Document No GSC 16 -GTSC-06 Source ETSI Contact

Document No: GSC 16 -GTSC-06 Source: ETSI Contact: Mike Sharpe Source: Charles Brookson (OCG /SECURITY Chair) GSC Session: GTSC-9 Agenda Item: 4. 2 Cybersecurity Presenter: Mike Sharpe, ETSI VP ESP (ETSI Standardization Projects) Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 1

GSC 16 -GTSC 9 -06 Highlight of Current Activities and Strategic Direction • Cooperates with other to ESO’s • Cybersecurity proposed joint initiative: – STACS - Strategic Advisory Group on Cyber Security • ETSI provides much of the supporting Technical Standards • Support to ENISA (European Network and Information Security Agency) – www. enisa. europa. eu Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 2

GSC 16 -GTSC 9 -06 Areas of security standardisation • • • Next Generation Networks (NGN) including IMS Mobile/Wireless Communications (GSM/UMTS, TETRA, DECT…) Lawful Interception and Data Retention Electronic Signatures Smart Cards Algorithms Emergency Communications / Public Safety RFID and the internet of things including “Machine to Machine” Quantum Key Distribution (QKD) Privacy protection techniques Intelligent transport Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 3

GSC 16 -GTSC 9 -06 Emergency Communications / Public Safety • EMTEL (ETSI Special Committee on Emergency Telecommunications) – Requirements for telecommunications infrastructure • TETRA – Core digital communications for PS organisations • GSM to support public safety on-going work – GSM on-board aircraft, e. Call, GSM Direct Mode Operations • Intelligent Transport – Cooperative systems to improve transport safety Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 4

Future activities on Cybersecurity GSC 16 -GTSC 9 -06 • 7 th ETSI Security Workshop: 18 -19 January 2012 – www. etsi. org/securityworkshop • ETSI Security White Paper – www. etsi. org/securitywhitepaper – 4 th Edition to be published end 2011 Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 5

GSC 16 -GTSC 9 -06 Lawful Interception update • ETSI – Provides LI Technical standards for many years • Including coordination with 3 GPP SA 3 -LI – Data retention (EC Directive) • Balance – Privacy and security – Need for LI for evidence of Criminals and Terrorists – We do not get much guidance ……… ! Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 6

GSC 16 -GTSC 9 -06 European Telecommunications Standards Institute SA 3 -LI ATTM TISPAN Handover Interfaces for transport of Lawful Interception and Retained Data are standardized by TETRA Technical Committee Lawful Interception Retained Data Lawful Interception Security LI & RD environment Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 7

Intro on ETSI/TC LI GSC 16 -GTSC 9 -06 . • Created as stand-alone TC in October 2002 • Meetings – three plenary meetings a year are organised (around 75 participants) – dedicated Rapporteur’s meetings can be organised on a specific issue (actual study items: Dynamic Triggering, e. Warrant, DR Architecture) • Participation • – Government organisations: Law Enforcement Agencies, Regulators – Communication Service Providers – Manufacturers TC LI meetings can be attended by ETSI members – non-ETSI members can participate by invitation of the chairman – next plenary meeting: ETSI/TC LI#29, February 2012 • Producing specifications and reports – on Lawful Interception and Retained Data handling – mainly on the Handover Interface • Promoting globally ETSI Lawful Interception and Data Retention standards amongst operators and national bodies Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 8

GSC 16 -GTSC 9 -06 Why Lawful Interception implementation in EU 17 th January 1995: EU Council of Ministers adopted resolution COM 96/C 329/01 on Lawful Interception The providers of public telecommunications networks and services are legally required to make available to the authorities the information necessary to enable them to investigate telecommunications Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 9

GSC 16 -GTSC 9 -06 Types of Lawful Intercepted data (TS 101 331) • Intercept Related Information (IRI) – Collection of information or data associated with telecommunication services involving the target identity: • communication associated information or data (including unsuccessful communication attempts) • service associated information or data (e. g. service profile management by subscriber) • location information • Content of Communication (CC) – Information exchanged between two or more users of a telecommunications service Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 10

GSC 16 -GTSC 9 -06 General network arrangements Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All (TS 101 331) 11

GSC 16 -GTSC 9 -06 Handover Interface ports • (TS 101 671) HI 1: for Administrative Information – Request for lawful interception: target identity, LIID, start/duration, IRI or IRI+CC, IRI delivery address, CC delivery address, . . . – Management information • HI 2: for delivery of Intercept Related Information (IRI) – All data related to establish the telecommunication service and to control its progress – Correlation information • HI 3: for delivery of Content of Communication (CC) – Transparent en-clair copy of the communication – Correlation information Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 12

GSC 16 -GTSC 9 -06 Handover Interface Concept (TS 101 671) Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 13

GSC 16 -GTSC 9 -06 Why study on Retained Data in EU 15 th of March 2006: the European Parliament and the Council of the European Union adopted Directive 2006/24/EC on Data Retention Data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks need to be retained Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 14

