Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SMG#30, Brighton, 9-11 November, 1999 SMG10 report to SMG#30 Tdoc SMG P-99-741 Michael Walker Chairman ETSI SMG10.

Similar presentations


Presentation on theme: "1 SMG#30, Brighton, 9-11 November, 1999 SMG10 report to SMG#30 Tdoc SMG P-99-741 Michael Walker Chairman ETSI SMG10."— Presentation transcript:

1 1 SMG#30, Brighton, 9-11 November, 1999 SMG10 report to SMG#30 Tdoc SMG P Michael Walker Chairman ETSI SMG10

2 2 SMG#30, Brighton, 9-11 November, 1999 SMG10 meetings since SMG#29 SMG10 plenary #2/99, joint with 3GPP SA3, 3-5 August, Sophia Antipolis SMG10 ad hoc meeting - to prepare CRs for agreement by correspondence, 26 October, The Hague

3 3 SMG#30, Brighton, 9-11 November, 1999 Reports for approval Threat analysis on SS7 security, Tdoc SMG P

4 4 SMG#30, Brighton, 9-11 November, 1999 CRs for approval 02.09(and resulting CRs to 02.16, and 11.10), Enhancement of IMEI security, Tdoc SMG P , Introduction of EDGE variant of A5, Tdoc SMG P , Clarification on triplet re-use conditions, Tdoc SMG P

5 5 SMG#30, Brighton, 9-11 November, 1999 Liaison statements to SMG LS to SMG (copy GSMA SG) on use of GEA2, Tdoc SMG P LS to SMG (copy GSMA SG) on use of A5 algorithms for EDGE, Tdoc SMG P LS to SMG (copy GSMA SG) on A5 algorithm - use of 64 bit Kc, Tdoc SMG P LS to T1P1 (copy SMG) stating that SMG10 endorses stage 2 but that it has identified two risks, Tdoc SMG P

6 6 SMG#30, Brighton, 9-11 November, 1999 Special item for SMG#30 IMEI security CRs to enhance IMEI security, Tdoc SMG P CR to to add the line: –“It shall not be possible to change the IMEI after the ME’s final production process. It shall resist tampering by any means (e.g. physical, electrical or software)” Corresponding CRs to 02.16, and 11.10

7 7 SMG#30, Brighton, 9-11 November, 1999 Special item for SMG#30 SS7 security Messages can be read, altered, injected or deleted i Threats include denial of service, security triplet replay to compromise authentication and allow eavesdropping of user traffic Exacerbated by increasing number of connections (and potential to connect to/via Internet) Report contains list of threats related to “dangerous” messages Handover work to 3GPP SA3

8 8 SMG#30, Brighton, 9-11 November, 1999 WPA Security mechanisms 1 Chairman Henri Gilbert GPRS –LS to SMG (copy GSMA SG) on use of GEA2 –SMG10 recommend that GEA2 should be an option in terminal/network from R97 and should become mandatory (EDGE can be mandatory from the outset) –SMG asked to consider appropriate timescales for making GEA2 mandatory –Network should be able to select between GEA1 and GEA2 during migration but network should not be able to set no encryption –If recommendations adopted then exact details need elaboration

9 9 SMG#30, Brighton, 9-11 November, 1999 WPA Security mechanisms 2 Use of full length Kc –LS to SMG (copy GSMA SG) on use of 64 bit Kc –SMG#27 wrote to manufacturers - only positive responses were received –Manufacturers to ascertain that their equipment will work with a 64 bit Kc –Cut off date May 2000

10 10 SMG#30, Brighton, 9-11 November, 1999 WPA Security mechanisms 3 EDGE –LS to SMG (copy GSMA SG) on use of A5 algorithms for EDGE –CR to Annex C.1 on EDGE variant of A5 - for approval –Algorithm should be run to provide 696 bits (instead of 228) –No requirement for additional test data

11 11 SMG#30, Brighton, 9-11 November, 1999 WPB Security services 1 Chairman Simon Collins Clarification on triplet re-use conditions –CR to on security triplet re-use conditions –CR agreed in SMG10 with comments from N2 (SMG3 WPC) –Allows re-use when system failure in HLR, disallows re-use in the event that subscriber unknown or barred –Changes from withdrawn CR at SMG#29 Removed requirement that re-use should not be performed in case of badly formatted requests Removed requirement that operator could specify how many times triplets could be re-used in VLR/SGSN CRs to R96 and R97 withdrawn because of retro-fit issues

12 12 SMG#30, Brighton, 9-11 November, 1999 WPB Security services 2 LCS –LS to T1P1 (copy SMG) on LCS –SMG10 endorse LCS stage 2 but have the following concerns Possibility exists to manipulate MS positioning estimate through –Manipulation of differential GPS data (coming from another source than network) –Software changes to the MS –No changes suggested

13 13 SMG#30, Brighton, 9-11 November, 1999 WPB Security services 3 Follow-me –LS was sent to SMG1 asking that the following is added to the specification A note to the effect that the service shall not be offered in standard GSM releases, and that in any case it must be enabled by the operator A statement that FIGS can be used where CAMEL is available Wording on password control should indicate that this is not a very secure solution

14 14 SMG#30, Brighton, 9-11 November, 1999 WPB Security services 4 SMS abuse –SMG#29 asked SMG10 for a statement on the nature of SMS abuse –Threats mass mailing - resulting in denial of service, commercial opportunism concern over liability for abusive content, damage to third party –Counters control of direct and indirect access to manage SMS volumes and source

15 15 SMG#30, Brighton, 9-11 November, 1999 WPB Security services 5 MExE –The MExE R99 has been handed over to 3GPP S3 – SMG10 shall be informed about progress

16 16 SMG#30, Brighton, 9-11 November, 1999 WPD Lawful interception Chairman Bernie McKibben SMG10 WPD supporting 3GPP LI work

17 17 SMG#30, Brighton, 9-11 November, 1999 Future scope of SMG10 After transfer of 3G-related issues to 3GPP, the main areas where work is ongoing in SMG10 are: –Security for location services, CTS changes –Introduction of larger cipher key in GSM (if sufficient support from member companies is offered) –Evaluation of features developed for 3G for applications in GSM Propose amalgamation with 3GPP SA3 - process to be discussed at next SMG 10 meeting

18 18 SMG#30, Brighton, 9-11 November, 1999 Future meetings November - SMG 10 plenary, joint with 3GPP S3 (Security)


Download ppt "1 SMG#30, Brighton, 9-11 November, 1999 SMG10 report to SMG#30 Tdoc SMG P-99-741 Michael Walker Chairman ETSI SMG10."

Similar presentations


Ads by Google