Update on ETSI Security work
-
Upload
leah-oneill -
Category
Documents
-
view
20 -
download
0
description
Transcript of Update on ETSI Security work
Update on ETSI Security work
Charles Brookson
OCG Security Chairman
DOCUMENT #: GSC13-PLEN-57
FOR: Information
SOURCE: Charles Brookson
AGENDA ITEM: 6.3
CONTACT(S): [email protected]
Submission Date:June 27, 2008
2
OCG Security (1)
• Operational Co-ordination Sub-Group on Security• Horizontal co-ordination structure for security issues
– Ensuring security is properly considered in each ETSI Technical Body (TB)
– Detecting any conflicting or duplicate work• Participation:
– TBs are free to nominate Members to participate in the work of the group
• Working methods:– Via email – When necessary co-sited “joint security” technical working
meetings– Issues sent to [email protected] – Mailing list: [email protected]
3
OCG Security (2)
Security Workshop
• ETSI holds an annual security workshop. The 3rd Workshop held in January this year was well attended, and details can be found on many security issues at http://portal.etsi.org/securityworkshop/
• The next workshop is scheduled for 13th and 14th January 2009 in Sophia Antipolis, and contributions are welcome.
White Papers
• The latest edition of our Security White and Product Proofing papers giving information and all security activities can be found at: http://www.etsi.org/WebSite/technologies/WhitePapers.aspx
• The Security White paper is in the process of being updated and a new edition will be published later this year.
4
ETSI Committees per Security Areas
Mobile/Wireless Algorithms
Information TechnologyInfrastructure
Fixed and Convergent Networks
2G/3G Mobile3GPP*
ElectronicSignatures
(ESI)Next Generation
Networks(TISPAN)
Lawful
Interception(LI)
SmartCardPlatform
(SCP)
SecurityAlgorithms Group
of Experts(SAGE)
TETRA
MESA*
EMTEL
Emergency Telecommunications
Smart Cards
Mob
ile
Com
mer
ce**
* ETSI is a founding partner for this partnership project** Closed Committee
DECT
AT
SES
5
TETRA
• TErrestrial Trunked Radio
• Mobile radio communications– Used for public safety services
• Security features include:– Mutual Authentication– Encryption– Anonymity
6
Mobile Security
• IMEI (International Mobile Equipment Identity)– Protection against theft– Physical marking of the terminal– Blacklisted by operator if stolen
• FIGS (Fraud Information Gathering System)– Monitors activities of roaming subscribers– Home network informed– Fraudulent calls identified terminated
• Priority– Public safety service – Allows for high priority access
• Location
7
Algorithms
• ETSI is a world leader in creating cryptographic algorithms and protocols to prevent fraud and unauthorised access to ICT and broadcast networks, and to protect customers’ privacy
• ETSI SAGE (Security Algorithm Group of Experts)– Centre of competence for algorithms in ETSI
• Algorithms for:– DECT– GSM, GPRS, EDGE– TETRA– UMTS– …
8
Smart Card Standardization
• ETSI Smart Card Standardization– ETSI Technical Committee Smart Card Platform
(TC SCP)– GSM SIM Cards: among most widely deployed smart cards ever– Work extended with UMTS USIM Card and UICC Platform
• Current challenges– Expand the smart card platform – Implement Extensible Authentication Protocol (EAP) in Smart Cards– Allow users access to global roaming– UICC platform in secure financial transactions over mobile
communications systems
9
Lawful Interception
• Delivery of intercepted communications to Law Enforcement Authorities– To support criminal investigation– To counter terrorism
• Applies to any data in transit
• ETSI Technical Committee LI – defines the Handover interface– from the Operator to
the Law Enforcement Authorities
10
Data Retention
• Data generated/processed in electronic communications services need to be retained– Required by EC since 2006 (Directive 2006/24/EC)
• Retention of Data is similar to LI– Concerns stored traffic, rather than traffic in transit (LI)
• ETSI TC LI currently working on three deliverables– Requirements– Specification for Handover interface– Security framework in Lawful Interception and Retained Data
environment
11
Electronic Signatures
• ETSI and CEN co-operation on the European Electronic Signature• Goal: provide Europe with a
reliable electronic signatures framework– Enabling electronic commerce– Supporting eSignature EC Directive
• Current challenges– eInvoicing– Registered EMail (REM)
• International collaboration– Certificate Policy mapped and aligned with US policy– XML Signature Standard adopted in Japan
12
Future Challenges
• ETSI addressing a number of areas
• Issues on security are still open
– Security Metrics
– RFID Security and Privacy
– …
• ETSI is ready to address these challenges
– Supporting its Members
– Following its Members’ requirements
– Collaborating with other SDO’s