Next Generation Network Security (Direction and Status of FG by po2347

VIEWS: 18 PAGES: 10

									 International Telecommunication Union




 Next Generation Network
         Security
(Direction and Status of FG NGN Work)

               Jiashun Tu
                       ZTE


             ITU-T/IETF Workshop on NGN
                1-2 May 2005, Geneva
                                     Outline

ITU-T
        o   Security in the context of the overall goals of
            the ITU-T Focus Group on Next Generation
            Networks (FGNGN)
        o   Relation to work of other SDOs
        o   Key Tasks
        o   Goals




                 ITU- T/IETF Workshop on NGN, 1-2 May 2005, Geneva   2
                    ITU-T NGN Focus Group


ITU-T
        o ITU-T created NGN Focus Group to address
          Telecommunication industry’s urgent need for
          specifications for NGN in May, 2004. First results of
          NGN FG (NGN Release 1) are expected in May, 2005
        o "Through this initiative ITU-T is bringing all players
          together in an environment where they can create
          truly global specifications for the service-aware
          network of the future, to deliver dynamic,
          customized services on a massive scale." Herb
          Bertine, ITU-T SG 17 Chairman
        o Security is among the most essential NGN enablers
          and differentiators

                    ITU- T/IETF Workshop on NGN, 1-2 May 2005, Geneva   3
        NGN Subsystem Architecture
                Overview
ITU-T
         Based on
                                                             Applications
         3GPP IMS R6
                                                       Other Multimedia
         IP Connectivity                                Subsystems …
         Access Network
         And related subsystems                            ( R T S P-b a s e d )
                                                         Streaming services
                         Network                                     (SIP -b a s e d )
                        Attachment                             IP Multimedia Subsystem
                        Subsystem                                     (Core IMS)




                                                                                            PSTN
                                                                 (SIP -I b a s e d )
                                                              PSTN/ISDN Emulation
                                                                  Subsystem



                                          Resource and
                                         Admission Control
                                           Subsystem
         GW                                                                    GW
                             GW                                                        GW
                           Access Transport
                               Network
                                  IP                             Core Transport Network




                  ITU- T/IETF Workshop on NGN, 1-2 May 2005, Geneva                                4
            Highlights of the working document
                Guidelines for NGN security
ITU-T
        o Overview of relevant global                      •   Non-repudiation
          security standards                               •   Data confidentiality
        o Security in NGN                                  •   Communication security
                                                           •   Data integrity
           • NGN threat model (based on
             ITU-T X.800 and X.805                         •   Availability
             Recommendations)                              •   Privacy
           • Security risks in NGN                   o Elements of security
                                                          framework for NGN
           • Selection of OSI layers for
             security provisions                           • Access security:
                                                             Authentication,
           • Granularity of protection                       Authorization, and
        o Security Dimensions and                            Accounting framework for
                                                             NGN
          Mechanisms (based on ITU-
                                                           • Security framework for
          T X.805)                                           Mobility in NGN
           • Access control                                • Link-layer security for NGN
           • Authentication


                     ITU- T/IETF Workshop on NGN, 1-2 May 2005, Geneva                     5
        Highlights of the working document
        Guidelines for NGN security (cont.)
ITU-T
        • Security framework for                 o Components of the NGN
          home networks                               security
        • Security framework for                       •   IP-CAN security
          end-to-end data                              •   Network domain security
          communication                                •   IMS access security
                                                       •   Application security
        • Security framework for
          intrusion-tolerant NGN                       •   Security of Open
                                                           Service/application
        • Reference Security                               Framework in NGN
          Model for NGN                          o IMS security mechanisms
                                                      based on the use of
                                                      Universal Integrated Circuit
                                                      Card (UICC)



                 ITU- T/IETF Workshop on NGN, 1-2 May 2005, Geneva                   6
        Highlights of the working document NGN
          security requirements for Release 1
ITU-T
        o Security requirements                 o Security requirements for
          (general considerations                    Service Stratum
          based on the concepts of                    • IMS domain
          X.805)                                      • Transport stratum to IMS
        o Security requirements for                     domain
          Transport Stratum                           • IMS to Application domain
                                                        security
           • Home Network domain
                                                      • Application domain security
           • Home Network to IP-CAN
             domain interface                         • Home Network to Application
                                                        domain security
           • The IP-CAN
                                                      • Home Network-to-IMS domain
           • IP-CAN to Core Network                     security
             interface
                                                      • Open service platform to
           • Core Network                               valued-added service provider
                                                        security

                     ITU- T/IETF Workshop on NGN, 1-2 May 2005, Geneva                  7
                ITU-T Recommendation X.805
         Security Architecture—the foundation of NGN
                        Security studies
ITU-T

                                    Security layers
                                  Applications security
                                                                                                                                                                                                          THREATS




                                                                                                                                       Communication security
                                                                                                                Data confidentiality
                                                                                              Non-repudiation
                                                                                                                                                                                                           Destruction




                                                                             Authentication
                                                            Access control




                                                                                                                                                                Data integrity

                                                                                                                                                                                 Availability
                                   Services security                                                                                                                                                       Corruption




                                                                                                                                                                                                Privacy
        VULNERABILITIES                                                                                                                                                                                    Removal
                                                                                                                                                                                                           Disclosure

                                Infrastructure security                                                                                                                                                    Interruption

                                                                                                                                                                                                          ATTACKS


                             End-user plane
                            Control plane                                    8 Security dimensions
                           Management plane                                                                                                                                                                 X.805_F3




                          ITU- T/IETF Workshop on NGN, 1-2 May 2005, Geneva                                                                                                                                               8
                                Key Tasks

ITU-T
        Key Work Items:
        • Resolve how IMS is to handle 3GPP vs. 3GPP2
         Differences
        • Key distribution (for end-users and network
         elements)
        • AAA for DSL access and QoS authorization
        • Hop-by-hop SIP security vs. end-to-end
        • VoIP NAT/Firewall traversal
        • Identity management
        • SPAM control (voice messaging)
        • Convergence with IT security


                ITU- T/IETF Workshop on NGN, 1-2 May 2005, Geneva   9
        Relation to work of other SDOs

ITU-T                                                           ISO/JTC
                                                                 SC 27
                                        ITU-T
                                        SG 17
            ITU-T
            SG 13                                                   IETF


                                         ITU-T
                                        FGNGN


                 ETSI
                TISPAN                                           ATIS


            ITU- T/IETF Workshop on NGN, 1-2 May 2005, Geneva              10

								
To top