Information Security Standardisation the ETSI perspective - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

Information Security Standardisation the ETSI perspective

Description:

Attackers taking advantage of it become more powerful ... and unauthorised access to ICT and broadcast networks, and to protect customers' privacy ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 33
Provided by: charlesb152
Category:

less

Transcript and Presenter's Notes

Title: Information Security Standardisation the ETSI perspective


1
Information Security Standardisationthe ETSI
perspective
  • Charles Brookson
  • ETSI OCG Chairman UK DTI
  • cbrookson_at_iee.org
  • Dionisio Zumerle
  • ETSIdionisio.zumerle_at_etsi.org

2
Agenda
  • Introduction
  • Mobile and Wireless Security
  • Algorithms
  • Smart Cards
  • Next Generation Networks Security
  • Lawful Interception
  • Electronic Signatures
  • Future Challenges

3
Security in Design and Implementation
  • Security is not an optional feature
  • Security must be a core concern in the design
    phase
  • Technology provides ever more potential
  • Attackers taking advantage of it become more
    powerful
  • Security failures are not just an embarrassment
  • they cause substantial financial loss
  • they directly affect the stock value of companies
  • In some cases security can be a winning driver
    for the success of new products and services

4
Security in Standardisation
  • Information Security Standards are essential to
    ensure interoperability
  • Standardisation ensures compliance of products
    with
  • Adequate levels of security
  • Legislative action
  • Information Security Standardisation facilitates
    economic realization and cost reduction
  • ETSI has 20 years of experience in Security
  • Other European Standards Organisations
  • CEN
  • CENELEC

5
What is ETSI?
  • A European Standards Organization
  • Setting globally-applicable standards for
  • Telecommunications
  • other Electronic Communications networks and
    services
  • Independent, not-for-profit, created in 1988
  • The home of GSM
  • A founding partner of 3GPP
  • ISO 90012000 certified
  • Offering direct participation
  • We have more than 16 000 publications - freely
    available!

6
ETSI Committees per Security Areas
Mobile/Wireless
Algorithms
Emergency Telecommunications
SES
MESA
SecurityAlgorithms Group of Experts (SAGE)
2G/3G Mobile3GPP
EMTEL
DECT
TETRA
LawfulInterception(LI)
Mobile Commerce
AT
Next GenerationNetworks(TISPAN)
ElectronicSignatures(ESI)
SmartCardPlatform(SCP)
Fixed and Convergent Networks
Information TechnologyInfrastructure
Smart Cards
ETSI is a founding partner for this partnership
project Closed Committee
7
Agenda
  • Introduction
  • Mobile and Wireless Security
  • Algorithms
  • Smart Cards
  • Next Generation Networks Security
  • Lawful Interception
  • Electronic Signatures
  • Future Challenges

8
GSM and 3G
  • IMEI (International Mobile Equipment Identity)
  • Protection against theft
  • Physical marking of the terminal
  • Blacklisted by operator if stolen
  • FIGS (Fraud Information Gathering System)
  • Monitors activities of roaming subscribers
  • Home network informed
  • Fraudulent calls identified terminated
  • Priority
  • Public safety service
  • Allows for high priority access
  • Location

9
TETRA
  • TErrestrial Trunked Radio
  • Mobile radio communications
  • Used for public safety services
  • Security features include
  • Mutual Authentication
  • Encryption
  • Anonymity

10
Agenda
  • Introduction
  • Mobile and Wireless Security
  • Algorithms
  • Smart Cards
  • Next Generation Networks Security
  • Lawful Interception
  • Electronic Signatures
  • Future Challenges

11
Algorithms
  • ETSI is a world leader in creating cryptographic
    algorithms and protocols to prevent fraud and
    unauthorised access to ICT and broadcast
    networks, and to protect customers privacy
  • ETSI SAGE (Security Algorithm Group of Experts)
  • Centre of competence for algorithms in ETSI
  • Algorithms for
  • DECT
  • GSM, GPRS, EDGE
  • TETRA
  • UMTS

12
GSM and UMTS Algorithms
  • GSM and EDGE
  • A3, A5 and A8 used in most GSM networks all
    over the world
  • GPRS
  • GEA3 encryption algorithms used
  • UMTS radio interface (UTRA)
  • UEA1 and UIA1Providing Encryption and Integrity
  • UEA2 and UIA2 just released
  • For more info ETSI TR 133 908

13
Agenda
  • Introduction
  • Mobile and Wireless Security
  • Algorithms
  • Smart Cards
  • Next Generation Networks Security
  • Lawful Interception
  • Electronic Signatures
  • Future Challenges

14
Smart cards
  • Smart cards
  • Micro-processor equipped Tokens
  • Able to store and process information
  • Private key
  • Biometric template
  • Provide Strong Authentication
  • Used in
  • Banking
  • Healthcare
  • Telecoms
  • IT

15
Smart Card Standardization
  • ETSI Smart Card Standardization
  • ETSI Technical Committee Smart Card Platform (TC
    SCP)
  • GSM SIM Cards among most widely deployed smart
    cards ever
  • Work extended with UMTS USIM Card and UICC
    Platform
  • Current challenges
  • Expand the smart card platform
  • Implement Extensible Authentication Protocol
    (EAP) in Smart Cards
  • Allow users access to global roaming
  • UICC platform in secure financial transactions
    over mobile communications systems

