ngn- regulatory and security issues s. k. gupta, advisor (cn&it) telecom regulatory authority of...
TRANSCRIPT
NGN- NGN- Regulatory and Regulatory and Security IssuesSecurity Issues
S. K. Gupta, Advisor (CN&IT)Telecom Regulatory Authority of India
AgendaAgenda
BackgroundBackground
10/04/23 2TRAI
NGN Regulatory Imperatives
NGN Regulatory Imperatives
NGN Security Imperatives NGN Security Imperatives
BackgroundBackground
Why Regulate NGN ?
Why NGN?◦ Convergence of Telecom,
Information Technology & Broadcasting
◦ Digitization of Content◦ Miniaturization of devices
and increasing computing power
◦ Multi functional Devices
Why NGN?◦ Convergence of Telecom,
Information Technology & Broadcasting
◦ Digitization of Content◦ Miniaturization of devices
and increasing computing power
◦ Multi functional Devices
10/04/23 3TRAI
NGN- Regulatory NGN- Regulatory Approaches Approaches
1. Wait and Watch
2. Facilitate NGN
3. Promote NGN
1. Wait and Watch
2. Facilitate NGN
3. Promote NGN
10/04/23 4TRAI
NGN- Essentials NGN- Essentials High Internet
/Broadband Penetration
Converged Regulatory approach
Killer Applications
Availability of suitable content
Source: www.internetworldstats.com
High Internet /Broadband Penetration
Converged Regulatory approach
Killer Applications
Availability of suitable content
Source: www.internetworldstats.com
10/04/23 5TRAI
NGN- Regulatory NGN- Regulatory ImperativesImperatives
Increasing Internet/ Broadband Penetration
◦Low wireline penetration
◦Spectrum- scarce resources, may not be able to cater for huge BW required in future
◦High cost of subs premises equipment
◦Harmonization of spectrum utilization
◦ Increase optical fibre penetration
Increasing Internet/ Broadband Penetration
◦Low wireline penetration
◦Spectrum- scarce resources, may not be able to cater for huge BW required in future
◦High cost of subs premises equipment
◦Harmonization of spectrum utilization
◦ Increase optical fibre penetration
Source : OECD
10/04/23 6TRAI
Technology End Device Price (in $)
2G > 30
WCDMA <100
CDMA EV-DO
<100
WiMAX <100
NGN- Regulatory ImperativesNGN- Regulatory Imperatives Killer Applications
◦ Encourage developments of user friendly applications
◦ Development of content in local language
◦ Support for e-gov, e-commerce, e-education, e-health etc
◦ Ensure market availability and reduce barriers to access subscribers
Killer Applications◦ Encourage developments of user
friendly applications◦ Development of content in local
language◦ Support for e-gov, e-commerce,
e-education, e-health etc◦ Ensure market availability and
reduce barriers to access subscribers
Source: IMRB
10/04/23 7TRAI
Purpose of Internet Access
%
E-mail 91%
General Information search 76%
Educational Information search
49%
Text Chart 46%
Online Gaming 41%
Online Jobsites 37%
Music/ Video on the Internet
32%
Financial Information search
21%
Book Railway ticket on Internet
21%
Online banking 20%
Online News 13%
Internet Telephony/ Video Chat/ Voice Chat
13%
NGN- Regulatory NGN- Regulatory ImperativesImperatives
Unified licensing Vs. Service specific licensing◦Entry barriers◦Competitions issues◦Ensuring Regulatory
complianceTime and distance based pricing to volume and hits based pricing ◦Death of time &
distance ◦Paradigm shift in
commercial agreements among service providers
Unified licensing Vs. Service specific licensing◦Entry barriers◦Competitions issues◦Ensuring Regulatory
complianceTime and distance based pricing to volume and hits based pricing ◦Death of time &
distance ◦Paradigm shift in
commercial agreements among service providers
Unified Licensing : ◦ Entry fee is high
◦ Full control on network and subscribers access
◦ Small operators/ content developers totally depend on them for subscriber access
◦ Good regulatory compliance
Unified Licensing : ◦ Entry fee is high
◦ Full control on network and subscribers access
◦ Small operators/ content developers totally depend on them for subscriber access
◦ Good regulatory compliance
10/04/23 8TRAI
NGN- Regulatory NGN- Regulatory ImperativesImperatives
Changed Interconnection Model◦Shift from circuit switched to packet
switched interconnection◦Shift from dedicated interconnection
to the class and QoS based interconnection
◦Shift from hierarchical interconnection to zonal interconnection
RIO ◦Existing framework of RIO will change
IUC ◦Change from per call basis
termination charges to some new pattern
Changed Interconnection Model◦Shift from circuit switched to packet
switched interconnection◦Shift from dedicated interconnection
to the class and QoS based interconnection
◦Shift from hierarchical interconnection to zonal interconnection
RIO ◦Existing framework of RIO will change
