fostering worldwide interoperabilitygeneva, 13-16 july 2009 overview of security work in etsi...

Fostering worldwide interoperabilityGeneva, 13-16 July 2009

Overview of Security work in ETSI

Presenter: Mike Sharpe , VP ETSI ESPSource: Charles Brookson, Chairman OCG Security

Global Standards Collaboration (GSC) 14

DOCUMENT #: GSC14-PLEN-033

FOR: Presentation

SOURCE: ETSI

AGENDA ITEM: PLEN 6.3

CONTACT(S): Charles Brookson

Fostering worldwide interoperability 2Geneva, 13-16 July 2009

Next Generation Networks (NGN)Mobile/Wireless Communications (GSM/UMTS, TETRA, DECT…)Lawful Interception and Data RetentionElectronic SignaturesSmart CardsAlgorithmsEmergency Communications / Public SafetyRFIDQuantum Key Distribution (QKD)In 3GPP: SAE/LTE and Common IMS

Highlight of Current Activities (1)


Different NGN activitiesCoordination, e.g. TISPAN WG7 and 3GPP SA3 is regular, but many others.

Different LI activitiesMost Manufacturers and Operators work through TC LI and 3GPP LI, but there are others. Diffusion of expertise.

Changes in economic conditionsLess input, less involvement.

Challenges


Review and evaluate at annual workshop

ETSI to address open issues on securityPrioritisation in security standardisation

Privacy / Identity Management, Security Metrics

How to “evaluate” security standards in implementation

ETSI is ready to address these challengesProactively supporting its Members according to requirements and trends

Proactively promoting security standardisation

In collaboration with other SDOs

And any stakeholders

Next Steps/Actions


ETSI achievements and current work in all security areasSecurity Workshop (No. 5 January 20-22 2010) (www.etsi.org/SECURITYWORKSHOP)

Edition No. 2 published in October 2008Carmine Rizzo (ETSI Security point of reference)Charles Brookson (Chairman of ETSI OCG Security)

http://www.etsi.org/WebSite/document/Technologies/ETSI-WP1_Security_Edition2.pdf

ETSI Security White Paper and Workshop


Supplementary Slides


Operational Co-ordination ad hoc Group on Security (OCG Sec)

Chairman: Charles Brookson

Horizontal co-ordination structure for security issues

Ensure new work is addressed by proper TB Detect any conflicting or duplicate work

OCG Security


ETSI TISPAN WG7 standardizes NGN security

TISPAN: TTelecommunication and IInternet converged SServices and PProtocols for AAdvanced NNetworking

AchievementsSecurity Requirements, Design Guide, ArchitectureAnalysis of risks and threats

Current workLawful Interception / Data RetentionIPTV, RFID, safety services (emergency communications)

ETSI NGN Security standardisation


Security Standardisation: key success factor for GSMIMEI (International Mobile Equipment Identity)

Protection/deterrent against theftFIGS (Fraud Information Gathering System)

Terminate fraudulent calls of roaming subscribers

Safety Services (enhancements for UMTS)Priority access for specific user categoriesLocation services

GSM/UMTS


TErrestrial Trunked RAdioMobile radio communications

Used for public safety services (e.g. emergency scenarios)

Security featuresMutual AuthenticationEncryption

Anonymity.

TETRA


TB ESI (Electronic Signatures and Infrastructures)

Supports eSignature EC Directive – in cooperation with CENCreated ETSI electronic signaturesSuccessful international collaboration (US, Japan)

Current workDigital accounting (eInvoicing)Registered EMail (REM) frameworkETSI electronic signatures in PDF documents

Electronic Signatures


ETSI Smart Card StandardisationTB Smart Card Platform (SCP)GSM SIM Cards: among most widely deployed smart cards everWork extended with USIM Card and UICC Platform

Current workFurther extend the smart card and UICC platforms

Global roamingSecure financial transactionsOperate in M2M communications

Smart Cards

USIM: UUMTS SSubscriber IIdentity MModuleUICC: UUniversal IIntegrated CCircuit CCardM2M: MMachine-to-MMachine


ETSI is world leader in creating cryptographic algorithms / protocols

ETSI SAGE (Security Algorithm Group of Experts)ETSI is owner and/or custodian of a number of security algorithms

Algorithms for GSM, GPRS, EDGE, UMTS, TETRA, DECT, 3GPP …Developed

UEA1 (standard algorithm for confidentiality)UIA1 (standard algorithm for integrity)

Developed also a second set of algorithmsUEA2 and UIA2, fundamentally different in nature from UEA1 and UIA1Advances in cryptanalysis are unlikely to impact both sets of algorithm

Algorithms


EMTEL (ETSI Special Committee on Emergency Telecommunications)

Co-operation with other TBs and partnership projects, including 3GPPRequirements for telecommunications infrastructure

MESA (Mobility for Emergency and Safety Applications)

Partnership project: ETSI, TIA (USA), other members globallyDefine digital mobile broadband “system of systems” (interoperability is key!)

Emergency Communications / Public Safety


GSM onboard aircraftsPrevent undesired communications

Between terrestrial networks and handheld terminals on aircrafts!

GSM eCallsAutomatic emergency calls from vehicles

In case of crash or other catastrophic events

GSM Direct Mode Operations (DMO)Terminals to communicate directly

In tunnels (e.g. railways) or breakdown of Telecomms network infrastructure

GSM ongoing work (public safety)


System Architecture Evolution / Long Term Evolution (SAE/LTE)

Deliver Global Mobile Broadband at increased data throughputSecurity features: integrity and confidentiality

Developed in 3GPP and ETSI SAGE

SAE/LTE and Common IMS (in 3GPP)


RFID Security and Privacy by design

In TISPAN WG7 to act on EC Mandate December 2008 (M 436)

RFID as gateway for the future “Internet of Things” (IoT)

RFID


New ETSI Industry Specification Group (ISG)

Create an environment for quantum cryptography in ICT networks

Security Assurance RequirementsRequirements for users, components, applications

Security certification of quantum cryptographic equipment

Quantum Key Distribution

fostering worldwide interoperabilitygeneva, 13-16 july 2009 overview of security work in etsi...

Documents