© Siemens NV/SA, October 2004 Communications Network and Information Security Report ICTSB/NISSG Stefan Goeman.

Slides:

Advertisements

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

Advertisements

OGSA Security Profile 2.0 (a.k.a. Express Authentication Profile) DUANE MERRILL October 18, 2007.

Identity Network Ideals – Heterogeneity & Co-existence

Network and Information Security Report – ICTSB/NISSG Dr. Angelika Plate.

A strategy for a Secure Information Society –

CEN/ETSI NISSG Project Network & Information Security Public Consultation 28 th June 2006 Ted Humphreys (Team Leader)

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

Internet Protocol Security (IP Sec)

OOI-CI–Ragouzis– Ocean Observatories Initiative Cyberinfrastructure Component CI Design Workshop October 2007.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Integration Considerations Greg Thompson April 20 th, 2006 Copyright © 2006, Credentica Inc. All Rights Reserved.

Lecture 23 Internet Authentication Applications

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

WS-Security TC Christopher Kaler Kelvin Lawrence.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Service Security CSCI5931 Web Security Instructor: Dr. T. Andrew Yang Student: Jue Wang.

Web services security I

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Web Service Standards, Security & Management Chris Peiris

Saml-intro-dec051 Security Assertion Markup Language A Brief Introduction to SAML Tom Scavo NCSA.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Cross-Enterprise User Assertion IHE Educational Workshop 2007 Cross-Enterprise User Assertion IHE Educational Workshop 2007 John F. Moehrke GE Healthcare.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV BOF IETF-67 San Diego November 2006 Andrea Doherty.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Web Services Standards. Introduction A web service is a type of component that is available on the web and can be incorporated in applications or used.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

An XML based Security Assertion Markup Language

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Sec Title: Considerations on use of TLS for MIH protection Date Submitted: January 14, 2010.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Using SAML for SIP H. Tschofenig, J. Peterson, J. Polk, D. Sicker, M. Tegnander.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Infrastructure Security: The impact on Telecommunications.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Web Services Security Mike Shaw Architectural Engineer.

Analysis of SIP security Ashwini Sanap ( ) Deepti Agashe ( )

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

© ETNIC l l Anne Noseda l WSGenCon 2.0 Presentation 1 WSGenCon /02/2010 E2SA – Equipe Support Standard Architecture.

Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden

Access Policy - Federation March 23, 2016

Web Services Enhancements 2.0

Presentation transcript:

© Siemens NV/SA, October 2004 Communications Network and Information Security Report ICTSB/NISSG Stefan Goeman

© Siemens NV/SA, October 2004 Communications Background Existing NIS-Report from 2003 The new EU Report Communication form the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions: A strategy for a Secure Information Society – Dialog, partnership and empowerment A lot of new developments in Network and Information Security

© Siemens NV/SA, October 2004 Communications My Expertise Each member of the team has some specific expertise. In my case, this is: ICT Industry, Telecom, ISP Authentication protocols Web Service Security Identity Management E-government Belgium eID card Digital Rights Management

© Siemens NV/SA, October 2004 Communications ICT Industry, Telecom and ISPs Web Services Security (WS-Sec): E-buisiness environment is based on Web Services. Therefore security for web services is necessary (i.e. securing SOAP messages end-to-end) The following specifications make up WS-Sec 1.1 OASIS standard: WS-Security Core Specification 1.1 Username Token Profile 1.1 X.509 Token Profile 1.1 SAML Token Profile 1.1 Kerberos Token Profile 1.1 Rights Expression Language (REL) Token Profile 1.1 SOAP with Attachments (SWA) Profile 1.1 SOAP: SIMPLE Object Access Protocol

© Siemens NV/SA, October 2004 Communications ICT Industry, Telecom and ISPs IETF is an important contributor to security standardization. With respect to network security, following specifications are important, and included in the report: IPsec protocol suite: (IETF IPsec work group is concluded) RFC4301: Security architecture for the Internet Protocol. RFC4302: Authentication Header security protocol. RFC4303: Encapsulating Security Payload protocol. RFC4306: The Internet Key Exchange (IKEv2) protocol. … TLS protocol suite: RFC4346: The Transport Layer Security (TLS) Protocol Version 1.1 RFC4366: Transport Layer Security (TLS) Extensions RFC4492: ECC Cipher Suites for Transport Layer Security (TLS) RFC4279: pre-Shared Key Ciphersuites for TLS … Protocols for securing the infrastructure: DNS security, ENUM security, security of routing protocols (BGP, OSPF)

© Siemens NV/SA, October 2004 Communications Identity (and Privacy) Management Form an end-users point of view, identity and privacy management is (becoming) very important! Two initiatives: Industry for a, not really standardization bodies. Rely on other standards Liberty Alliance Project: Industry forum defining specifications in the area of identity management (single-sign-on, privacy management via pseudonyms, … ) and Identity based web services Based on Web Services specifications: The web services specifications are more loosely coupled, but it is possible to realize identity management based on specifications like: WS-Federation Currently not included in the report SAML: Security Assertion Markup Language

© Siemens NV/SA, October 2004 Communications E-government Belgium eID card PKI-based solution: eID card contains 2 certificates. E-government applications: Request official documents via the Internet (birth certificate, …) Fill in and sign your tax form. Access to your own personal information ( Will replace the electronic health insurance card (SIS card) … Other applications (not related to e-government): Secure chat boxes Libraries Hotel room reservation … Currently not yet included in the report

© Siemens NV/SA, October 2004 Communications Digital Rights Management Currently not in scope of new NIS-Report Many proprietary systems available (Apple iTunes, Windows Media DRM, …) and only few standards available: OMA DRM v1 and v2 In general DRM system all do more or less the same thing. The differences lie in details like content formats and rights expression languages OMA: Open Mobile Alliance

© Siemens NV/SA, October 2004 Communications Contributions to the report Providing the context for security for Next Generation Networks Evolution from SS7 based telco systems (closed systems) to VoIP (SIP-based) telco systems (more open systems) Providing an update of section 9.4 on Network Encryption: Updates on IPsec Updates on TLS Inclusion of Web Services Security