Update on ETSI Security work

Charles Brookson

OCG Security Chairman

DOCUMENT #: GSC13-PLEN-57

FOR: Information

SOURCE: Charles Brookson

AGENDA ITEM: 6.3

CONTACT(S): charles@zeata.co.uk

Submission Date:June 27, 2008

2

OCG Security (1)

• Operational Co-ordination Sub-Group on Security• Horizontal co-ordination structure for security issues

– Ensuring security is properly considered in each ETSI Technical Body (TB)

– Detecting any conflicting or duplicate work• Participation:

– TBs are free to nominate Members to participate in the work of the group

• Working methods:– Via email – When necessary co-sited “joint security” technical working

meetings– Issues sent to SECsupport@etsi.org – Mailing list: OCG_SECURITY@LIST.ETSI.ORG

3

OCG Security (2)

Security Workshop

• ETSI holds an annual security workshop. The 3rd Workshop held in January this year was well attended, and details can be found on many security issues at http://portal.etsi.org/securityworkshop/

• The next workshop is scheduled for 13th and 14th January 2009 in Sophia Antipolis, and contributions are welcome.

White Papers

• The latest edition of our Security White and Product Proofing papers giving information and all security activities can be found at: http://www.etsi.org/WebSite/technologies/WhitePapers.aspx

• The Security White paper is in the process of being updated and a new edition will be published later this year.

4

ETSI Committees per Security Areas

Mobile/Wireless Algorithms

Information TechnologyInfrastructure

Fixed and Convergent Networks

2G/3G Mobile3GPP*

ElectronicSignatures

(ESI)Next Generation

Networks(TISPAN)

Lawful

Interception(LI)

SmartCardPlatform

(SCP)

SecurityAlgorithms Group

of Experts(SAGE)

TETRA

MESA*

EMTEL

Emergency Telecommunications

Smart Cards

Mob

ile

Com

mer

ce**

* ETSI is a founding partner for this partnership project** Closed Committee

DECT

AT

SES

5

TETRA

• TErrestrial Trunked Radio

• Mobile radio communications– Used for public safety services

• Security features include:– Mutual Authentication– Encryption– Anonymity

6

Mobile Security

• IMEI (International Mobile Equipment Identity)– Protection against theft– Physical marking of the terminal– Blacklisted by operator if stolen

• FIGS (Fraud Information Gathering System)– Monitors activities of roaming subscribers– Home network informed– Fraudulent calls identified terminated

• Priority– Public safety service – Allows for high priority access

• Location

7

Algorithms

• ETSI is a world leader in creating cryptographic algorithms and protocols to prevent fraud and unauthorised access to ICT and broadcast networks, and to protect customers’ privacy

• ETSI SAGE (Security Algorithm Group of Experts)– Centre of competence for algorithms in ETSI

• Algorithms for:– DECT– GSM, GPRS, EDGE– TETRA– UMTS– …

8

Smart Card Standardization

• ETSI Smart Card Standardization– ETSI Technical Committee Smart Card Platform

(TC SCP)– GSM SIM Cards: among most widely deployed smart cards ever– Work extended with UMTS USIM Card and UICC Platform

• Current challenges– Expand the smart card platform – Implement Extensible Authentication Protocol (EAP) in Smart Cards– Allow users access to global roaming– UICC platform in secure financial transactions over mobile

communications systems

9

Lawful Interception

• Delivery of intercepted communications to Law Enforcement Authorities– To support criminal investigation– To counter terrorism

• Applies to any data in transit

• ETSI Technical Committee LI – defines the Handover interface– from the Operator to

the Law Enforcement Authorities

10

Data Retention

• Data generated/processed in electronic communications services need to be retained– Required by EC since 2006 (Directive 2006/24/EC)

• Retention of Data is similar to LI– Concerns stored traffic, rather than traffic in transit (LI)

• ETSI TC LI currently working on three deliverables– Requirements– Specification for Handover interface– Security framework in Lawful Interception and Retained Data

environment

11

Electronic Signatures

• ETSI and CEN co-operation on the European Electronic Signature• Goal: provide Europe with a

reliable electronic signatures framework– Enabling electronic commerce– Supporting eSignature EC Directive

• Current challenges– eInvoicing– Registered EMail (REM)

• International collaboration– Certificate Policy mapped and aligned with US policy– XML Signature Standard adopted in Japan

12

Future Challenges

• ETSI addressing a number of areas

• Issues on security are still open

– Security Metrics

– RFID Security and Privacy

– …

• ETSI is ready to address these challenges

– Supporting its Members

– Following its Members’ requirements

– Collaborating with other SDO’s