Technology &
Broadcasting
◦ Digitization of Content
◦ Miniaturization of devices and
increasing computing power
◦ Multi functional Devices
06/04/2016
TRAI
3
NGN- Regulatory Approaches
1.
2.
3.
Wait and
Watch
Facilitate
NGN
Promote
NGN
06/04/2016
TRAI
4
NGN- Essentials
High Internet
/Broadband
Penetration
 Converged
Regulatory
approach
 Killer
Applications
 Availability of
suitable
content

Source:
www.internetworldstats.com
06/04/2016
TRAI
5
NGN- Regulatory Imperatives

Increasing Internet/
Broadband
Penetration
◦ Low wireline penetration
◦ Spectrum- scarce
resources, may not be
able to cater for huge
BW required in future
◦ High cost of subs
premises equipment
◦ Harmonization of
spectrum utilization
◦ Increase optical fibre
penetration
Source : OECD
Technology
End Device Price (in $)
2G
> 30
WCDMA
<100
CDMA EV-DO
<100
WiMAX
<100
06/04/2016
TRAI
6
NGN- Regulatory Imperatives

Killer Applications
Purpose of Internet Access
◦ Encourage developments of user
friendly applications
◦ Development of content in local
language
◦ Support for e-gov, e-commerce, eeducation, e-health etc
◦ Ensure market availability and reduce
barriers to access subscribers
%
E-mail
91%
General Information search
76%
Educational Information search
49%
Text Chart
46%
Online Gaming
41%
Online Jobsites
37%
Music/ Video on the Internet
32%
Financial Information search
21%
Book Railway ticket on Internet
21%
Online banking
20%
Online News
13%
Internet Telephony/ Video Chat/
Voice Chat
13%
Source: IMRB
06/04/2016
TRAI
7
NGN- Regulatory Imperatives

Unified Licensing :
◦ Entry fee is high
◦ Full control on network and subscribers
access
◦ Entry barriers
◦ Competitions issues
◦ Ensuring Regulatory
compliance
GSM
06/04/2016
TRAI
Dec'08
Sep'08
Jun'08
Mar'08
Dec'07
CDMA
Sep'07
◦ Death of time & distance
◦ Paradigm shift in
commercial agreements
among service providers
1.6
1.4
1.2
1
0.8
0.6
0.4
0.2
0
Average Subscriber Outgo (Rental +
Call Charges)Per Minute (Blended)
Jun'07
and distance
based pricing to volume
and hits based pricing
◦ Good regulatory compliance
Sep'06
 Time
◦ Small operators/ content developers
totally depend on them for subscriber
access
Mar'07
licensing Vs.
Service specific
licensing
Dec'06
 Unified
8
NGN- Regulatory Imperatives
 Changed
Interconnection Model
 Interconnection:
◦ Shift from circuit switched to packet
switched interconnection
◦ Shift from dedicated interconnection to
the class and QoS based interconnection
◦ Shift from hierarchical interconnection
to zonal interconnection
 RIO
◦ Well defined separate
NLD/ILD
◦ Full availability of BW
at interconnect point
◦ Well defined IUC for
per call basis
termination and
carriage charges
◦ Existing framework of RIO will change
 IUC
◦ Change from per call basis termination
charges to some new pattern
06/04/2016
◦ Well defined
hierarchical
interconnection
TRAI
9
NGN- Regulatory Imperatives
 Management
of
Numbering Resources
◦ Shift form primarily P2P voice
calls to P2M and M2M calls
◦ Allocations of numbers to IP
devices and machines
◦ Migration from IPv4 to IPv6
◦ Shift from service specific
number allocation to service
neutral number allocation
◦ Shift from large number of
small capacity switches in a
network to limited very high
capacity switches
 Number
allocation:
◦ Different numbering series for
fixed and mobile number
allocation
◦ Different series of numbers
for different operators
◦ Numbering resource
utilization efficiency < 60%
◦ Allocation of city specific
network access codes (STD
Codes)
◦ Implementation of mobile
number portability
06/04/2016
TRAI
10
NGN- Regulatory Imperatives

