3rd Security Workshop Report - ETSI

ETSI 3rd Security Workshop 15-16 January 2008 - Sophia-Antipolis, France Workshop Report

1

ETSI 3rd Security Workshop 15-16 January 2008 - Sophia-Antipolis, France

Workshop Report


2

Overview................................................................................................................... 3

Keynote speeches ...................................................................................................... 4

Session 1: Mobile Security ....................................................................................... 7

Session 2: Security initiatives within CEN and CENELEC ..................................... 9

Session 3: Lawful Interception............................................................................... 11

Session 4: New Challenges..................................................................................... 13

Session 5: Smart Cards........................................................................................... 15

Session 6: International Standardization ............................................................... 17

Session 7: NGN Security ........................................................................................ 19

Session 8: Cryptography......................................................................................... 21

Workshop Closure .................................................................................................. 23


3

Overview The 3rd ETSI Security Workshop, organised and hosted by ETSI in Sophia Antipolis, France, took place on 15-16 January 2008. It counted 125 attendees with a vested interest in Security Standards. The agenda included eight sessions, with presentations given by experts representing organizations such as ETSI, CEN, CENELEC, European Commission, ITU-T, ENISA, as well as the private sector, government and universities. The workshop provided interesting information on all topics covered, with special focus on standardization efforts related to such topics. Besides, it provided co-operation opportunities, and directions for future work..


4

Keynote speeches Welcoming speech – Walter Weigel, ETSI Director General The ETSI Director General, Dr. Walter Weigel, welcomed the participants to the 3rd ETSI Security Workshop. Dr. Weigel stressed the high importance and value of the standardization work within the security arena..

Speech from the European Commission Achilleas Kemos - DG INFSO: Internet; Network and Information Security Mr. Kemos gave an overview of the EC strategy with regards to Network and Information Security (NIS). The key objectives are to revitalise the EC strategy set out in 2001 and to adapt the EC approach to future challenges. The main principles are to improve and develop a culture of NIS from technical, economic, social and legal perspectives, in order to move towards a more secure Information Society. The challenges for stakeholders come from the necessity to take the responsibilities for their roles. The empowerment to achieve these objectives will come from assigning higher responsibilities to operators, promote diversity, openness, interoperability, competitiveness, and to increase a culture of risk management within the organisations. Mr. Kemos pointed out that the protection of communication and information infrastructures is a priority for a European NIS strategy, due to the critical dependencies of other infrastructures, such as energy, finance and transport, on ICT. In December 2006 the EC adopted a proposal for a directive whose scope is to establish a common procedure concerning the identification of European critical infrastructures, according to predefined criteria. EC objectives include to enhance the level of CIIP preparedness and response across the EU, and to ensure that adequate and consistent levels of preventive, detection, emergency and recovery measures are put into operation. The EC aims at strengthening the incident response capabilities in Europe with actions such as making sure that each Member State has a governmental CERT, and to create EISAS - multi-lingual European Information Sharing and Alert System.

ETSI Security Activities Overview - Charles Brookson - ETSI OCG-Security Chairman, UK BERR, and Adrian Scrase - ETSI Vice-President International Partnership Projects Mr. Scrase started this joint presentation by providing a brief overview of ETSI. ETSI is a European Standards Organization setting globally-applicable standards for Telecommunications and other Electronic Communications networks and services. ETSI is an independent, not-for-profit, organisation created in 1988. Among various globally recognised achievements, ETSI created the GSM standard. ETSI is ISO 9001:2000 certified. It offers direct participation to members, and is a founding partner of 3GPP. ETSI has more than 16 000 publications, all freely available!Mr. Scrase reminded the three roles of ETSI, as a European Standard Organisation (ESO),Global Standards Producer (GSP) and Service Providing Organisation (SPO). He gave an overview of the areas of ETSI activities, among others Next Generation


5

Networks (NGN) Ultra wideband (UWB), GRID, RFID, Low Power Devices, Emergency communications, GSM on aircraft, Communications for Public Safety. Mr. Brookson highlighted the ETSI activities in Security. ETSI OCG (Operational Coordination Group) Security is a horizontal co-ordination structure for security activities inside ETSI and with organizations outside. The activities of ETSI in Security include: • Mobile and Wireless Security • Security features for TETRA • Security Algorithms • Smart Card Standardization • Next Generation Networks Security • TISPAN WG7 • Lawful Interception • Data Retention • Electronic Signatures A number of issues are open and are considered as future challenges, which ETSI wants to address, such as Security Metrics, RFID Security and Privacy among many others Mr. Scrase pointed out that the main objectives of this workshop include discussing the evolution of security standardization efforts while current threats evolve and new threats emerge, and receiving feedback from Members to ensure that future standardization activities will cover new topics in a timely manner. He stressed that, although some work on security metrics has been done within TISPAN there is much more work in this area which needs to be started.