16
Agenda
  • Introduction
  • Mobile and Wireless Security
  • Algorithms
  • Smart Cards
  • Next Generation Networks Security
  • Lawful Interception
  • Electronic Signatures
  • Future Challenges

17
ETSI TISPAN WG7
  • NGN concept fixed-mobile network convergence to
    packet-switched technology delivering multimedia
    services
  • ETSI extending the 3GPP IMS concepts in TISPAN
    Committee designing NGN
  • (TISPAN Telecommunication and Internet
    converged Services and Protocols for Advanced
    Networking)
  • Working Group 7 NGN competence centre for
    security with a group of security experts
  • WG7 standardizes NGN security

www.tispan.org
18
ETSI TISPAN Security
  • NGN Release 1 Security Architecture includes
  • Definition of Security Domains
  • Definition of Security Services
  • confidentiality
  • Integrity
  • Availability
  • Security Design Guide
  • Common Criteria framework used
  • For each new network component

19
NGN Security Standards
NGN Architecture (NASS, RACS, )
IMS Security Architecture
NGN Release 1 Security Requirements TR 187 001
NGN Release 1 Threat, Vulnerabilities, Risk
Analysis TR 187 002
NGN Release 1 Security Architecture TS 187 003
Security Domains
Countermeasures
Security Functions
Security Services
Security Components and Building Blocks
NGN Release 2 Security Architecture
20
Agenda
  • Introduction
  • Mobile and Wireless Security
  • Algorithms
  • Smart Cards
  • Next Generation Networks Security
  • Lawful Interception
  • Electronic Signatures
  • Future Challenges

21
What is Lawful Interception?
  • Delivery of intercepted communications to Law
    Enforcement Authorities
  • To support criminal investigation
  • To counter terrorism
  • Applies to data in transit
  • not a search of records
  • Applied to any data in transit
  • Signalling
  • Speech
  • Video
  • Email
  • Web

22
Simple architecture
Interception interface
target
Handover interface
Monitor
23
Agenda
  • Introduction
  • Mobile and Wireless Security
  • Algorithms
  • Smart Cards
  • Next Generation Networks Security
  • Lawful Interception
  • Electronic Signatures
  • Future Challenges

24
Electronic Signatures
  • ETSI and CEN co-operation on the European
    Electronic Signature
  • Goal provide Europe with a reliable electronic
    signatures framework
  • Enabling electronic commerce
  • Supporting eSignature EC Directive
  • Current challenges
  • eInvoicing
  • Registered EMail (REM)
  • International collaboration
  • Certificate Policy mapped and aligned with US
    policy
  • XML Signature Standard adopted in Japan

25
Agenda
  • Introduction
  • Mobile and Wireless Security
  • Algorithms
  • Smart Cards
  • Next Generation Networks Security
  • Lawful Interception
  • Electronic Signatures
  • Future Challenges

26
Need for further action
  • ETSI Future Security Workshop
  • Held in January 2006, Sophia-Antipolis France
  • Assessment of gaps in Security Standards
  • Recommendations for future work areas
  • Coming up 2nd Workshop in January 2007
  • EC Communication on a strategy for a Secure
    Information Society COM(2006) 251
  • Requesting concrete action from Europe in
    Security
  • Industry-driven, with possible standardization
  • 5-13 of IT expenditure in Security according to
    EC
  • Need for further standardization!

27
Future Challenges (1/4)
  • NGN
  • Co-ordination between multitude of bodies
  • Alignment between fixed and mobile security
    techniques
  • Product Proofing
  • Identifying and analyzing the threats when
    designing products
  • EC Mandate M/355
  • Need for set of standards to be produced

28
Future Challenges (2/4)
  • DRM
  • Content ever more a key asset to be protected
    from unauthorized access
  • No single effective DRM standard exists
  • Great number of technical issues to be defined
  • Optimal layer
  • Device specific VS device agnostic
  • Online VS offline verification
  • Privacy
  • Definition of privacy levels for users

29
Future Challenges (3/4)
  • Retained Data
  • 2006/24/EC Directive of the European Parliament
  • Information on telephone calls and Internet use
    would be kept for six to twelve months
  • ETSI TC LI has started to address the subject
    with a series of specifications that are being
    currently produced
  • Mobile Terminal Security
  • Attacks on mobile data platforms, especially
    employee PDAs
  • Antivirus, firewall, IDS to prevent DoS attacks

30
Future Challenges (4/4)
  • Online Banking Security
  • High levels of Trust and Privacy paramount
  • Need for enterprise transactional SOA (Service
    Oriented Architecture) standard
  • Collaboration between banking, telecom and IT
    standardization
  • RFID
  • Used to prevent illicit tracking and cloning of
    tags
  • Lighter encryption algorithms needed
  • ETSI ERM TG34 producing specifications on RFID

31
Conclusions
  • ETSI is a leader in European ICT Security
    Standardsand also Globally
  • Future Security Standards are the next challenge
  • ETSI can meet that challenge

32
Thank you for your attention
  • cbrookson_at_iee.org
  • dionisio.zumerle_at_etsi.org
  • portal.etsi.org/securityworkshop
Write a Comment
User Comments (0)
About PowerShow.com