1 / 12

Update on ETSI Security work

Update on ETSI Security work. Charles Brookson OCG Security Chairman. Submission Date: June 27, 2008. OCG Security (1). Operational Co-ordination Sub-Group on Security Horizontal co-ordination structure for security issues

leah-oneill
Download Presentation

Update on ETSI Security work

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Update on ETSI Security work Charles Brookson OCG Security Chairman Submission Date:June 27, 2008

  2. OCG Security (1) • Operational Co-ordination Sub-Group on Security • Horizontal co-ordination structure for security issues • Ensuring security is properly considered in each ETSI Technical Body (TB) • Detecting any conflicting or duplicate work • Participation: • TBs are free to nominate Members to participate in the work of the group • Working methods: • Via email • When necessary co-sited “joint security” technical working meetings • Issues sent to SECsupport@etsi.org • Mailing list: OCG_SECURITY@LIST.ETSI.ORG

  3. OCG Security (2) Security Workshop • ETSI holds an annual security workshop. The 3rd Workshop held in January this year was well attended, and details can be found on many security issues at http://portal.etsi.org/securityworkshop/ • The next workshop is scheduled for 13th and 14th January 2009 in Sophia Antipolis, and contributions are welcome. White Papers • The latest edition of our Security White and Product Proofing papers giving information and all security activities can be found at: http://www.etsi.org/WebSite/technologies/WhitePapers.aspx • The Security White paper is in the process of being updated and a new edition will be published later this year.

  4. ETSI Committees per Security Areas Emergency Telecommunications Mobile/Wireless Algorithms SES MESA* SecurityAlgorithms Group of Experts (SAGE) 2G/3G Mobile3GPP* EMTEL DECT TETRA LawfulInterception(LI) Mobile Commerce** AT Next GenerationNetworks(TISPAN) ElectronicSignatures(ESI) SmartCardPlatform(SCP) Fixed and Convergent Networks Information TechnologyInfrastructure Smart Cards * ETSI is a founding partner for this partnership project ** Closed Committee

  5. TETRA • TErrestrial Trunked Radio • Mobile radio communications • Used for public safety services • Security features include: • Mutual Authentication • Encryption • Anonymity

  6. Mobile Security • IMEI (International Mobile Equipment Identity) • Protection against theft • Physical marking of the terminal • Blacklisted by operator if stolen • FIGS (Fraud Information Gathering System) • Monitors activities of roaming subscribers • Home network informed • Fraudulent calls identified terminated • Priority • Public safety service • Allows for high priority access • Location

  7. Algorithms • ETSI is a world leader in creating cryptographic algorithms and protocols to prevent fraud and unauthorised access to ICT and broadcast networks, and to protect customers’ privacy • ETSI SAGE (Security Algorithm Group of Experts) • Centre of competence for algorithms in ETSI • Algorithms for: • DECT • GSM, GPRS, EDGE • TETRA • UMTS • …

  8. Smart Card Standardization • ETSI Smart Card Standardization • ETSI Technical Committee Smart Card Platform (TC SCP) • GSM SIM Cards: among most widely deployed smart cards ever • Work extended with UMTS USIM Card and UICC Platform • Current challenges • Expand the smart card platform • Implement Extensible Authentication Protocol (EAP) in Smart Cards • Allow users access to global roaming • UICC platform in secure financial transactions over mobile communications systems

  9. Lawful Interception • Delivery of intercepted communications to Law Enforcement Authorities • To support criminal investigation • To counter terrorism • Applies to any data in transit • ETSI Technical Committee LI • defines the Handover interface • from the Operator to the Law Enforcement Authorities

  10. Data Retention • Data generated/processed in electronic communications services need to be retained • Required by EC since 2006 (Directive 2006/24/EC) • Retention of Data is similar to LI • Concerns stored traffic, rather than traffic in transit (LI) • ETSI TC LI currently working on three deliverables • Requirements • Specification for Handover interface • Security framework in Lawful Interception and Retained Data environment

  11. Electronic Signatures • ETSI and CEN co-operation on the European Electronic Signature • Goal: provide Europe with a reliable electronic signatures framework • Enabling electronic commerce • Supporting eSignature EC Directive • Current challenges • eInvoicing • Registered EMail (REM) • International collaboration • Certificate Policy mapped and aligned with US policy • XML Signature Standard adopted in Japan

  12. Future Challenges • ETSI addressing a number of areas • Issues on security are still open • Security Metrics • RFID Security and Privacy • … • ETSI is ready to address these challenges • Supporting its Members • Following its Members’ requirements • Collaborating with other SDO’s

More Related