ENISA Activities in Security - Elisabetta Carrara - ENISA Security Expert Elisabetta Carrara provided an overview of the activities within ENISA in 2007 and the Work Programme for 2008. She showed the work ENISA has carried out in the area of security awareness raising (including the production of a user guide on this subject matter, and information packages), and mentioned reports and recommendation for CERT activities (such as guidelines on how to set up a CERT). ENISA is currently strengthening the relations with a large and diverse number of stakeholders, including Member States and EU bodies. Elisabetta Carrara reminded the participants that ENISA publishes the magazine “ENISA Quarterly”. She highlighted the study ENISA has carried out regarding anti-spam systems and related results. Elisabetta Carrara informed the participants that ENISA has produced three freely available “Position Papers”, written with Virtual Groups of Experts, which cover the following topics: Botnets, Reputation-based Systems and Online Social Networks. Other subjects are going to be considered for new Position Papers in 2008. She highlighted the ENISA activities with regards to Risk Management, such as an inventory of methods and tools, an information package of best practices for SMEs with regards to Risk Management and Risk Assessment.


6

Elisabetta Carrara said that ENISA activities for 2008 will include improving resilience in European e-Communication networks, developing and maintaining co-operation models, indentifying emerging risks for creating trust and confidence, and building information confidence with micro enterprises. Following a question from a participant, Elisabetta Carrara pointed out that ENISA works intensely in co-operation with external experts in order to achieve its objectives. She encouraged the participants to be in contact with ENISA and to provide their expert contributions.


7

Session 1: Mobile Security Charles Brookson, ETSI OCG-Security Chairman and representative of UK BERR, chaired the session.

3GPP Security hot topics: LTE/SAE and Common IMS - Valtteri Niemi - 3GPP SA3 Chairman, Nokia Valtteri Niemi provided some historical background on this topic. He mentioned the various security specifications related to 3GPP releases and relevant work done by the SA3 Working Group. Valtteri Niemi went on to explain Common IMS security. He started from IMS (SIP) security in Rel. 5 and related aspects such as authentication and key agreement, security mechanism agreement and R99 access security. Then he explained the enhancements introduced in Rel. 6 and Rel. 7, and lastly in Rel. 8 with the introduction of Common IMS security. Enhancements include several new normative annexes to TS 33.203, early IMS security TR 33.978 promoted to TS, and media security. He also showed different IMS authentication schemes. Valtteri Niemi explained features of SAE/LTE (System Architecture Evolution / Long Term Evolution): SAE offers IP-based architecture and LTE offers higher data rates, up to 100Mbps. He said that Nokia tackled the implications on security, such as many different access technologies, by enhancing various security functions, such as a deeper key security hierarchy and adequate crypto-algorithms.

Update on Security, Fraud thefts and Operators initiatives in GSM and 3G - James Moran - GSMA Fraud and Security Director James Moran gave an overview of the GSM Association, which is the world’s largest and leading cellular trade association, which aims at arriving at a single voice on behalf of the operator community to establish building block requirements. He listed the various GSMA Security Services, including algorithm distribution services, fraud and security advisory service, support and project management, document and online content maintenance, security accreditation scheme, GSMA fraud training programme, IMEI database, monitoring and reporting on handset theft. He presented the GSM Security Group, which is chaired by Charles Brookson. Its Terms of Reference include the identification and analysis of security risks to which network operators are exposed, among others tasks. He highlighted various objectives including the mitigation of emerging and evolving threats. James Moran listed a number of past successes, such as regular algorithm improvements, lawful interception as a standard, handling press comments and speculations, influence on 3G standardisation, and various others. He listed the main Work Items of the Security Group for 2008, and explained the key deliverables and industry benefits. He finally pointed out that the participation and contribution of the operator and vendor communities are critical to ensure alignment and overall enhancement of security levels. A participant whether it was planned to have some communication channel to obtain feedback from users with regards to security issues. James Moran answered by saying


8

that users can currently provide reports/feedback, and it is planned to have an entirely separate website to channel feedback from users, as soon as possible. A participant pointed out that there are currently eight operating systems used for mobile communication applications which can be attacked by a number of threats, and asked what GSMA is doing to tackle this. James Moran answered by pointing out that GSMA looks into the industry requirements to build a framework to react to such security matter, however he recognised that this issue needs further investigation and work by GSMA.

