World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security Innovation ETSI TISPAN NGN Security Presentazione per l’Osservatorio Sicurezza Anfov

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 2 Table of Contents  ETSI TISPAN: WG7 activities  TISPAN NGN overview  TISPAN NGN security:  Security areas  Network Domain Security  TISPAN IMS Security IMS-AKA NASS bundled HTTP DIGEST  Application security  TISPAN NGN Security Standards  Main technical documents  Conclusion

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ETSI TISPAN: WG7 activities

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 4 WG7 - security  TISPAN Working Group (WG) 7 is responsible for the management and co-ordination of the development of security specifications for TC TISPAN.  For TISPAN NGN, TISPAN WG7 is responsible for:  Defining the security requirements;  Defining the security architecture for NGN;  Conducting threat and risk analyses for specific NGN use cases;  Proposing security countermeasures;  WG7 security standardization process is risk-based. The Threats, Vulnerability and Risk Analysis (TVRA) methodology has been defined specifically to address the needs of the NGN security. The TVRA is ISO15408 (Common Criteria)-based

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 5 WG7 security – Current focus (NGN rel. 2):  Fixed-mobile convergence (authentication schema coexistence)  Media security  Network Address Translation  IPTV security  Impact of unsolicited communication in the NGN environment  Identity Management  Customer Premises Network Security

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS TISPAN NGN overview

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 7 TISPAN NGN outline UMTS FTTx WiFi/WiMax xDSL PSTN / ISDN Broadcast IP Transport layer NASS RACS Service layer PES Other… User Profile Applications PSTN Other network IMS

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS TISPAN NGN security

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 9 Security areas NGN Access Security Interconnection Security Intra-Operator Security Subsystems

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 10 Security Domains  A security domain (TS ) consists of the functional entities administered by a single authority (e.g. the same operator's network). A security domain is required to:  protect the integrity and the confidentiality of its functional elements,  ensure the availability of the elements and activities under its protection.  Interdomain interfaces are protected by security gateway functions (SEGF)  SEGFs connect domains using IPsec in ESP tunnel mode with Internet Key Exchange (IKE)  The actual inter-security domain policy is not standardized and is left to the discretion of the roaming agreements of the operators

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 11 TISPAN NGN Security Domains SEGF Access Network Security Domain Visited Network Security Domain Home Network Security Domain 3Party ASP Security Domain 3Party ASP Security Domain SEGF Securty Gateway Function IPSEC tunnel

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 12 Access Security  Access domain registration involves access-level authentication and authorization procedures between the UE and the Access Network.  Fixed broadband access (and non-3GPP WLAN access) may employ different access domain registration methods based on the access network configuration and operator policy.  These solutions usually do not rely on any kind of security token. An AAA infrastructure is used for bearer-level registration.  TISPAN requirements (TS ) states that NGN shall support both the use explicit (e.g. PPP or IEEE 802.1x) and/or implicit line authentication (e.g. MAC address authentication or line authentication) of the users/subscribers at the NASS layer.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 13 IMS Security  The IMS is independent of the transport network.  The identity of the accessing UE is checked at the edge of the IMS. The nodes in the IMS domain will trust SIP messages with asserted identity headers.  At the border of the IMS the P-CSCF is in charge of authenticate the UE and insert within each SIP request an asserted identity (token). This identity is passed between nodes in the IMS domain, with no need for further authentication.  IMS Authentication options (TS ):  Full IMS security: Authentication and Key Agreement (AKA) as defined by 3GPP (plus NAT traversal)  Early deployment scenarios: NASS bundled authentication HTTP DIGEST

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 14 IMS and call control P-CSCF I-CSCF S-CSCF P-CSCF I-CSCF S-CSCF P-CSCF I-CSCF S-CSCF Access VisitedHomeCalled UPSF DNS

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 15 UE Full IMS Security (IMS-AKA) NASS P-CSCFI/S-CFCS UPSF IMS NASS Auth. UICC User credential and secret Key IPSEC protects signalling confidentiality and integrity User profile, credential and keys NGN and UE are mutually authenticated (AKA) SIP protocol

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 16 UE NASS Bundled Authentication (NBA) NASS P-CSCFI/S-CFCS UPSF IMS NASS Auth. SIP protocol CLF NO UICC and NO IMS credential required NO IPSEC, the signalling is transmitted in the clear The authentication is one-way: only the NGN authenticates the UE User profile, no credential required

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 17 HTTP Digest (HD) UE NASS P-CSCFI/S-CFCS UPSF IMS NASS Auth. SIP Protocol NO UICC required (user credential and keys in the UE memory) Explicit authentication NO IPSEC: the signalling is transmitted in the clear User profile, credential and keys NGN and UE are mutually authenticated

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 18 Application Security (optional) UE UICC AS BSF UPSF HD over TLS GBA-u mode

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ETSI TISPAN NGN Security Standards

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 20 Security ETSI TISPAN specifications  Main Technical Specification  NGN Security requirements (TS )  NGN Security architecture (TS )  NGN Lawful Interception functional entities, information flow and reference points (TS )  Main Technical Report (feasibility studies).  NGN Threats, Vulnerability and Risk Analysis (TVRA) (TR )  NAT traversal (TR )  Media security (TR )  Impact of unsolicited communication in the NGN (WI )  Identity Management (WI )  Data Retention (WI ) All the TISPAN activities related to the core IMS have been delegated to the 3GPP

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS Conclusions

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS 22 Conclusions  NGN is divided into Security domains. Domains are considered to be trusted environment  Core or intra-domain security is mainly under the responsibility of the Operator  Inter-domain security is provided by SEGF  Access Authentication is performed on both service layer (e.g. IMS) and network attachment (NASS)  IMS-AKA (as defined by 3GPP plus NAT support) is the preferred solution for IMS authentication:  Identity and keys stored on smart card (UICC)  Mutual authentication between Network and UE (AKA)  IPSEC for the protection of the signalling only  Other authentication mechanisms (NBA, HD) have been defined for early deployment scenarios (short term solutions).