Upload
cameron-moody
View
215
Download
0
Embed Size (px)
Citation preview
23-04-19
Security and LI;Security and LI; ETSI’s role in standards ETSI’s role in standards
1 GSC-9, Seoul
SOURCE: ETSI (TC LI)
TITLE: Security and LI; ETSI’s role in standards
AGENDA ITEM: Joint 4.3
CONTACT: Scott Cadzow ([email protected])
GSC9/Joint_013
23-04-19
SecuritySecurity
New challenges and maintenance
GSC-9, Seoul
ETSI’s track recordETSI’s track record• ETSI works in Protocols, Algorithms and Systems
• Specialist Technical Bodies– Develop protocols and security frameworks– Authentication, key distribution, signature– Examples: TETRA, DECT, DVB, GSM/UMTS
• Algorithm expertise– SAGE offer crypto design, testing and analysis services– Develop public and restricted algorithms including A5/x, Milenage,
TETRA-TEAx, …
• Systems– Electronic signature, e-commerce, TETRA, TISPAN
GSC-9, Seoul
Smart cards
• SCP – Smart Card Platform Group– Mobile radio - 3G and GSM and other standards
• Objective is to make multi application cards– Additional Communication and Financial applications– Machine readable cards– Access tokens in public transport– Banking and payment– Healthcare
GSC-9, Seoul
Major area of workMajor area of work
• In following ETSI’s remit as a telecommunications standardisation body primary focus to date has been:
– ComSec – Communications Security
• Primarily provision of security equivalent to the fixed network for radio based access technologies– TETRA, DECT, GSM/UMTS
GSC-9, Seoul
New environment, new challengesNew environment, new challenges
• Telecommunications not telephone network• Service providers often not networking providers• Convergence of IT and tele-communications
– ITSec joins ComSec• Fixed network not as trusted as 10 years ago
– Equivalence to fixed network no longer sufficient– Packet versus circuit challenge– Routing versus switching challenge– Mix of traffic sharing the network– Mix of traffic value on shared network
• Mobility of users no longer just a radio problem– Number portability– Remote access
GSC-9, Seoul
New challenge - AssuranceNew challenge - Assurance
• NIS report stresses importance of assurance– Information Technology based (ITSec, Common Criteria)– Recommendation to extend to ComSec– Challenge is how?
• ETSI, through TISPAN, will answer this challenge– Guide to use of methods for security standards development to
allow compliant products to achieve assurance level– Conformance as well as interoperability based
23-04-19
Lawful interceptionLawful interception
Interception challenges and Handover capabilities
GSC-9, Seoul
What is lawful interception?What is lawful interception?
• Used in the support of criminal investigation and to counter terrorism
• Applies to data in transit– It is not a search of records
• Applied to any data in transit– Signalling– Speech– Video– E-mail– Web– Etc.
GSC-9, Seoul
Why ETSI?Why ETSI?
• Source of many communications protocols– Knowledge centre for how to intercept
• Membership driven– National and regional requirement to support LI identified to
members– Lower cost to members if protocol and data model is standard
(one model fits wherever the communications protocols are used)
GSC-9, Seoul
Simple architectureSimple architecture
target
Correspondent
Monitor
Handover interface
GSC-9, Seoul
More technicallyMore technically
GSC-9, Seoul
Who does what in ETSI?Who does what in ETSI?
• Division by function:– Handover– Interception
• Handover:– Led by TC LI– Defines means for delivering intercepted signalling and
communication to LEMF
• Interception:– Performed within technology TBs– Defines how technology specific data is intercepted
GSC-9, Seoul
The documents (handover)The documents (handover)
• Architecture– TR 101 943v111, Concepts of Interception in a Generic Network
Architecture
• Handover
– ES 201 671, Handover interface for the lawful interception of telecommunications traffic
• This covers handover for 64kb/s switched networks (Annex A), packet switched handover (Annex B), use of ROSE (or FTP) for HI2 (Annex C)
– TS 102 232, Handover Specification for IP Delivery
GSC-9, Seoul
The documents (interception)The documents (interception)• TETRA: EN 301 040
• GSM/3GPP: TS 133 108 V5.3.0 (33.108 version 5.3.0 Release 5)
• E-mail: TS 102 233
• Internet access: TS 102 234
• TIPHON/TISPAN: TS 102 277 (in draft)
• ISDN: TR 102 053 V1.1.1
• Cable: TS 101 909-20-1, TS 101 909-20-2 (in draft)
GSC-9, Seoul
ChallengesChallenges
• Broadband– Interception and handover– Identification and capacity
• Multi-provider environment– One target many provider relationships
• Network• Service• Content
• NGN– Object based capabilities rather than services– Open architectures with open provision– End user service logic