IETF Security standardization activities - Hannes Tschofenig - Nokia Siemens Networks, IETF keyprov WG Chair Hannes Tschofenig gave a general overview of the IETF Working Groups. These are over 110 divided in eight areas, one of which is the Security Area. Security work is carried out in this area but also in other areas. He explained the Session Initiation Protocol (SIP) in a nutshell [RFC 3621], he mentioned other related RFCs, with special attention to RFC 3323 which deals with Privacy in SIP and provides the guidelines for maximal user privacy. Hannes Tschofenig explained the SIP Cert solution, which encompasses user managed credential storage, and the SIP SAML solution, which defines how SAML works together with SIP in alignment to SIP Identity (SAML describes XML documents with security contents). He highlighted the new challenges which encompass the need for agreements in order to make decisions regarding future actions. A major issue from this perspective consists in the conflicting interests of various stakeholders. A participant asked to clarify the future direction of work with regards to authorization policies. Hannes Tschofenig answered that they are trying to balance the various needs, from the commercial environment, from the military, and from the users. There is no easy answer, and the efforts in this delicate area are ongoing.


9

Session 2: Security initiatives within CEN and CENELEC John Ketchell, CEN/ISSS Director, chaired the session. He gave a brief introduction of the presentations within the session, as well as an overview of other relevant current work within CEN, and future work coming soon.

Cost-effective authentication and integrity of electronic invoices - Nick Pope - CEN eInvoicing Workshop, Thales eSecurity The topics covered by Nick Pope’s presentation included the concerns with regards to the authenticity and integrity of invoicing, and the aims and objectives of CEN e-invoicing WG3. He pointed out the large amount of VAT losses through fraud, and he explained the role of authenticity and integrity in VAT fraud, such as the evidence of transactions for all parties and protection to business against external attacks (but not direct protection against fraudulent business practices). Nick Pope mentioned the relevant articles of the Council Directive on VAT Harmonisation, and gave an overview of the divergence in application of the EU Directive among member states. CEN eInvoicing Working Groups aim at redressing this situation and increase harmonisation among ENs in alignment with the EU Directive. The Terms of Reference of the WG3 include the cost-effective authenticity and integrity of electronic invoices and related business documents regardless of formats and technologies. Nick Pope explained the Approaches and Inputs of the CEN eInvoicing WG3, and gave an overview of the timescale of the work which is going to be carried out by CEN in co-operation with FISCALIS: draft CWAs including key controls for July 2008 and a CWA ready for publication for July 2009. The rate at which VAT fraud is increasing was discussed with some participants.

ESCoRTS: A European network for the Security of Control and Real-Time Systems - Alberto Stefanini, JRC Alberto Stefanini started his presentation by outlining the covered topics, and pointed out that ICT is a business enabler, but at the same time it is a source of security risks. He explained the threats and vulnerabilities of Supervisory Control and Data Acquisition (SCADA), as well as the potential high impact on all business sectors. He mentioned the current international efforts with regards to security aspects of SCADA, such as the activities of CEN BT/WG 161 “Protection and Security of the Citizen”. Alberto Stefanini explained the differences between the approaches of Europe and USA. An EC Expert Group (EG) started to work towards the proposal of a European network for the Security of Control and Real-Time Systems (ESCoRTS). The negotiations started in October 2007 with regards to the proposal for a 2.5 year EU Coordination Action, with several partners involved (CEN, JRC, ENEL among many others) to achieve several objectives including common understanding of industrial needs and requirements, raise awareness among stakeholders, identify and disseminate best practices, and create a convergence of efforts. A discussion with several participants highlighted that there is an ongoing learning process within this subject matter, in order to gain the best possible understanding of the many facets involved.


10

CEN Anti-Counterfeiting Workshop - Nadine Ruhle-Niestroy, TUV Rheinland Japan Ltd Nadine Ruhle-Niestroy gave a overview of the European Committee for Standardization/Information Society Standardization System (CEN/ISSS) and explained the work of the CEN Workshop (WS) on Anti-Counterfeiting. She outlined the background with regards to counterfeiting, highlighted the seriousness of the threat to various business sectors and consumers, and stressed the vast dimension of the financial impact. Nadine Ruhle-Niestroy explained that the purpose of this CEN WS is to provide a CWA to describe a framework for authentication and secure tracking of legitimate products. The scope/deliverables include the definition of the protocols for the detection of counterfeit goods and provision of proof that enable seizure of counterfeits, leading to the arrest of the perpetrators or traders, and persuade a criminal court of the perpetrator’s guilt in creating and/or trading in those counterfeits. She concluded by listing the WS Liaisons with various organisations including ETSI, ANSI NASPO, WCO and other CEN WG and TC.


11

Session 3: Lawful Interception Scott Cadzow, C3L, ETSI LI Vice Chairman, chaired the session.

