Transcript GSC-10: ITU-T Security Standardization

Global Standards Collaboration
GSC#10
28 August – 2 September 2005
Sophia Antipolis, France
Agenda Item: 5.6
GSC
GSC10_gtsc3(05)04
ITU-T Security
Standardization
Herb Bertine
Chairman ITU-T Study Group 17
ITU-T World Telecommunications
Standardization Assembly (WTSA)
GSC
 Resolution 50, Cyberscecurity
 Evaluate existing and evolving new Recommendations
with respect to their robustness of design and potential
for exploitation by malicious parties
 Raise awareness of the need to defend against the threat
of cyber attack
 Resolution 51, Combating spam
 Report on international initiatives for countering spam
Member States to take steps within their national legal
frameworks to ensure measures are taken to combat
spam
 Resolution 52, Countering spam by technical
means
 Study Groups, in cooperation with other relevant groups,
to develop as a matter of urgency technical
Recommendations on countering spam
2
ITU-T Study Groups
www.itu.int/ITU-T/studygroups/com17
GSC
 Study Group 17 is the Lead Study Group for
Telecommunication Security
www.itu.int/ITU-T/studygroups/com17/tel-security.html
 Coordination/prioritization of security efforts
 Development of core security Recommendations
 Study Group 2 is responsible for defining the security




requirements on the user point-of-view
Study Group 4 covers security for the network
management
Study Group 9 develops security mechanisms for
cable distribution systems
Study Group 13 defines the security framework for
NGN
Study Group 16 concentrates on the security issues
of Multimedia applications in next generation
networks.
3
Awareness
GSC
 SG 17 maintains a webpage providing for an
overview on achievements of ITU-T on security
standadization:
security manual
security compendium:
•
•
•
catalogue of approved ITU-T Recommendations
related to telecommunication security
extract of ITU-T approved security definitions
listing of ITU-T security related Questions
www.itu.int/ITU-T/studygroups/com17/tel-security.html
 Many ITU-T workshops have security in their
agenda (New horizons for security
standardization, NGN (in collaboration with
IETF), Cybersecurity Symposiums I and II, Home
networking and Home services,…)
4
ITU-T Security Manual
December 2003, October 2004
GSC
Basic security architecture and dimensions
Vulnerabilities, threats and risks
Security framework requirements
PKI and privilege management with X.509
Applications (VoIP, IPCablecom, Fax,
Network Management, e-prescriptions)
 Security terminology
 Catalog of ITU-T security-related
Recommendations
 List of Study Groups and security-related
Questions
www.itu.int/itudoc/itu-t/85097.pdf
www.itu.int/itudoc/itu-t/86435.pdf





5
GSC
6
SG 17 recent achievements
GSC
 Security Architecture (X.805) New 2003
 For end-to-end communications
 Security Management System (X.1051) New 2004
 For risk assessment, identification of assets and
implementation characteristics
 Mobile Security (X.1121 and X.1122) New 2004
 For mobile end-to-end data communications
 Telebiometric Multimodal Model (X.1081) New 2004
 A framework for the specification of security and
safety aspects of telebiometrics
 Public Key and Attribute Certificate Frameworks
(X.509) Revision 2005
 Ongoing enhancements as a result of more complex
uses and alignment with the IETF
7
SG 16 recent achievements
GSC
 Major restructuring of H.235v3 and annexes in stand-alone
sub-series Version 4 Recommendations of H.235.x
 New H.235.0 (2005) “Security framework for H-series (H.323 and
other H.245-based) multimedia systems”
 Overview of H.235.x sub-series and common procedures and
baseline text
 New H.235.1 (2005) “Baseline Security Profile“
 Authentication & integrity for H.225.0 signaling using shared
secrets
 New H.235.2 (2005) “Signature Security Profile”
 Authentication & integrity for H.225.0 signaling using X.509
digital certificates and signatures
 New H.235.3 (2005) “Hybrid Security Profile”
 Authentication & integrity for H.225.0 signaling using an
optimized combination of X.509 digital certificates, signatures
and shared secrets key management; specification of an optional
proxy-based security processor
8
SG 16 recent achievements
GSC
 New H.235.4 (2005) “Direct and Selective Routed Call
Security”
 Key management procedures in corporate and interdomain