 Content
Regulation and
enforcement
08)
◦ Free to air channels –
180
◦ Monitoring issues – large number of
content providers
◦ Enforcement issue- IPR, prohibition
of vulgar content
◦ Community sites on internetcontent generation by individuals
◦ Likely impact on upcoming generation
 Net
Content providers (Dec.
◦ Pay Channels – 110
◦ FM Radio Stations – 245
◦ Community Radio- 60
◦ MSOs - 6000
◦ LCOs – 60000
◦ Large numbers of
community sites
neutrality
◦ Ensure non-discriminative treatment
to all contents by network providers
06/04/2016
TRAI
11
NGN- Regulatory Imperatives
 Standardization
◦ Ensure end to end service availability
◦ Interface approvals will be required
◦ Need for regional cooperation to define zone specific NGN specifications
 Emergency
Number Dialing
◦ Facility to dial emergency numbers with accurate location details of the
subscriber will be desirable
◦ It may be a challenge in 3G and BWA scenario to exactly indicate
subscriber location
06/04/2016
TRAI
12
NGN- Regulatory Imperatives

Lawful Interception (LI)
◦ Widely dispersed network
-
Monitoring Challenge
◦ Huge Volume of data
-
Analysis challenge
◦ Complex Multilayer dynamic
encryption
- Challenge to retrieve
data
◦ Fast technological innovation
- Upgradation of
monitoring equipments
- Adequate training of
manpower

Need for LI
◦ Monitoring data flow in
Network
◦ Effective, transparent, online
Interception
◦ Data / Message specific to a
particular
 Originator
 Person/ location
◦ Interception of traffic based on
 Content
 Class
◦ Need to preserve huge data
06/04/2016
TRAI
13
NGN- Security Imperatives

NGN is expected to replace
telecom networks considered as
critical infrastructure
◦


Foolproof security is of utmost
importance
Vulnerabilities of IP based network
◦
Identity theft
◦
Person in middle
◦
Spoofing
◦
Phishing
Effective legal framework to
handle violations
◦
Enactment of relevant legal
provisions
◦
Policy framework to handle cross
border violations
◦
Prevention and punishment of
defaulter
Source: CERT-in
06/04/2016
TRAI
14
NGN- Security Imperatives
 Concerns







of subscribers
Identity theft
Cracking of username/PIN
Attacks by Virus, Worms, spyware etc.
Flooding attack on user device
Tele-spam
Loss of personal data, privacy etc.
Importance of network Security
◦ Control theft of services/ unauthorized use
◦ Restrict denial of services
◦ Ensure guaranteed quality of service to subscriber
◦ Appropriate charging to actual users
◦ Ensuring due payment to application / content
providers
06/04/2016
TRAI
15
NGN- Security Imperatives
 Wireless
◦
◦
◦
IP network
Misuse of Wi-Fi
signals- need for
protections
Subscriber awareness
issues
Securing subscriber
devices
 Misuse
of IP Ports
◦ Attacks using open IP
Ports
◦ Hardening of servers
◦ Hardware /Software
vulnerabilities

Network security Breaches (2008)
◦
Biggest malware threats – SQL injection
attacks against websites and the rise of
scareware
◦
New web infections – one new infected
webpage every 4.5 seconds
◦
Malicious email attachments – increased five
times by 2008 end
◦
Spam-related web pages – one new webpage
every 15 seconds
◦
New scareware websites – five per day
◦
Top malware-hosting country – US with 37
percent
◦
Top spam-relaying continent – Asia with 36.6
percent
◦
Amount of business email that is spam – 97
percent
Source: www.sophos.com
06/04/2016
TRAI
16
NGN- Security Imperatives
 Component
◦
◦
◦
◦
of NGN security
Network domain security
IMS access security
Application security
Security of open services/ application frameworks
06/04/2016
TRAI
17
Way Forward
 Regulatory
framework shall smoothen the complex
emerging issues in NGN facilitating the easy deployment
of networks and services.
 Promotion
of competitive environment shall be key
regulatory concern
 Security
in all IP environment will require collaborative
and coercive efforts from different countries across the
globe
 Information
sharing and mutual cooperation will be the
key to success
06/04/2016
TRAI
18
Thank You
S K Gupta , Advisor, TRAI
Mahanagar Doorsanchar Bhawan,
J.L. Nehru Marg, New Delhi – 110002
Ph. +91-11- 23217914 (O)
+91-11- 23211998 (Fax)
[email protected]
06/04/2016
TRAI
19