Lawful Interception and Data Retention standardization activities - Scott Cadzow - C3L, ETSI LI Vice Chairman Scott Cadzow started his presentation by highlighting the “overall problems”: criminal activity degrades quality of life of the affected parties, countering criminal activity is expensive, and criminal activity does not respect national, legal or technological borders. Scott Cadzow explained the standardization work carried out by the ETSI Technical Committee (TC) Lawful Interception (LI), and the requirements placed on CSPs with regards to Lawful Interception and Data Retention, as well as the main related activities, including forensics support. He showed the overall technical view, and highlighted the problems to overcome, including the need for identity to be authoritative in order to allow Law Enforcement to prosecute, various identity problems such as target identification, and the difficulties in clarifying what constitutes a CSP (PSTN, NGN, ITS, PAMR/PMR, Internet?). Scott Cadzow explained that the ETSI’s dilemma is caused by several factors: most technologies not written for LI and DR, the support for LI and DR introduces new security problems on the network as well as data integrity maintenance issues, and finally ETSI needs to make sure that it is not seen as a substitute enforcement agency. ETSI’s standardization activities to respond to the above needs and problems are co-ordinated by the TC LI: ongoing efforts include the definition of handover interface for LI and DR with Law Enforcement Agencies (LEAs).

Secure, verifiable and intelligible audit logs to support computer forensics in lawful interception - Elena de la Calle Vian, Ministry of Industry, Spain Elena de la Calle Vian started his presentation by explaining the problem through the example of the Greek telephone tapping case in 2004-05 (the people responsible for these crimes are not known yet). She mentioned the ETSI TS 101 331 which underlines the requirements of LEAs. Elena de la Calle Vian listed the challenges in log management, such as log generation and storage, log protection and log analysis. These challenges require the creation and maintenance of an overall secure log management infrastructure. She highlighted the log management operational processes and the related important issue of ensuring log security. Elena de la Calle Vian discussed various approaches to log security, and mentioned the conceptual guidelines available today, also highlighted by ENISA. She mentioned LOGCRYPT, an open source software implementation used for secure logging. Elena de la Calle Vian informed the participants that the Ministry of Industry has promoted recently the setting of a test environment to test tools and protocols to help improving log security, verifiability and intelligibility, taking into account cost effectiveness and operational issues. Finally, she mentioned an ongoing Work Item of the ETSI TC LI with regards to Security Framework in Lawful Interception and Retained Data environment.


12

A participant asked Elena de la Calle Vian if she had some figures of the logs incident she mentioned in her presentation. She answered that all logs were completely erased; hence the log lifecycle was broken with potentially high security impact. It was also discussed that working towards a tamper resistance level of protection is not an easy endeavor, and any contributions or suggestions with regards to this matter are welcome.

Lawful Interception of VoIP in Highly Decentralised Systems - Jan Seedorf, NEC Laboratories Europe Jan Seedorf’s presentation offered an overview on VoIP signalling without central components (P2PSIP) and the current standardization of P2PSIP in IETF. This decentralisation presents various challenges for LI, such as different types of VoIP Service Architectures, with consequences such as signalling (IRI) and media (CC) can take different routes, hence be delivered by different entities. Besides, the node (entity) for intercepting the CC has to be determined in real-time from the IRI. Jan Seedorf showed the ETSI Reference Model for LI in IP networks, gave a technical overview of P2PSIP, and further highlighted the challenges posed to LI by the P2P technical features. Finally Jan Seedorf discussed possible solutions with respect to future standardization, currently under discussions, such as footprints in terminal and devices, intercepting all IP traffic and infiltrating P2P networks. It was highlighted with some participants that the various standardization options need further discussions to have a better general understanding of the way forward. It was also discussed that the P2PSIP technology has also impacts on Data Retention activities.


13

Session 4: New Challenges Charles Brookson, ETSI OCG-Security Chairman and representative of UK BERR, chaired the session.

Trusted Computing and Trusted Computing Group (TCG): Technology and Standardization Work - Claire Vishik - Intel, Security and Privacy Policy and Standards Manager Claire Vishik introduced the Trusted Computing technology and the Trusted Computing Group (TCG). She highlighted some platform authentication and attestation aspects of the Trusted Computing technology, and related security issues. She explained that Operating Systems and applications typically use software to protect keys and secrets, and there is no standardized and isolated place to create and store secrets. Hence the need to increase standardization efforts to enhance the security of Trusted Computing. Claire Vishik talked about structure, membership and specifications of the Trusted Computing Group (TCG). TCG is an international industry standards group, whose mission is to develop and promote open, vendor-independent, industry standard specifications for Trusted Computing. TCG includes 144 Members as of December 2007. Claire Vishik gave an updated of the market status of the Trusted Platform Module (TPM). She explained current product implementations, listed TMP vendors and explained several TCG solutions. Finally, Claire Vishik gave an overview of the main TPM key features and capabilities