environments to obtain key material for securing H.225.0 call
signaling in GK direct-routed/selective routed scenarios
 New H.235.5 (2005) “Framework for secure authentication in
RAS using weak shared secrets”
 Secured password (using EKE/SPEKE approach) in combination
with Diffie-Hellman key agreement for stronger authentication
during H.225.0 signaling
 New H.235.6 (2005) “Voice encryption profile with native
H.235/H.245 key management”
 Key management and encryption mechanisms for RTP
 New H.235.7 (2005) “Usage of the MIKEY Key Management
Protocol for the Secure Real Time Transport Protocol (SRTP)
within H.235”
 Usage of the MIKEY key management for SRTP
9
SG 16 recent achievements
GSC
 New H.235.8 (2005) “Key Exchange for SRTP using secure
Signalling Channels”
 SRTP keying parameter transport over secured signaling
channels (IPsec, TLS, CMS)
 New H.235.9 (2005) “Security Gateway Support for H.323”
 Discovery of H.323 Security Gateways (SG represents an H.323
NAT/FW ALG) and key management for H.225.0 signaling
10
SG 4 recent achievements:
Security of the Management Plane
(M.3016-series)
GSC
 Approved earlier this year (2005), the M.3016 series is viewed
as a key aspect of NGN Management; it is included
 in the NGN Management Roadmap to be issued by the NGNMFG
 In M.3060 on the Principles of NGN Management
 The M.3016 series consists of 5 parts:





M.3016.0:
M.3016.1:
M.3016.2:
M.3016.3:
M.3016.4:
Overview
Requirements
Services
Mechanisms
Profile proforma
 The role of M.3016.4 is unique in that it provides a template for
other SDOs and forums to indicate for their membership what
parts of M.3016 are mandatory or optional
11
Study Group 17 Security
Questions, 2005-2008
Telecom
Systems Users
Q.7/1
7
Security
Management
*ISMS-T
*Incident
Management
*Risk
Assessment
Methodology
*etc…
*X.1051
Q.4/1
7
Telecom
Systems
Q.8/17
Telebiometrics
*Multimodal Model Framework
*System Mechanism
*Protection Procedure
*X.1081
Q.9/1
Secure Communication Services
7
*Mobile Secure Communications
*Home Network Security
*Security Web Services
*X.1121, X.1122
Cyber Security
GSC
Q.5/1
7
Security
Architecture
& Frameworks
*Architecture,
Q.6/1
*Vulnerability Information Sharing…
*Incident Handling Operations
7
*Security Strategy
*Countering SPAM ( proposed Q.1717)
Communications System Security Project
Model,
Concepts,
Frameworks,
*etc…
*X.800 series
*X.805
*Vision, Project Roadmap, …
12
ITU-T Security work
in development
GSC
 Q.2/17: Directory services, Directory systems, and public-
key/attribute certificates
 The Directory: Public-key and attribute certificate frameworks (X.509)
• The 5th edition entered Last Call period for approval on 1 August 2005
 Consider new work on NGN directory protocol
 Q.4/17: Communications systems security project
 Security Baseline for Network Operators Project
• Proposes a security baseline for network operators that will provide
meaningful criteria against which each network operator can be
assessed if required
 Q.5/17: Security architecture and framework
 Applications of ITU-T Rec. X.805
• covering division of the security features between the networkservice
provider and the user
• specifying procedures for network security assessment based on X.805
security architecture
13
ITU-T Security work
in development
GSC
 Q.6/17: Cybersecurity
 X.sno, framework for secure network operations
 X.vds, vulnerability data schema
 X.sds, spyware/deceptive software
 X.silc, security incident life-cycle processes
 X.svlc, security vulnerability life-cycle processes
 Q.7/17: Security management
 X.ism-1, code of practice for information security management
 X.ism-2, ISMS requirements specification
 X.1051, amendments/revision
 Q.8/17: Telebiometrics
 X.physiol, Physiological quantities, their units and letter symbols
 X.tsm-1, General telebiometric system models, protocol and data
contents
 X.tsm-2, Profile of client verification model on TSM
 X.tpp, Guideline on technical and managerial countermeasures for
14
biometric data security
ITU-T Security work
in development
GSC
 Telebiometric database
 ITU is constructing a database of safe limit value
pertaining to interfaces between telebiometric
equipment and humans
 This work is being done in collaboration with ISO TC
12 and IEC TC 25
 We would appreciate the help of PSOs in populating
the database.
