90 likes | 166 Views
Stefan Goeman. Network and Information Security Report ICTSB/NISSG. Background. Existing NIS-Report from 2003 The new EU Report
E N D
Stefan Goeman Network and Information Security ReportICTSB/NISSG
Background • Existing NIS-Report from 2003 • The new EU Report • Communication form the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions: A strategy for a Secure Information Society –“Dialog, partnership and empowerment” • A lot of new developments in Network and Information Security
My Expertise • Each member of the team has some specific expertise. In my case, this is: • ICT Industry, Telecom, ISP • Authentication protocols • Web Service Security • Identity Management • E-government Belgium eID card • Digital Rights Management
ICT Industry, Telecom and ISPs • Web Services Security (WS-Sec): E-buisiness environment is based on Web Services. Therefore security for web services is necessary (i.e. securing SOAP messages end-to-end) • The following specifications make up WS-Sec 1.1 OASIS standard: • WS-Security Core Specification 1.1 • Username Token Profile 1.1 • X.509 Token Profile 1.1 • SAML Token Profile 1.1 • Kerberos Token Profile 1.1 • Rights Expression Language (REL) Token Profile 1.1 • SOAP with Attachments (SWA) Profile 1.1 SOAP: SIMPLE Object Access Protocol
ICT Industry, Telecom and ISPs • IETF is an important contributor to security standardization. • With respect to network security, following specifications are important, and included in the report: • IPsec protocol suite: (IETF IPsec work group is concluded) • RFC4301: Security architecture for the Internet Protocol. • RFC4302: Authentication Header security protocol. • RFC4303: Encapsulating Security Payload protocol. • RFC4306: The Internet Key Exchange (IKEv2) protocol. • … • TLS protocol suite: • RFC4346: The Transport Layer Security (TLS) Protocol Version 1.1 • RFC4366: Transport Layer Security (TLS) Extensions • RFC4492: ECC Cipher Suites for Transport Layer Security (TLS) • RFC4279: pre-Shared Key Ciphersuites for TLS • … • Protocols for securing the infrastructure: DNS security, ENUM security, security of routing protocols (BGP, OSPF)
Identity (and Privacy) Management • Form an end-user’s point of view, identity and privacy management is (becoming) very important! • Two initiatives: Industry for a, not really standardization bodies. Rely on other standards • Liberty Alliance Project: Industry forum defining specifications in the area of identity management (single-sign-on, privacy management via pseudonyms, … ) and Identity based web services • Based on Web Services specifications: The web services specifications are more loosely coupled, but it is possible to realize identity management based on specifications like: • WS-Federation • Currently not included in the report SAML: Security Assertion Markup Language
E-government • Belgium eID card • PKI-based solution: eID card contains 2 certificates. • E-government applications: • Request official documents via the Internet (birth certificate, …) • Fill in and sign your tax form. • Access to your own personal information (https://www.mijndossier.rrn.fgov.be) • Will replace the electronic health insurance card (SIS card) • … • Other applications (not related to e-government): • Secure chat boxes • Libraries • Hotel room reservation • … • Currently not yet included in the report
Digital Rights Management • Currently not in scope of new NIS-Report • Many proprietary systems available (Apple iTunes, Windows Media DRM, …) and only few standards available: • OMA DRM v1 and v2 • In general DRM system all do more or less the same thing. The differences lie in details like content formats and rights expression languages OMA: Open Mobile Alliance
Contributions to the report • Providing the context for security for Next Generation Networks • Evolution from SS7 based telco systems (closed systems) to VoIP (SIP-based) telco systems (more open systems) • Providing an update of section 9.4 on Network Encryption: • Updates on IPsec • Updates on TLS • Inclusion of Web Services Security