ATIS 0100010-2007 Security for Next Generation Networks - An End User Perspective.pdf

1、 ATIS-0100010 SECURITY FOR NEXT GENERATION NETWORKS - AN END USER PERSPECTIVE TECHNICAL REPORT The Alliance for Telecommunication Industry Solutions (ATIS) is a technical planning and standards development organization that is committed to rapidly developing and promoting technical and operations st

2、andards for the communications and related information technologies industry worldwide using a pragmatic, flexible and open approach. Over 1,100 participants from over 300 communications companies are active in ATIS 22 industry committees and its Incubator Solutions Program. Notice of Disclaimer or,

3、 when used in the context of authentication, provides an authentication that with high assurance can be asserted to be genuine, and that can not subsequently be refuted. 6.4 Audit Logging Audit logs are created to allow for the incident post-mortems and resulting investigation. They are also require

4、d to support repudiation services. For a detailed discussion on audit logging, see T1.276-2003 3. 6.5 Data Confidentiality and Privacy Additional security requirements are usually placed on the user plane due to the nature of IP traffic Requirements need to be based on the premise of achieving, at a

5、 minimum, the same level of security that would be provided by a legacy TDM system. In developing the analogy with the legacy system, consideration must be given to whether the user is trying to achieve a limited level of privacy for the session or requires a higher level of security that provides c

6、onfidentiality of the content. While users and enterprises often will express the need for security of the voice traffic or secure VoIP, they will not differentiate between confidentiality, privacy, and other security services. They will state their requirement as security or encryption. In the case

7、 of security of the user channel, when questioned, the user wants the same level of privacy that was present on a legacy system. Legacy systems offer no formal confidentiality mechanisms; they only offer a level of privacy implicit in their point-to-point local loop design. Confidentiality implies a

8、 degree of back traffic (i.e., stored encrypted traffic) protection - the encrypted traffic will resist brute force attack for specified number of years. Conversely, privacy does ATIS-0100010 8 not provide any degree of back traffic protection; it refers more to the rights of individuals and organiz

9、ations to control the collection, storage, and dissemination of their information or information about themselves. Unlike confidentiality, which has a weak legal definition, privacy is defined by the Organization for Economic Co-Operation and Development (OECD) . The European Union and numerous nati

10、onal laws. Care must be taken to ensure that those users security requirements are understood; whether they require confidentiality or they actually require privacy equivalent to a TDM network. The User-Network and Network-Network Interfaces will provide for both privacy enhancing technologies as we

11、ll as more formal confidentiality technologies based on the user requirement. These confidentiality technologies will meet FIPS 140-2 as discussed in 6.10; however, privacy-enhancing technologies will just provide various degrees of privacy protection. 6.5.1 Contrasting Data Confidentiality and Priv

12、acy Confidentiality is perhaps the most confusing term in the information security community. It is a: Label for data: “This document is confidential”; Security service: “Confidentiality is provided by cryptography”; or Security policy: “This information will be treated as confidential.” More formal

13、ly, the definition is given as assurance that information is not disclosed to unauthorized entities or processes. Many individuals when speaking about security are referring indirectly to confidentiality. They may also use the term encryption, or as discussed previously privacy. Strictly speaking, c

14、onfidentiality - with its requirement to protect the information long after the information interchange has completed is a limited requirement for the VoIP space. Most telephone calls are less than three (3) minutes in length, with a requirement for protection of the contents of the bearer path for

15、a very short duration. In these cases, the needed level of confidentiality can be provided by privacy-enhancing technologies instead of cryptography. Privacy and Data Confidentiality are terms often confused by the popular press and used as synonyms by some well-meaning technical documentation. It i

16、s proposed that in this context the definitions for privacy, as defined by the ATIS-0100523.2007, ATIS Telecom Glossary 2007, be used. ATIS-0100523.2007 8 defines privacy as: privacy: 1. In a communications system or network, the protection given to information to conceal it from unauthorized person

17、s having access to the system or network at large. Synonym segregation. 2. In a communications system, protection given to unclassified information, such as radio transmissions of law enforcement personnel, that requires safeguarding from unauthorized persons. 3. In a communications system, the prot

18、ection given to prevent unauthorized disclosure of the information in the system. Note 1: The required protection may be accomplished by various means, such as by communications security measures and by directives to operating personnel. Note 2: The limited protection given certain voice and data tr

19、ansmissions by commercial crypto equipment is sufficient to deter a casual listener, but cannot withstand a competent cryptanalytic attack. 4. The right of individuals to control or influence what information related to them may be collected and stored and by whom and to whom that information may be

20、 disclosed. ATIS-0100010 9 NOTE - Because this term relates to the right of individuals, it cannot be very precise and its use should be avoided except as a motivation for requiring security 7498-2. The term privacy enhancing technologies means by inference, technologies that limit surveillance. Sim

21、ilarly, the term data confidentiality mechanisms are technologies that provide for maintaining the confidentiality of data. It should be also noted that encryption is a data confidentiality mechanism, but it is not the only data confidentiality mechanism. Many times the term encryption is used collo