IUC ◦Change from per call basis
termination charges to some new pattern
Interconnection:◦ Well defined
hierarchical interconnection
◦ Well defined separate NLD/ILD
◦ Full availability of BW at interconnect point
◦ Well defined IUC for per call basis termination and carriage charges
Interconnection:◦ Well defined
hierarchical interconnection
◦ Well defined separate NLD/ILD
◦ Full availability of BW at interconnect point
◦ Well defined IUC for per call basis termination and carriage charges
10/04/23 9TRAI
NGN- Regulatory NGN- Regulatory ImperativesImperatives
Management of Numbering Resources ◦Shift form primarily P2P
voice calls to P2M and M2M calls
◦Allocations of numbers to IP devices and machines
◦Migration from IPv4 to IPv6◦Shift from service specific
number allocation to service neutral number allocation
◦Shift from large number of small capacity switches in a network to limited very high capacity switches
Management of Numbering Resources ◦Shift form primarily P2P
voice calls to P2M and M2M calls
◦Allocations of numbers to IP devices and machines
◦Migration from IPv4 to IPv6◦Shift from service specific
number allocation to service neutral number allocation
◦Shift from large number of small capacity switches in a network to limited very high capacity switches
Number allocation: ◦ Different numbering series
for fixed and mobile number allocation
◦ Different series of numbers for different operators
◦ Numbering resource utilization efficiency < 60%
◦ Allocation of city specific network access codes (STD Codes)
◦ Implementation of mobile number portability
Number allocation: ◦ Different numbering series
for fixed and mobile number allocation
◦ Different series of numbers for different operators
◦ Numbering resource utilization efficiency < 60%
◦ Allocation of city specific network access codes (STD Codes)
◦ Implementation of mobile number portability
10/04/23 10TRAI
NGN- Regulatory NGN- Regulatory ImperativesImperatives
Content Regulation and enforcement◦Monitoring issues – large
number of content providers◦Enforcement issue- IPR,
prohibition of vulgar content◦Community sites on internet-
content generation by individuals
◦Likely impact on upcoming generation
Net neutrality◦Ensure non-discriminative
treatment to all contents by network providers
Content Regulation and enforcement◦Monitoring issues – large
number of content providers◦Enforcement issue- IPR,
prohibition of vulgar content◦Community sites on internet-
content generation by individuals
◦Likely impact on upcoming generation
Net neutrality◦Ensure non-discriminative
treatment to all contents by network providers
Content providers (Dec. 08)
◦ Free to air channels – 180
◦ Pay Channels – 110◦ FM Radio Stations –
245◦ Community Radio-
60◦ MSOs - 6000◦ LCOs – 60000◦ Large numbers of
community sites
Content providers (Dec. 08)
◦ Free to air channels – 180
◦ Pay Channels – 110◦ FM Radio Stations –
245◦ Community Radio-
60◦ MSOs - 6000◦ LCOs – 60000◦ Large numbers of
community sites
10/04/23 11TRAI
NGN- Regulatory ImperativesNGN- Regulatory ImperativesStandardization
◦ Ensure end to end service availability ◦ Interface approvals will be required ◦ Need for regional cooperation to define zone specific NGN
specifications
Emergency Number Dialing◦ Facility to dial emergency numbers with accurate location
details of the subscriber will be desirable ◦ It may be a challenge in 3G and BWA scenario to exactly
indicate subscriber location
Standardization ◦ Ensure end to end service availability ◦ Interface approvals will be required ◦ Need for regional cooperation to define zone specific NGN
specifications
Emergency Number Dialing◦ Facility to dial emergency numbers with accurate location
details of the subscriber will be desirable ◦ It may be a challenge in 3G and BWA scenario to exactly
indicate subscriber location
10/04/23 12TRAI
NGN- Regulatory NGN- Regulatory ImperativesImperatives
Lawful Interception (LI) ◦ Widely dispersed network
- Monitoring Challenge
◦ Huge Volume of data
- Analysis challenge◦ Complex Multilayer
dynamic encryption
- Challenge to retrieve data
◦ Fast technological innovation
- Upgradation of monitoring equipments
- Adequate training of manpower
Lawful Interception (LI) ◦ Widely dispersed network
- Monitoring Challenge
◦ Huge Volume of data
- Analysis challenge◦ Complex Multilayer
dynamic encryption
- Challenge to retrieve data
◦ Fast technological innovation
- Upgradation of monitoring equipments
- Adequate training of manpower
Need for LI◦Monitoring data flow in
Network◦Effective, transparent,
online Interception ◦Data / Message specific to a
particular Originator Person/ location