Producing and maintaining Standards for Emergency Communications - Jean-Pierre Henninot - ETSI EMTEL ViceChairman, MINEFI France Jean Pierre Henninot started his presentation by explaining that Emergency Telecommunications include all communication services, with requirements covering needs for individual Alert, needs for actors of rescue, information needs of population and individuals. He highlighted the main responsibilities of EMTEL, including to co-ordinate ETSI positions on EMTEL related issues, as well as interfacing between ETSI and many other organisations. Jean Pierre Henninot listed the user requirements and scenarios. He explained the EMTEL Document Structure, as well as the various technology issues. Jean Pierre Henninot highlighted the EMTEL matters in other ETSI Bodies, and the roles of the various standardization groups. EMTEL also co-operates with external Bodies such as NENA, involving EMTEL and TISPAN, and has regular liaison with TIA, ITU-T and NATO. Jean Pierre Henninot discussed the EMTEL involvement in EU projects such as the eCall project and the PSCE forum. Finally he informed/reminded about the next EMTEL meeting on 11-13 March 2008 in Ispra, Italy.

ETSI TC related activities: STF 318 (REM) and XAdES interoperability event - Riccardo Genghini - ETSI ESI Chairman, Studio Notarile Genghini Riccardo Genghini gave an overview of the main areas of activity within the TC Electronic Signatures and Infrastructures (ESI). These are electronic signature


14

interoperability (signature formats and profiles, policies, security requirements), adoption of ETSI (ESI) Standards by other Standard Bodies and Fora, and Registered Email Standardization (REM). Riccardo Genghini stressed that interoperability tests which have been undertaken until now have proved successful, as the standards have been used successfully for these tests, e.g. by the Electronic Commerce Promotion Council (ECOM) of Japan. Riccardo Genghini also pointed out that REM has met very high interest in the marketplace. The Specialist Task Force (STF) 318 has worked successfully on this subject, and further work is ongoing. Finally Riccardo Genghini gave the STF 318 leader Juan Carlos Cruellas the opportunity to explain the ETSI Plugtests interoperability activities, and to introduce the first remote XAdES interoperability event, scheduled for 3rd to 7th of March 2008. It was discussed that ETSI specifications do not investigate the content format, as long as Electronic Signatures are classified as “Qualified”.


15

Session 5: Smart Cards Xavier Piednoir, 3GPP CT6, ETSI SCP Technical Officer, chaired the session.

Developments within the ETSI Smart Card Platform Group - Klaus Vedder - ETSI SCP Chairman, Giesecke & Devrient GmbH Klaus Vedder started his presentation by introducing the ETSI TC SCP, the Smart Card Committee, founded in March 2000 as the successor of the working group SMG9. The SCP mission is to create a series of specifications for a smart card platform, based on real-life requirements, on which other bodies can base their system specific applications to achieve compatibility between all applications resident on the smart card. Klaus Vedder gave a historical overview of the SIM, as a removable security module which has become the driver of smart card technology. He also pointed out the high importance of the SIM for the growth of GSM. Klaus Vedder explained the technical evolution of the smart card chip up to today’s solution. The security of the SIM is a function of hardware and software, and Klaus Vedder stressed that the SIM has never been broken. Klaus Vedder highlighted the work being done within the ETSI TC SCP to move from the SIM, as “mono-application” smart card, to UICC, as a “multi-application” platform. He explained what is the core specification for this work (physical and logical characteristics of the card/terminal interface) and highlighted that ETSI TC SCP has published over thirty specifications, nine of which were approved over the last year. Klaus Vedder stressed that a high speed interface protocol is needed to make sure that the SIM will be transformed into a real internet device with the advantage of enabling the users to use a wealth of functionalities, e.g. the mobile phone working like a contactless card for payment, ticketing, access control, etc. Klaus Vedder concluded his presentation by expressing his vision to turn today's mobile phone into a multipurpose terminal, personal security device, and lifestyle tool by exploiting the High Speed Protocol and the contactless communication channel of the UICC. This was followed by a discussion with several participants which highlighted security aspects of the future implementations.

Secure Internet Connectivity with the Internet Smart Card - Walter Hinz, Giesecke & Devrient GmbH Walter Hinz started his presentation by expressing the vision of an internet smart card, and explaining the hardware requirements necessary to achieve this aim. He showed the features of the future internet smart card, explained the related communication architecture, web connectivity aspect, initial self configuration procedure, and the applications (authentication gateway and access control). Walter Hinz showed a Lotto Application example, which encompassed the use of a Lotto Internet Stick. Finally, he explained some details of the standardization of the middleware interface.