 The telebiometric database will be publicly
available on the ITU-T website:
www.itu.int/BiometricDB/Home
15
ITU-T Security work
in development
GSC
 Q.9/17: Secure communication services
 X.homesec-1, Framework for security technologies for home network
 X.homesec-2, Certificate profile for the device in the home network
 X.msec-3, General security value added service (policy) for mobile
data communication
 X.msec-4, Authentication architecture in mobile end-to-end data
communication
 X.crs, Correlative reacting system in mobile network
 X.websec-1, based on OASIS standard SAML, Security Assertion
Markup Language
 X.websec-2, based on OASIS standard XACML, eXtensible Access
Control Markup Language
 Proposed Q.17/17: Countering SPAM
 X.gcs, Guideline on countering SPAM
 X.fcs, Technical framework for countering SPAM
 X.tcs, Technical means for countering SPAM
16
ITU-T Security work
in development
GSC
 Q.11/4 – Protocols for management interfaces
 Security Management System Requirements (M.xxxx)
 Q.1513 – NGN security
 Ensure that the developed NGN architecture is consistent with
established security principles. Will further process the securityrelated FGNGN deliverables
17
ITU-T Security work
in development
GSC
Security Deliverables from NGN Focus Group
Deliverable Title
Current Draft
Target
Date
Security
Requirements for
NGN Release 1
FGNGN-OD-00132 November
2005
Guidelines for
NGN Security
FGNGN-OD-00173 November
2005
Both draft specifications are planned to be moved to SG
18
13 for processing as new ITU-T Recommendations
ITU-T Security work
in development
GSC
 Q.25/16 - Multimedia Security in Next-
Generation Networks (NGN-MM-SEC)
Standardizes MM Security for H.323 systems and for Advanced
multimedia (MM) applications including NGN
 Anti-DDOS countermeasures for Multimedia and for (H.323based) NAT/FW proxy
 Federated Security Architecture for Internet-based
Conferencing (H.FSIC)
 Security for MM-QoS (H.mmqos.security)
 Negotiate security protocols (IPsec or TLS) for H.323 signaling
(H.460.spn)
 MM security aspects of Vision H.325
“Next-generation Multimedia Terminals and Systems”
19
Concluding Observations
GSC
 Security is everybody's business
 Collaboration with other SDOs is necessary
 Security needs to be designed in upfront
 Security must be an ongoing effort
 Systematically addressing vulnerabilities
(intrinsic properties of networks/systems)
is key so that protection can be provided
independent of what the threats (which are
constantly changing and may be unknown) may
be – X.805 is helpful here
20
Global Standards Collaboration
GSC#10
28 August – 2 September 2005
Sophia Antipolis, France
Thank you !
GSC
GSC
Additional material on recently
approved security
Recommendations in Study
Group 17
22
Three main issues that
X.805 addresses
GSC
 The security architecture addresses three
essential issues:
 What kind of protection is needed and against what
threats?
 What are the distinct types of network equipment
and facility groupings that need to be protected?
 What are the distinct types of network activities that
need to be protected?
X.805
23
GSC
THREATS
Privacy
Destruction
Availability
Integrity
Integrity
Data
Data Confidentiality
Infrastructure Security
Non-repudiation
Services Security
Authentication
VULNERABILITIES
Access Control
Management
Security Layers
Applications Security
Communication Security
X.805: Security Architecture
for End-to-End Communications
Corruption
Removal
Disclosure
Interruption
ATTACKS
End User Security
Security Planes
Control/Signaling Security
8 Security Dimensions
Management Security
 Vulnerabilities can exist in each Layer, Plane and Dimension
 72 Security Perspectives (3 Layers Ò 3 Planes Ò 8 Dimensions)
X.805
24
X.805: Three security layers
GSC
Applications Security
3 - Applications Security Layer:
THREATS
Destruction
Services Security
Corruption
VULNERABILITIES
Removal
Disclosure
Vulnerabilities Can Exist
In Each Layer
Interruption
Infrastructure Security
ATTACKS
• Network-based applications accessed by
end-users
• Examples:
– Web browsing
– Directory assistance
– Email
– E-commerce
1 - Infrastructure Security Layer:
2 - Services Security Layer:
• Fundamental building blocks of networks
services and applications
• Examples:
– Individual routers, switches, servers
– Point-to-point WAN links
– Ethernet links
• Services Provided to End-Users
• Examples:
– Frame Relay, ATM, IP
– Cellular, Wi-Fi,
– VoIP, QoS, IM, Location services
– Toll free call services
• Each Security Layer has unique vulnerabilities, threats
• Infrastructure security enables services security enables applications security
X.805
25
X.805: Three security planes
GSC
Security Layers
Applications Security
THREATS
Destruction
Services Security
VULNERABILITIES
Corruption
Removal
Disclosure
Vulnerabilities Can Exist
In Each Layer and Plane
Interruption
Infrastructure Security
ATTACKS
End User Security
1 - End-User Security Plane:
• Access and use of the network by the
customers for various purposes:
– Basic connectivity/transport
– Value-added services (VPN, VoIP,
etc.)
– Access to network-based applications
(e.g., email)
Control/Signaling Security
Security Planes
Management Security
3 - Management Security Plane:
2 - Control/Signaling Security Plane:
• The management and provisioning of
network elements, services and
applications
• Support of the FCAPS functions
• Activities that enable efficient functioning
of the network
• Machine-to-machine communications
X.805
• Security Planes represent the types of activities that occur on a network.
