531d6cb2d64952664837d245a832625d.ppt
- Количество слайдов: 14
www. oasis-open. org ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus) Abbie Barbir, Ph. D. abbieb@nortel. com ITU-T Q 6/17 Cybersecurity Question Rapporteour OASIS IDTrust MS Steering Committe OASIS Telecom MS Co-chair OASIS TAB ISO JTC 1 CAC SC 6 Vice-Chair Senior Advisor CEA, SOA, Web Services, Id. M, Security Strategic Standards Nortel
www. oasis-open. org Outline • • • Introduction to ITU Security work at ITU Study Groups SG 17 Security work Higlight of Current Activities Challenges
What is International Telecommunication Union (ITU) ? n Headquartered. Study Group Organization agency for telecom in Geneva, is the UN specialized § SG 17, Security, Languages and Telecommunication Software (WTSA) Ø Lead Study Group on Telecommunication Security (TSAG) § SG 2, Operational Aspects of Service Provision, Networks and Performance ITU-T ITU-D Telecommunication § SG 4, Telecommunication Management Assisting implementation standardization of and operation of § SG 5, Protection Against Electromagnetic Environment Effects network and service telecommunications in developing countries § SG 9, aspects Integrated Broadband Cable Networks and Television and Sound Transmission ITU-R § SG 11, Signalling Requirements and Protocols Radiocommunication § SG 13, Next Generation Networks standardization and § SG 15, Optical and Other Transport Network Infrastructures global radio spectrum management § SG 16, Multimedia Terminals, Systems and Applications § SG 19, Mobile Telecommunication Networks
Strategic Direction Cybersecurity – one of the top priorities of the ITU § ITU’s role in implementing the outcomes of the World Summit on the Information Society (WSIS) Plenipotentiary Resolution 140 (2006) § § § Study of definitions and terminology relating to building confidence and security in the use of information and communication technologies Plenipotentiary Resolution 149 (2006) WTSA-04 Resolution 50, Cybersecurity – Instructs the Director of TSB to develop a plan to undertake evaluations of ITU-T “existing and evolving Recommendations, and especially signalling and communications protocol Recommendations with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment” WTSA-04 Resolution 52, Countering spam by technical means – Instructs relevant study groups “to develop, as a matter of urgency, technical Recommendations, including required definitions, on countering spam”
Highlights of current activities (1) § § § ITU Global Cybersecurity Agenda (GCA) Ø A Framework for international cooperation in cybersecurity Ø Five key work areas: Legal, Technical, Organisational, Capacity Building, International Cooperation Ø High-Level Experts (HLEG) working on global strategies Ø GCA/HLEG met 26 June 2008 to agree upon a set of recommendations on all five work areas for presentation to ITU Secretary-General ISO/IEC/ITU-T Strategic Advisory Group on Security Coordinates security work and identifies areas where new standardization initiatives may be warranted. Portal established. Workshops conducted. Identity Management l Effort jump started by Id. M Focus Group which produced 6 substantial reports (265 pages) in 9 months l JCA –Id. M and Id. M-GSI established – main work is in SGs 17 and 13
Highlights of current activities (2) § § Core security (SG 17) Ø Covering frameworks, cybersecurity, countering spam, home networks, mobile, web services, secure applications, telebiometrics, etc. Ø Work underway on additional topics including IPTV, multicast, security; risk management and incident management; traceback, Bots, Privacy, Ø Questionnaire issued to developing countries to ascertain their security needs Ø Updated security roadmap/database, compendia, manual; strengthened coordination Security for NGN (SG 13) Ø Y. 2701: Security Requirements for NGN Release 1 Ø Y. 2702: NGN Authentication and Authorization Requirements Ø Y. NGN Sec. Mechanisms: NGN Security Mechanisms and Procedures Ø Y. NGN Certificate: NGN Certificate Management Ø Y. AAA: Application of AAA for Network Access Control in UNI and ANI over NGN
Identity Connecting users with services and with others (Federation) People have multiple identities, each within a specific context or domain Work – me@company. com Family – me@smith. family Hobby – me@icedevils. team Volunteer – me@association. org Collaboration PC PDA Video Voice Telephony Smart Phone Whatever you’re using (devices) Cellular Whatever you’re doing (applications) Web Apps ERP Wherever you are At your Desk On the Road Managed Office At Home • • In the Air (across various access types) Network Identity is essential Need end-to-end trust model In Town
Challenges Addressing security to enhance trust and confidence of users in networks, applications and services § With global cyberspace, what are the security priorities for the ITU with its government / private sector partnership? § Need for top-down strategic direction to complement bottom-up, contribution-driven process § Balance between centralized and distributed efforts on security standards § Legal and regulatory aspects of cybersecurity, spam, identity/privacy § Address full cycle – vulnerabilities, threats and risk analysis; prevention; detection; response and mitigation; forensics; learning § Marketplace acceptance of Information Security Management System (ISMS) standards (ISO/IEC 27000 -series and ITU-T X. 1051) – the security equivalent to ISO 9000 -series § Effective cooperation and collaboration across the many bodies doing cybersecurity work § Informal security experts network – needs commitment There is no “silver bullet” for Cybersecurity
Some useful web resources n n n n n ITU-T Home page http: //www. itu. int/ITU-T/ Security Roadmap http: //www. itu. int/ITUT/studygroups/com 17/ict/index. html Security Manual http: //www. itu. int/publ/T-HDB-SEC. 03 -2006/en Cybersecurity Portal http: //www. itu. int/cybersecurity/ Cybersecurity Gateway http: //www. itu. int/cybersecurity/gateway/index. html Recommendations http: //www. itu. int/ITU-T/publications/recs. html ITU-T Lighthouse http: //www. itu. int/ITU-T/lighthouse/index. phtml ITU-T Workshops http: //www. itu. int/ITU-T/worksem/index. html LSG on Security http: //www. itu. int/ITU-T/studygroups/com 17/telsecurity. html
www. oasis-open. org Backup
NGN architecture overview (Y. 2012) Applications ANI Management Functions Application Support Functions & Service Support Functions Service User Profiles Service Control Functions Service stratum Network Attachment Control Functions End-User Functions Transport User Profiles Resource and Admission Control Functions Transport Control Functions Other Networks Transport Functions UNI NNI Transport stratum Control Media
NGN architecture overview (Y. 2012) Management Functions Applications § § ANI Application Support Functions & Service Support Functions Service User Profiles Service stratum End-User Functions UNI Service Control Functions Network Attachment Control Functions Transport User Profiles Resource and Admission Control Functions Transport Control Functions Other Networks Transport Functions Transport stratum Packet-based network with Qo. S support and Security Separation between Services and Transport Access can be provided using many underlying technologies § Should be reflected in policy Decoupling of service provision from network NNI Control Media Support wide range of services/applications Converged services between Fixed/Mobile § Broadband capabilities with end-to-end Qo. S § Compliant with regulatory requirements § Emergency communications, security, privacy, lawful interception § ENUM Resources, Domain Names/ Internet Addresses
NGN Security Trust Model Network Elements not always controlled by the NGN provider Untrusted Zone TE TE Providercontrolled Equipment TE-BE TE TE TE-BE Network Elements controlled by the NGN provider Trusted but Vulnerable Zone Network Border Elements (NBE) Trusted Zone NGN network Elements
NGN Peering Trust Model Provider B from Provider A’s point of view Provider A Trusted Zone NGN network Elements Trusted but Vulnerable Zone Domain Border Elements (DBE) Untrusted Zone Domain Border Elements (DBE) NGN network Elements
531d6cb2d64952664837d245a832625d.ppt