GSC 16 -GTSC 9 -06 Applicability Directive • The content of the communication is not part of the directive • Data to be Retained – Successful and unsuccessful communication attempts – Wireline network telephony / Wireless network telephony – Internet access / Internet e-mail / Internet telephony • Categories of data to be retained – – – data to trace and identify the source of a communication data to identify the destination of a communication data to identify the date, time and duration of a communication data to identify the type of communication data to identify users' communication equipment or what purports to be their equipment – data to identify the location of mobile communication equipment • Detailed requirements shall be defined by each Member State in its national law Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 15

GSC 16 -GTSC 9 -06 Functional Model (TS 102 657) Authorised Organization Communication Service Provider Administrative Function IHI-4 Network elements Data Collection Function IHI-3 Mediation Function-A IHI-1 IHI-2 Mediation Function-B Data store Management Function Handover Interface HI-A Issuing Authority administrative Handover Interface HI-B transmission RD material Receiving Authority (DTR 103 657) HI-A: various kinds of administrative, request and response information from/to the Issuing Authority and the responsible organization at the CSP for RD matters. HI-B: retained data information from the CSP to the Receiving Authority HI-A and HI-B may be crossing borders between countries: subject to corresponding national law and/or international agreements. Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 16

GSC 16 -GTSC 9 -06 CSP Retained Data Handover Signalling principle Successful delivery (TS 102 657) AO REQUEST: Request for Retained Data (HI-A) REQUEST(ACK): Acknowledge request message (HI-A) Response: Results of RD request (HI-B) RESPONS(ACK): Acknowledge response message (HI-A) q Data exchange techniques Ø “direct TCP” with BER encoding derived from the ASN. 1 Ø “HTTP” with XML encoding • on top of the standard TCP/IP stack • choice of technique is a national option Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 17

Modular approach RDHI specification GSC 16 -GTSC 9 -06 Framework for Retained Data Handover Interface Telephony services e. g. PSTN/ISDN GSM/UMTS-cs SMS/MMS Halifax, 31 Oct – 3 Nov 2011 Network Access services Internet GPRS UMTS-ps Asynchronous Message services E-mail webmail ICT Accessibility For All Synchronous Multi-media services chat 18

GSC 16 -GTSC 9 -06 Retained Data requests • A request may only ask for data from one service – – Telephony services Network access services Asynchronous message services Synchronous multi-media services • A request may only ask for data from one category – – – Subscriber data e. g. subscriber ID, name, address, NRI Usage data e. g. call records Equipment data Network element data e. g. location and identity GSM base station Additional service usage e. g. DSN • A request shall list one or more request criteria – Equal To – Range – Member of Halifax, 31 Oct – 3 Nov 2011 a specified value for a given field a range for a given field (e. g. lower and upper bounds, using the less. Than or greater. Than operators) a list of values for a given field ICT Accessibility For All 19

GSC 16 -GTSC 9 -06 Telephony Service Usage details ├ party. Information │ └ Party. Information │ ├ party. Number │ ├ subscriber. ID │ ├ device. ID │ ├ locations │ ├ communication. Time │ ├ i. CCID │ ├ i. MSI │ ├ nature. Of. Address │ ├ forwarded. Transferred. Number │ ├ terminating. Transferred. Number │ ├ email. Address │ ├ i. MEI │ ├ detailed. Location │ └ national. Telephony. Party. Information │ Halifax, 31 Oct – 3 Nov 2011 │ │ ├ communication. Time ├ event. Information │ └ Telephony. Event. Information │ ├ time │ ├ type │ ├ party │ └ location ├ end. Reason ├ communication. Type ├ bearer. Service ├ sms. Information ├ ring. Duration ├ mms. Information └ national. Telephony. Service. Usage ICT Accessibility For All 20

GSC 16 -GTSC 9 -06 Generic Subscriber Information details Generic. Subscriber. Info organization. Info name contact. Details national. Registration individual. Info name contact. Address date. Of. Birth gender identification. Number authentication. Info Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 21

GSC 16 -GTSC 9 -06 National DR Implementation • Definition of the set of elements to be retained • Definition of the format of the requests • Which standard to be used for the request and for the transport of the requested data (e. g. ETSI TS 102 657) • Preparation of ETSI handover specification for national implementation – – – definition of the optional elements for national use how to use specific elements definition of specific national elements transport mechanism to be used security mechanisms Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 22

GSC 16 -GTSC 9 -06 Security Report • ETSI TR 102 661 Security framework in Lawful Interception and Retained Data environment – defining a security framework for securing Lawful Interception and Retained Data environment of the CSP and the Handover of the information – CSP= Communication Service Provider – Advice on Security measurements – Advice on Physical security Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 23

GSC 16 -GTSC 9 -06 Challenges • Many International and regional Initiatives in this area – Harmonisation and cooperation • Regional co-ordination on issues, many of our Standards have been adopted e. g. Smart Cards, M 2 M, LI Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 24

GSC 16 -GTSC 9 -06 Next Steps / Actions • Further work with other ESOs – CEN and CENELEC • Standards for security in support of citizens Halifax, 31 Oct – 3 Nov 2011 ICT Accessibility For All 25