16

ETSI Smart Card Platform Requirements Work Group: USSM, Secure Channel and Confidential Applications - Ilario Macchi, Telecom Italia, ETSI SCP REQ Chairman Ilario Macchi gave an overview of the ETSI SCP REQ working group, with responsibilities and tasks. He listed the mail SCP Rel-7 requirements, which are in the TS 102 412, and explained that security requirements have driven the adoption of new features to improve the capability of the Smart Card platform, such as the UICC Security Service Module (USSM), Secure Channel and Confidential Applications. He showed the high level architecture of the USSM, as specified by the TS 102 569. The SCP REQ vice Chairman Tim Evans gave part of the presentation by highlighting Secure Channel features, standardised with the ETSI TS 102 484, approved in October 2007. Ilario Macchi explained that “Confidential Applications” is a current SCP REQ Rel-8 Work Item, the results of which will allow the card application owner to deliver an application to the card issuer and/or card manufacturer in a way to preserve the confidentiality of the application, including reverse engineering.

Secure UICC Hardware Platforms - Gerd Dirscherl, Infineon Technologies (ChipCard) Gerd Dirscherl gave a presentation focused on how the secure module is moving from the past SIM to the current SIM/UICC, and provided technical aspects of the future UICC (multiple hardware interfaces, multiple applications, pre-emptive multitasking. Gerd Dirscherl highlighted that security challenges related to the development and implementation of the future UICC, such as how to certify a multi-interface/-tasking Operating System, how to certify a native application and the possibility of new attack scenarios with respect to those related to the SIM. Then he explained how the above mentioned challenges can be tackled, respectively with certification of configurable SW (e.g. SLE 88 PSL 2.0), virtualization techniques, and taking advantage of lessons learned from the PC. Finally he provided an explanation of the features of the SLE 88 Secure Platform for Multi-Interface/-Application.


17

Session 6: International Standardization Mike Harrop, ITU-T Rapporteur SG17 Q4, Communications Security Project, chaired the session.

ICT Security Standards Roadmap: an Update - Mike Harrop, ITU-T Rapporteur SG17 Q4, Communications Security Project Mike Harrop provided a review of the objectives and status of the ICT Security Standards Roadmap, which includes assisting in the development of security standards, to provide information to any standards stakeholders, and to help identify gaps where standards are needed. He provided the key developments over the last year, and pointed out that ENISA and NISSG joined ITU-T as partners. Mike Harrop showed the various parts of the Roadmap Structure, and highlighted the key points. He explained that the ITU-T database allows easy searching by organisation or topic, and work is ongoing for a constant improvement of the database. Mike Harrop informed the participants that SG17Q6 at its December 2007 meeting decided to create a subject group to treat a number of issues surrounding the definition of this term of Identity Management, detail its pervasive use over many years in ITU-T specifications and the industry. Mike Harrop invited anybody who would like to contribute to this work to contact him to foster co-operation.

Global Cybersecurity: the role of International Standards - Solange Ghernaouti - Professor, Faculty of Business and Economics, University of Lausanne Solange Ghernaouti explained the implications of cybersecurity for various social/professional layers, such as policy makers, justice and police professionals, organisations’ owners, shareholders, information technology professionals and providers, and end user citizens. She provided recommendations for each of these social/professional groups, with regards to the knowledge that each group needs to gain in order to obtain their specific targets. Solange Ghernaouti highlighted that cybersecurity cannot be regarded as an option in today’s society, but rather a must. In order to achieve a continuous improvement in such matter, it is necessary to adopt international approaches, standards, regulations and best practices, which are applicable at national and regional levels and are compatible at the international level, in order to gain a common understanding of what cybersecurity means to all, co-ordinate the necessary actions at international level and avoid duplication of efforts. She pointed out that ITU has established a global framework for international cooperation in cybersecurity, The Global Cybersecurity Agenda is based on five pillars: legal measures, technical and procedural measures, organizational structures, capacity building and international co-operation.

Global Standards Initiative on Identity Management (IdM-GSI) - Scott Cadzow - C3L, ETSI LI Vice Chairman Scott Cadzow provided a report of the Focus Group on Identity Management (FG IdM), and a review about related ETSI’s contribution. He highlighted the FG IdM


