1 / 16

Security and LI; ETSI’s role in standards

GSC9/Joint_013. Security and LI; ETSI’s role in standards. GSC-9, Seoul. 1. Security. New challenges and maintenance. ETSI’s track record. ETSI works in Protocols, Algorithms and Systems Specialist Technical Bodies Develop protocols and security frameworks

duer
Download Presentation

Security and LI; ETSI’s role in standards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GSC9/Joint_013 Security and LI; ETSI’s role in standards GSC-9, Seoul 1

  2. Security New challenges and maintenance

  3. ETSI’s track record • ETSI works in Protocols, Algorithms and Systems • Specialist Technical Bodies • Develop protocols and security frameworks • Authentication, key distribution, signature • Examples: TETRA, DECT, DVB, GSM/UMTS • Algorithm expertise • SAGE offer crypto design, testing and analysis services • Develop public and restricted algorithms including A5/x, Milenage, TETRA-TEAx, … • Systems • Electronic signature, e-commerce, TETRA, TISPAN GSC-9, Seoul

  4. Smart cards • SCP – Smart Card Platform Group • Mobile radio - 3G and GSM and other standards • Objective is to make multi application cards • Additional Communication and Financial applications • Machine readable cards • Access tokens in public transport • Banking and payment • Healthcare GSC-9, Seoul

  5. Major area of work • In following ETSI’s remit as a telecommunications standardisation body primary focus to date has been: • ComSec – Communications Security • Primarily provision of security equivalent to the fixed network for radio based access technologies • TETRA, DECT, GSM/UMTS GSC-9, Seoul

  6. New environment, new challenges • Telecommunications not telephone network • Service providers often not networking providers • Convergence of IT and tele-communications • ITSec joins ComSec • Fixed network not as trusted as 10 years ago • Equivalence to fixed network no longer sufficient • Packet versus circuit challenge • Routing versus switching challenge • Mix of traffic sharing the network • Mix of traffic value on shared network • Mobility of users no longer just a radio problem • Number portability • Remote access GSC-9, Seoul

  7. New challenge - Assurance • NIS report stresses importance of assurance • Information Technology based (ITSec, Common Criteria) • Recommendation to extend to ComSec • Challenge is how? • ETSI, through TISPAN, will answer this challenge • Guide to use of methods for security standards development to allow compliant products to achieve assurance level • Conformance as well as interoperability based GSC-9, Seoul

  8. Lawful interception Interception challenges and Handover capabilities

  9. What is lawful interception? • Used in the support of criminal investigation and to counter terrorism • Applies to data in transit • It is not a search of records • Applied to any data in transit • Signalling • Speech • Video • E-mail • Web • Etc. GSC-9, Seoul

  10. Why ETSI? • Source of many communications protocols • Knowledge centre for how to intercept • Membership driven • National and regional requirement to support LI identified to members • Lower cost to members if protocol and data model is standard (one model fits wherever the communications protocols are used) GSC-9, Seoul

  11. Correspondent target Handover interface Monitor Simple architecture GSC-9, Seoul

  12. More technically GSC-9, Seoul

  13. Who does what in ETSI? • Division by function: • Handover • Interception • Handover: • Led by TC LI • Defines means for delivering intercepted signalling and communication to LEMF • Interception: • Performed within technology TBs • Defines how technology specific data is intercepted GSC-9, Seoul

  14. The documents (handover) • Architecture • TR 101 943v111, Concepts of Interception in a Generic Network Architecture • Handover • ES 201 671, Handover interface for the lawful interception of telecommunications traffic • This covers handover for 64kb/s switched networks (Annex A), packet switched handover (Annex B), use of ROSE (or FTP) for HI2 (Annex C) • TS 102 232, Handover Specification for IP Delivery GSC-9, Seoul

  15. The documents (interception) • TETRA: EN 301 040 • GSM/3GPP: TS 133 108 V5.3.0 (33.108 version 5.3.0 Release 5) • E-mail: TS 102 233 • Internet access: TS 102 234 • TIPHON/TISPAN: TS 102 277 (in draft) • ISDN: TR 102 053 V1.1.1 • Cable: TS 101 909-20-1, TS 101 909-20-2 (in draft) GSC-9, Seoul

  16. Challenges • Broadband • Interception and handover • Identification and capacity • Multi-provider environment • One target many provider relationships • Network • Service • Content • NGN • Object based capabilities rather than services • Open architectures with open provision • End user service logic GSC-9, Seoul

More Related