Security

1
Security Regulatory Issues in NGN
FORUM ON NEXT GENERATION STANDARDIZATION
(Colombo, Sri Lanka, 7-10 April 2009)

• NK Goyal
• President, Communications Manufacturing
  Association of India (CMAI)
• Chairman Emeritus, Telecom Equipment
  Manufacturers Association of India (TEMA)
• Director, National Fertilizers Ltd. NFL ( Govt.
  of India Undertaking)
• 7-10th April, 2009 Sri Lanka
• nkgoyals_at_nkgoyals.com
  nkgoyals_at_yahoo.co.in
• 91 98 111 29879
• www.nkgoyals.com

2
Indian Telecom Sector

• 281 Access service licensees. Of these, 121 UAS
  licenses were awarded in January, 2008.
• The total number of telephone connections stood
  at 400.05 million at the end of January, 2009.
  Second largest in world.
• Monthly additions 10-15 Millions
• The overall tele-density is 40.50 and the rural
  tele-density is only 13.13.

3
Next Generation Networks

• An ITU-T defined telecommunications Network
  architectures Technologies
• NGN is a broadband Network where service layer,
  transport layer application layers have an
  independent function of each other
• An Internet with an IMS architecture is NGN
• An evolutionary approach from PSTN/ISDN networks
  to advanced network called NGN
• Move from current H.323 protocol to Session based
  Session Initiation Protocol

4
Security
Regulation of Plain Old Telephone Service
(POTS)
Privacy
Consumer protection
NGN
Quality of Service
Numbering
Emergency Access
Competition
Interconnection
Next Generation Longer term issues

• Core policy areas
• Competition (level-playing field),
  Interconnection
• Consumer (QOS, privacy, emergency access)
• Security legal interception
• Scope for self-regulation

Short term issues
Regulatory implications of NGN
4
Source ASTAP05_WS.IPNGN-09
5
Typical attacks in SIP

• Malformed Message Attacks
• Buffer Overflow Attacks
• Denial-of Service attacks
• RTP session hijacking
• Injection of unauthentic RTP packets into
  existing RTP flows
• Re-use of compromised SIP credentials
• Hostile SIP network elements

6
Session Border Controller

• An insecure network cannot charge for its use or
  provide a guaranteed QoS service, because
  unauthorized users cannot be prevented from
  overusing limited network resources.
• SBCs can provide security and protection against
• unauthorized access into the trusted network
• invalid or malicious calls, including Denial of
  Service (DoS) attacks
• bandwidth theft by authorized users
• unusual network conditions, for example a major
  emergency.

7
NGN Security

• Security requirements for Transport
• Home Network domain
• Core Network
• Interfaces
• Security requirements for Service
• IMS domain
• Transport stratum to IMS domain
• IMS to Application domain security
• Application domain security
• Home Network to Application domain security
• Home Network-to-IMS domain security
• Open service platform to valued-added service
  provider security

8
LI Challenges

• Majority of mass telecommunication traffic today
  doesnt traverse any part of the well-controlled
  Circuit Switched network
• IP multimedia traffic between GPRS/UMTS mobile
  phones
• The traffic to and from Internet exchanged on
  high bandwitdhISPs (ADSL, FTTH, cable)
• Telephone traffic between two VoIP terminals,
  maybe connected to different VoIP operators.
• Encrypted traffic without proper mechanisms
• Decentralized Peer to Peer networks

9
Challenges for NGN security

• Network Address Translation (NAT) Calls may not
  materialized in due to NAT implementation in some
  router firewall.
• SIP Message are sent in plain, uuencoded text
  although encryption option is available but there
  is no standard.
• RTP Vulnerable to interception alteration
• Code script attacks SIP phone are potentially
  vulnerable to attack from executable code or
  scripts. It may results in denial of service.
• No standard Spam detection solutions

10
Cyber Security

• With the growing number of applications to
  exploit on the converged Mobile IP Networks, a
  plethora of online avenues and revenues to
  pilfer, and many more corporate networks to hack,
  cyber-criminals appear to have no shortage of
  targets to pursue.
• The heightened interest and response from law
  enforcement worldwide in bringing cyber criminals
  to justice may well result in malicious hackers
  being increasingly aggressive and creative in
  their efforts.
• The threat of Malware, Trojans and lots others
  and its impact to operators is also big
  challenge.

11
Summary of Next Gen Security Other
aspects

• 3G/NGN/4G/IMS security issues seems to remain a
  threat for a good amount of time in near future.
  
• Technical security of NGN systems well designed
  but likely to suffer implementation problems
• Increased connectivity means the security
  exposure will become more serious and harder to
  manage
• Protocols such as SIP (e.g. in IMS model) likely
  to be abused by NGP (next generation phreakers)
• Open and distributed nature
• Lack of inherent security mechanisms
• Increasingly complicated network concept
• Running of mission critical Applications
• Deployed before fully matured likely to cause
  operational problems
• Few expert solutions for effective management
• Require time and Cost consuming
• Integration and configuration

12
Where is my cell phone mama..

I want to SMS to God that I have reached safely!