18

Terms of Reference (scope and objectives) and the Focus Group Output, including collaborative working methods and reference material among the deliverables. Scott Cadzow provided an overview of the evolution of the definition of “identity management”, and showed the ETSI definitions of “identifier”, “identity”, identity crime”, identity fraud” and identity theft”. Then he explained what are the pillars and the related facets for a Global Interoperable IdM. In such scenario, the FG has produced initial standardization work which was delivered to ITU-T Study Group 17 in September 2007. The FG itself has now been replaced by several IdM fora. Eventually, the FG IdM has evolved into IdM GSI, i.e. Global Standards Initiative for Identity Management. Scott Cadzow provided an overview and analysis of Identity in the NGN. He highlighted the identity problems, such as proliferation of non-authoritative id and identifier uncertainty. This poses challenges for achieving identity assurance, and he mentioned ETSI standards related to this matter. Finally he provided an overall security analysis for NGN, including NGN objectives for identifiers. It was highlighted by a participant that creating protocols for identity assurance is objectively a very big problem of extremely difficult solution. Scott Cadzow recognised that it is not an easy challenge, but nonetheless the problems of identity theft and fraud cannot be put aside. Rather, it is indispensable to take on the challenge, while recognizing that there is no easy solution. Scott Cadzow explained that the problem has been tackled within ETSI until now by looking into the overall matter rather than into specific details.

Architecture and Privacy Issues for Biometric-Based Identity - Jean-Paul Lemaire - Paris Diderot University Jean Paul Lemaire gave an overview regarding the role of biometrics in Secure Identity Management. He informed the participants that the ITU-T Focus Group on Identity Management has produced several reports which highlight future actions needed in relation to Identity Management. These reports can be downloaded from the ITU-T FG IdM web site with username and passwords provided in the presentation slides. Jean Paul Lemaire explained that biometrics (what one is) provide “strong identification”, where “strong” is due to the fact that biometrics cannot be given away, whereas a password (what one knows) or a smart card (what one has) are clearly not as strong. However, the real strength of biometrics depends on the accuracy of biometrics systems, which all have “false matches” and “false non-matches” rate, hence a balance needs to be taken in setting the threshold for tuning the specific biometrics systems. This is based on both security and public concerns. A participant observed that DNA biometrics would fail for identical twins. Jean Paul Lemaire replied that this is a potential issue; however it is possible to use multimodal biometrics to mitigate this risk.


19

Session 7: NGN Security Judith E. Y. Rossebø, ETSI TISPAN WG7 Chairman, Telenor R&D: NGN Security, chaired the session.

NGN Security standards for Fixed-Mobile Convergence - Judith E. Y. Rossebø - ETSI TISPAN WG7 Chairman, Telenor R&D Judith Rossebø provided background information about the ETSI TC TISPAN NGN. TISPAN is responsible for all aspects of standardization for present and future converged networks including the NGN (Next Generation Network) and including, service aspects, architectural aspects, protocol aspects, QoS studies, security related studies, mobility aspects within fixed networks, using existing and emerging technologies. Judith Rossebø showed the TISPAN NGN architecture and highlighted various security aspects and related standards. She pointed out that NGN Feasibility Studies are fed into TISPAN Core Security Documents (TRs and TSs). Judith Rossebø highlighted the current standardization work on the prevention of Unsolicited Communication (UC) in the NGN. She explained the role of STFs in ETSI TISPAN WG7, in the areas of security standardization methods, security guidelines, standards development, and highlighted the use of the methods developed by STFs for IPTV security requirements engineering. Finally, Judith Rossebø listed the various hot topics for future work, including IPTV security and adding UC prevention as a feature, among many others.

VoIP, NGN and DoS: Attack Scenarios, Detection and Prevention - Dr. Dorgham Sisalem - Tekelec Germany Dorgham Sisalem started his presentation by warning against “security myths” (such as PSTN or firewalls being completely secure). He pointed out that in the future we can expect a variety of threats on top of the current ones, such as threat agents causing increasing attacks to VoIP networks, Dorgham Sisalem highlighted that any attacks that apply to any device connected to the internet, or that apply to Web and mail, also applies to SIP. He explained some technical details related to a number of SIP attacks, which can lead to fraud, such as billing fraud (guessing admin passwords and credentials to get free access to PSTN) and credit card misuse (use of free VoIP calls to service numbers in order to test credit card pins). Besides, there are a number of possible unintentional attacks (bad configuration, buggy software) with the consequence that the end systems generate too much useless traffic. This should not be underestimated as it is the most common scenario today. Dorgham Sisalem concluded by giving a brief overview of general protection approaches (“moat and fortress” or “peace keeping”?), and by providing an explanation of the VoIP Defender system.

PSTN/ISDN Emulation Subsystem (PES) within a NGN - Steve Covey - British Telecommunications plc Steve Covey provided an overview of the PES architecture and the 21C voice architecture. He gave some details of the PES architecture, based on the TS 187 003, whose main features are H248 Security (related work is ongoing within the TC


20

TISPAN) and “Secure Domain”. Then he showed a high level diagram of the BT 21C System Architecture for Voice, explained that BT took a pragmatic approach for its development, and provided more details about the main requirements, most importantly those related to maintaining “Secure Boundaries”. Following a question by a participant, Steve Covey explained that prioritization mechanisms are used in order to manage the traffic in order to satisfy the technology requirements.

