International Telecommunication Union

1
Global Standards Collaboration (GSC) 14
TIA
Security and Lawful Intercept
1
Geneva, 13-16 July 2009
2
Current Activities - Security

• TIA Committee TR-45 supports security standards
  development for US TDMA (TIA-136) and CDMA
  (TIA-2000 and TIA-856)
• Most of TR-45s work involves transposition of
  specifications developed by 3GPP2 TSG-S WG4
• Current efforts
• Security framework for Femto-cells
• Update of the Common Cryptographic Algorithms
  (CCA)

2
Geneva, 13-16 July 2009
3
Current Activities - Security

• Engineering Committee TR-8 has a subcommittee
  focused on Encryption Standards, TR-8.3
• A block encryption Protocol document,
  TIA-102.AAAD-A has been approved for ballot in
  2009
• TR-8 has standards for Advanced Encryption, Data
  Encryption, and OTAR
• For overviews of these areas see
  ANSI/TIA-102.AAAB-A, ANSI/TIA-102.AAAB-A, and
  TIA-102.AACB

3
Geneva, 13-16 July 2009
4
Strategic Direction

• TIA expects its TR-45 security work to continue
  to be driven by 3GPP2
• Much of 3GPP2 security work is input taken
  directly from IETF or 3GPP documents
• There is at present little need for new work by
  TIA on security in TR-45
• Equipment Numbering Identifier security (e.g.,
  MEID, IMEI, ESN)
• Consider an International regulatory adoption of
  common Equipment Numbering Identifier security
  requirements
• TR-34 will be reviewing adding authentication
  security per flow to TIA-1039
• This will be an important improvement to network
  security

5
Challenges

• Inconsistent implementation of security in the
  networks
• Security is perceived as preventing fraud
  adequately, may lead to complacency in some
  systems
• Cost and complexity are usually cited as reasons
  for not using authentication

6
Next Steps/Actions

• TIA plans to continue to monitor the security
  environment faced by operators and users
• Any issues identified that are not addressed by
  3GPP or 3GPP2 will be studied by TR-45
• TR-8, TR-34, and other TIA Engineering Committees
  will continue to work on Security requirements in
  their respective standards scope

7
Global Standards Collaboration (GSC) 14
Lawful Intercept
7
Geneva, 13-16 July 2009
8
Current Activities

• TIA TR-45.8 (Core Network)
• Recently published TIA-1118, LAES (Lawfully
  Authorized Electronic Surveillance) for cdma2000
  WLAN Interworking
• Lawful Intercept of subject accessing cdma2000
  packet data services via a WLAN
• FBI-CIU request for new project, LAES for
  cdma2000 Femtocells

8
Geneva, 13-16 July 2009
9
Current Activities in TR-45.8

• TR-45.8 LI Group developed a Report for TR-45 on
  Potential Technical Impacts of the Department of
  Justice (DOJ) petition to the FCC regarding
  asserted deficiencies in the LAES Capabilities
  for cdma2000 Packet Data Services (as specified
  in ANSI/J-STD-025-B)
• Asserted deficiencies include
• More precise location information
• Reporting of summary communication content packet
  header information as IRI
• More precise timing information
• Security, Performance, and Reliability
  enhancements
• No projects have been undertaken to address the
  impacts identified in the report
• Awaiting a final ruling from the FCC
• Report shared with ATIS PTSC LAES and WTSC LI
  Groups

9
9
9
9
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
10
Security and Lawful Intercept in ISO TC 204

• TIA is International Secretariat to ISO TC 204
  and US TC204 TAG ADMIN
• TR 11766 Lawful Interception in ITS and CALM
• TR 11769 Data retention for law enforcement in
  ITS and CALM
• NP 13181-1 CALM Security Part 1 Framework
• NP 13181-2 CALM Security Part 2 Threat
  Vulnerability and Risk Analysis
• NP 13181-3 CALM Security Part 3 Objectives and
  requirements
• NP 13181-4 CALM Security Part 4 Countermeasures

10
10
10
10
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
11
Strategic Directions

• For TR-45 Continue collaboration and coordination
  with LI development in groups such as ATIS WTSC
  and PTSC and 3GPP SA3 LI.
• Other TIA-supported activities will continue to
  evolve and enhance their standards as the Threat,
  the Technology, and Timing (need for faster
  implementations) - the 3 Ts keep changing.

11
11
11
11
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
12
Challenges

• Final rulings of DOJ petition could impact or
  affect capabilities supported by other
  technologies.
• Imperative to maintain close coordination with
  other LI groups.
• Keeping pace with support of LI capabilities with
  the ongoing introduction of new features and
  services while maintaining LI standards already
  implemented
• Consideration of the unique issues presented with
  access to the Internet
• e.g., Local Breakout
• Communications protocols involved in New and
  Novel Technology areas such as Smart Grid.

12
12
12
12
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
13
LI Next Steps/Actions TR-45

• LAES for new CDMA features and services
• New work item introduced in June for support of
  LI for Femto Cells
• Assess LAES impact on the eHRPD
• Possible support for Server-based conferencing

13
13
13
13
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
Geneva, 13-16 July 2009
14
Supplementary Slides
15
Recent TR-45 Security Standards

• TIA-946-A Enhanced Cryptographic Algorithms
• TIA-1097-A Security Mechanisms Using GBA
• TIA-1098-A Generic Bootstrapping Architecture
  (GBA) Framework
• TIA-1141 IMS Security for 2G R-UIMs