◦ Interception of traffic based on Content Class
◦Need to preserve huge data
Need for LI◦Monitoring data flow in
Network◦Effective, transparent,
online Interception ◦Data / Message specific to a
particular Originator Person/ location
◦ Interception of traffic based on Content Class
◦Need to preserve huge data
10/04/23 13TRAI
NGN- Security ImperativesNGN- Security ImperativesNGN is expected to replace
telecom networks considered as critical infrastructure
◦ Foolproof security is of utmost importance
Vulnerabilities of IP based network
◦ Identity theft◦ Person in middle◦ Spoofing◦ Phishing Effective legal framework
to handle violations ◦ Enactment of relevant legal
provisions ◦ Policy framework to handle
cross border violations◦ Prevention and punishment of
defaulter
NGN is expected to replace telecom networks considered as critical infrastructure
◦ Foolproof security is of utmost importance
Vulnerabilities of IP based network
◦ Identity theft◦ Person in middle◦ Spoofing◦ Phishing Effective legal framework
to handle violations ◦ Enactment of relevant legal
provisions ◦ Policy framework to handle
cross border violations◦ Prevention and punishment of
defaulter 10/04/23 14TRAI
Source: CERT-in
NGN- Security ImperativesNGN- Security ImperativesConcerns of subscribers
Identity theft Cracking of username/PIN Attacks by Virus, Worms, spyware
etc. Flooding attack on user device Tele-spam Loss of personal data, privacy etc.
Concerns of subscribers Identity theft Cracking of username/PIN Attacks by Virus, Worms, spyware
etc. Flooding attack on user device Tele-spam Loss of personal data, privacy etc.
Importance of network Security ◦ Control theft of services/ unauthorized use◦ Restrict denial of services ◦ Ensure guaranteed quality of service to
subscriber ◦ Appropriate charging to actual users◦ Ensuring due payment to application /
content providers
Importance of network Security ◦ Control theft of services/ unauthorized use◦ Restrict denial of services ◦ Ensure guaranteed quality of service to
subscriber ◦ Appropriate charging to actual users◦ Ensuring due payment to application /
content providers
10/04/23 15TRAI
Wireless IP network
◦ Misuse of Wi-Fi signals- need for protections
◦ Subscriber awareness issues
◦ Securing subscriber devices
Misuse of IP Ports◦Attacks using open IP
Ports ◦Hardening of servers ◦Hardware /Software
vulnerabilities
Wireless IP network
◦ Misuse of Wi-Fi signals- need for protections
◦ Subscriber awareness issues
◦ Securing subscriber devices
Misuse of IP Ports◦Attacks using open IP
Ports ◦Hardening of servers ◦Hardware /Software
vulnerabilities
NGN- Security ImperativesNGN- Security Imperatives
10/04/23 16TRAI
Network security Breaches (2008) ◦ Biggest malware threats – SQL
injection attacks against websites and the rise of scareware
◦ New web infections – one new infected webpage every 4.5 seconds
◦ Malicious email attachments – increased five times by 2008 end
◦ Spam-related web pages – one new webpage every 15 seconds
◦ New scareware websites – five per day
◦ Top malware-hosting country – US with 37 percent
◦ Top spam-relaying continent – Asia with 36.6 percent
◦ Amount of business email that is spam – 97 percent
Network security Breaches (2008) ◦ Biggest malware threats – SQL
injection attacks against websites and the rise of scareware
◦ New web infections – one new infected webpage every 4.5 seconds
◦ Malicious email attachments – increased five times by 2008 end
◦ Spam-related web pages – one new webpage every 15 seconds
◦ New scareware websites – five per day
◦ Top malware-hosting country – US with 37 percent
◦ Top spam-relaying continent – Asia with 36.6 percent
◦ Amount of business email that is spam – 97 percent
Source: www.sophos.com
NGN- Security ImperativesNGN- Security ImperativesComponent of NGN security◦ Network domain security◦ IMS access security◦ Application security◦ Security of open services/ application frameworks
Component of NGN security◦ Network domain security◦ IMS access security◦ Application security◦ Security of open services/ application frameworks
10/04/23 17TRAI
Way ForwardWay Forward
Regulatory framework shall smoothen the complex emerging issues in NGN facilitating the easy deployment of networks and services.
Promotion of competitive environment shall be key regulatory concern
Security in all IP environment will require collaborative and coercive efforts from different countries across the globe
Information sharing and mutual cooperation will be the key to success
10/04/23 18TRAI
Thank YouS K Gupta , Advisor, TRAI
Mahanagar Doorsanchar Bhawan,J.L. Nehru Marg, New Delhi – 110002
Ph. +91-11- 23217914 (O)+91-11- 23211998 (Fax)
10/04/23 19TRAI