Comparison of the work of different SDOs regarding UC/SPIT with a demonstrator - Thilo Ewald - NEC Europe Ltd Thilo Ewald started his presentation with a brief overview of the SPAM issue with related social and business consequences. He provided a forecast of next generation SPAM, which might impact the performance of the new technology (NGN). He explained the possible approaches to react on Unsolicited Communication (UC) such as SPAM calls using VoIP. Thilo Ewald provided a general overview of the related ongoing work in the SDOs (IETF, ITU, 3GPP, TISPAN, and others). Within IETF, documents have been produced for the prevention of SPIT (Spam over Internet Telephony). ITU is working on multimedia SPAM issues within the Study Group 17. 3GPP efforts are focused on SMS/MMS SPAM. TISPAN is working on various aspects of UC (currently a feasibility study of preventing UC in the NGN). Besides UC efforts are ongoing in other SDOs such as GSMA and OMA. Finally, Thilo Ewald gave an overview of VoIP SEAL (VoIP Secure Application Layer Firewall) and explained its main characteristics. VoIP SEAL is the NEC’s demonstrator for identifying, analysing and preventing UC in the VoIP environment.


21

Session 8: Cryptography Charles Brookson, ETSI OCG-Security Chairman and representative of UK BERR, chaired the session.

Standardization of Quantum Technologies and Quantum Cryptography: FP6 Integrated Project SECOQC - Thomas Länger - IT Security Assessment and Certification Quantum Technologies, Smart Systems Division Austrian Research Centres GmbH Thomas Länger provided an overview of the project SECOQC, for the Development of a Global Network for Secure Communication based on Quantum Cryptography. This is an EU-Integrated Project FP6, whose general objective is the development of a network for the generation and distribution of symmetrical secrets between arbitrarily remote network nodes. The scientific and technological objectives include working towards certification and standardization. This project is co-ordinated by the Austrian Research Centres and takes advantage of contributions from 41 participants from 11 European Countries. Thomas Länger explained that the project SECOCQ consists of three parts, covering quantum, infrastructure and implementation aspects. He highlighted that a key characteristic of Quantum Cryptography is “provable security”, even in presence of an attacker with unlimited computational power. However, there are still technical limitations, as well as high costs involved. Thomas Länger informed the participants that a SECOQC Demonstrator in the SIEMENS Optical Fiber Network will take place in Vienna in September 2008. Thomas Länger explained that standardization work on Quantum Cryptography is being undertaken on three levels: top-level interface (user interface), interfaces between macroscopic components of QC-network, and properties of quantum optical components. Finally, he informed that there are currently three initiatives globally to work on quantum technology. ETSI’s approach is to create an Industry Specification Group (ISG) to maintain European advantage in Quantum Cryptography, to co-ordinate efforts and to accelerate user adoption.

A Compact and High-Speed Cipher Suitable for Limited Resource Environment - Taizo Shirai - Researcher Sony Corp Taizo Shirai started his presentation with an overview of the cryptographic algorithms used in GSM and UMTS. He compared three of them: KASUMI, SNOW 3G and AES. In terms of security for Limited Resource Environments, KASUMI and SNOW 3G achieve a preferable HW profile for UMTS. Taizo Shirai explained some aspects of more restricted environments which require security (e.g. smart cards, RFID systems and health care systems). Taizo Shirai explained the generic requirements for Ciphers suitable for Limited Resource Environments. These are security, compact gate size, low power and high-speed. He highlighted the technical characteristics of CLEFIA, a new Sony compact and high–speed Block cipher, which is a solution suitable for Limited Resource Environments. CLEFIA’s design philosophy is significantly different from KASUMI, SNOW 3G and AES. However, all these algorithms may generate good diversity and hence may coexist. Finally, Taizo Shirai highlighted that although CLEFIA is a recent


22

cipher published in 2007, thorough evaluation efforts have already been done by experts.


23

Workshop Closure Charles Brookson closed the Workshop by thanking all speakers, participants and ETSI Secretariat support staff for their contributions towards a successful 3rd ETSI Security Workshop. He invited all participants to provide feedback with regards to this Workshop, and suggestions with regards to new topics for the next Security Workshop, as well as time distribution among the various topics. Charles Brookson reminded the participants to watch out for the call for contributions. Finally, Charles Brookson announced the dates of the next Security Workshop, which will be held at the ETSI premises, in Sophia Antipolis, France: 4th ETSI Security Workshop 13-14 January 2009