• Each Security Plane is applied to every Security Layer to yield nine security
Perspectives (3 x 3)
• Each security perspective has unique vulnerabilities and threats
26
X.805 Approach
GSC
Infrastructure
Layer
Services Layer
Applications Layer
Module One
Module Four
Module Seven
Module Two
Module Five
Module Eight
Module Three
Module Six
Module Nine
Management Plane
Control/Signaling
Plane
User Plane
Execute
– Top Row for Analysis
of Management
Network
– Middle Column for
Analysis of Network
Services
– Intersection of Each
Layer and Plane for
analysis of Security
X.805
Advanced Technologies
Lucent Technologies - Proprietary
Access Control
Communication Security
Authentication
Data Integrity
Non-repudiation
Availability
Data Confidentiality
Privacy
The 8 Security Dimensions
Are Applied to Each
Security Perspective
21
27
X.805
GSC
Provides A Holistic Approach:
 Comprehensive, End-to-End Network View of Security
 Applies to Any Network Technology
 Wireless, Wireline, Optical Networks
 Voice, Data, Video, Converged Networks
 Applies to Any Scope of Network Function
 Service Provider Networks
 Enterprise Networks
 Government Networks
 Management/Operations, Administrative Networks
 Data Center Networks
 Can Map to Existing Standards
 Completes the Missing Piece of the Security Puzzle of what
to do next
X.805
28
Security Management
GSC
 Information security management system –
Requirements for telecommunications
(ISMS-T)
 specifies the requirements for establishing,
implementing, operating, monitoring, reviewing,
maintaining and improving a documented ISMS within
the context of the telecommunication’s overall
business risks
 leverages ISO/IEC 17799:2000, Information technology,
Code of practice for information security management
 based on BS 7799-2:2002, Information Security
Management Systems — Specifications with Guidance
for use
X.1051
29
Information Security
Management Domains defined in
ISO/IEC 17799
GSC
30
ISMS
GSC
Information
Security
Management
System
 Organizational security
 Asset management
 Personnel security
 Physical and environmental security
 Communications and operations
management
 Access control
X.1051  System development and maintenance
31
Mobile Security
GSC
Multi-part standard
X.1121  Framework of security technologies
for mobile end-to-end data
communications
 describes security threats, security requirements,
and security functions for mobile end-to-end data
communication
 from the perspectives of the mobile user and
application service provider (ASP)
X.1122  Guideline for implementing secure
mobile systems based on PKI
 describes considerations of implementing secure
mobile systems based on PKI, as a particular
security technology
32
Security framework for mobile
end-to-end data communications
GSC
Data communication
Mobile
Terminal
(Mobile User)
Mobile Network
Open Network
Application
Server
(ASP)
General communication Framework
Data
communication
Mobile
Terminal
(Mobile User)
Gateway Framework
X.1121





Data
communication
Mobile
Security
Gateway
Application
Server
(ASP)
Security threats
Relationship of security threats and models
Security requirements
Relationship of security requirements and threats
Security functions for satisfying requirements
33
Secure mobile systems based
on PKI
CA
Mobile user’s
side CA
Repository
RA
ASP’s side CA
Repository
ASP’s VA
General Model
Mobile
User VA
Mobile
Terminal
(Mobile User)
Mobile Network
CA
Mobile user’s
side CA
Gateway Model
Repository
Open Network
ASP
CA
RA
VA
X.1122
Application
Server
(ASP)
Application Service Provider
Certification Authority
Registration Authority
Validation Authority
RA
ASP’s side CA
ASP’s VA
Repository
Mobile
User VA
Mobile
Terminal
(Mobile User)
GSC
Mobile Network
Open Network
Application
Server
(ASP)
34
Telebiometrics
GSC
 A model for security and public safety in telebiometrics
that can
 assist with the derivation of safe limits for the operation
of telecommunications systems and biometric devices
 provide a framework for developing a taxonomy of
biometric devices; and
 facilitate the development of authentication mechanisms,
based on both static (for example finger-prints) and
dynamic (for example gait, or signature pressure
variation) attributes of a human being
 A taxonomy is provided of the interactions that can
occur where the human body meets devices capturing
biometric parameters or impacting on the body
X.1081
35
Telebiometric Multimodal Model:
A Three Layer Model
GSC
 the scientific layer
 5 disciplines: physics, chemistry, biology,
culturology, psychology
 the sensory layer – 3 overlapping classifications
of interactions
 video (sight), audio (sound), chemo (smell, taste),
tango (touch); radio (radiation) - each with an out
(emitted) and in (received) state
 behavioral, perceptual, conceptual
 postural, gestural, facial, verbal, demeanoral, not-asign
 the metric layer
 7 SI base units (m, kg, s, A, K, mol, cd)
X.1081
36