22、quially to refer to a broad class of data confidentiality mechanisms. The distinction must be made since new legislation requirements such as the Health Information Privacy and Portably Act (HIPPA) require both privacy enhancing technologies as well as data confidentiality mechanisms. 6.5.2 Data Con

23、fidentiality Requirements for the User Plane In order to achieve at least the same level of data confidentiality protection that is present in TDM systems, NGN must implement services which ensure data confidentiality. These mechanisms must ensure that the information in a Network system and transmi

24、tted information is accessible for reading or modification only by authorized parties. These confidentiality mechanisms must also provide an appropriate level of “back-traffic” (i.e., stored encrypted traffic) protection that will protect the information for the desired length of time. In order to v

25、alidate that the algorithm used is properly implemented, both the algorithm and its implementation must be FIPS 140-2 validated. 6.6 Data Integrity Data integrity is a requirement of the user plane. Integrity is often confused with confidentiality, as some levels of integrity can be provided indirec

26、tly with confidentiality. Integrity is a security feature that provides protection against undetected unauthorized modification of information. Integrity can provide assurance that given information has not been modified. Data integrity ensures that information held in a system is a proper represent

27、ation of the information intended, and has not been accidentally or maliciously altered or destroyed. A data integrity service can only detect a change and report it to an appropriate system entity. However, a system that offers data integrity service might also attempt to correct and recover from c

28、hanges. A close relationship between data integrity service and authentication services exists. Although data integrity service is defined separately from data origin authentication service and peer entity authentication service, it is closely related to them. Authentication services depend, by defi

29、nition, on companion data integrity services. Data origin authentication service provides verification that the identity of the original source of a received data unit is as claimed; there can be no such verification if the data unit has been altered. Peer entity authentication service provides veri

30、fication that the identity of a peer entity in a current association is as claimed; there can be no such verification if the claimed identity has been altered. 1 6.7 Availability Availability is a characteristic present both in reliability and information security. As an information security charact

31、eristic, availability ensures the computer, network, database, and information resources ATIS-0100010 10 will be available to authorized users when they need them. It is sometimes called timeliness of service, which is defined as the correct resource being made available within a prescribed length o

32、f time to a properly authorized and authenticated user. Availability from an information security perspective in VoIP space protects against attacks like denial of service (DoS) as well as helping ensure that critical calls get through (e.g., 9-1-1). Availability is also an important factor in overa

33、ll network performance. Availability is used to define the security services intended to assure that system assets are available, work promptly, and service is not denied to authorized parties. In the event of a security breach, disrupted operations must be restored in a timely manner. 6.8 Law Enfor

34、cement Access User plane security mechanisms such as confidentiality and privacy enhancing technologies introduce challenges in providing effective Law Enforcement Access (LEA). This section will discuss this issue, and present recommendations to ensure that the requirements of warranted access can

35、be met. In many nations worldwide, there is a requirement to provide effective LEA after due process is followed (warrant, etc.). Converged networks and VoIP introduces additional challenges for telecommunications equipment manufacturers and carriers to comply with these national requirements. Consi

36、deration must be given as to how to provide access when required by legal authority. When carrier-provided security services extend confidentiality to the handset, two options to achieve LEA exist, viz. 1. The key to decrypt the message traffic must be retrievable or provided along with the message

37、to law enforcement. 2. Decrypted traffic is provided directly to law enforcement. NOTE - When the customer terminals provide the encryption and the customer generates the encryption keys, the carrier is not in a position to make available the encryption keys to the law enforcement agency and can onl

38、y pass the encrypted data stream. The two preferred options for providing this decrypted traffic are: 1. All confidentiality mechanisms between the handset and the call server will be terminated at the call server. This allows the call server to forward the message traffic unencrypted to law enforce

39、ment personnel. To ensure that the traffic is protected beyond the call server, the call server may re-encrypt the data stream before forwarding. 2. The call server, when appropriately configured causes the phone to route all RTP traffic to both the call server and the called party. This allows the

40、call server to forward the message traffic unencrypted to law enforcement personnel. In the United States, in October 1994, the United States Congress took action to protect public safety and ensure national security by enacting the Communications Assistance for Law Enforcement Act of 1994 (CALEA),

41、Pub. L. No. 103-414, 108 Stat. 4279. The law further defines the existing statutory obligation of telecommunications carriers to assist Law Enforcement in executing electronic surveillance pursuant to court order or other lawful authorization. The objective of CALEA implementation is to preserve Law

42、 Enforcements ability to conduct lawfully-authorized electronic surveillance while preserving public safety, the publics right to privacy, and the telecommunications ATIS-0100010 11 industrys competitiveness. CALEA implementation responsibilities are delegated to the Federal Bureau of Investigation

43、by the Attorney General at 28 C.F.R. 0.85(o). Since its enactment, CALEA concepts have now been adopted by other nations, most notably Canada and the European Union. The applicability of CALEA to NGN VoIP Systems is currently under review by the United States Federal Communications Commission. Under

44、 a Notice of Proposed Rule Making (FCC Docket 97-213 Report and Order), the FCC is proposing extending CALEA to VoIP systems. 6.9 Cryptography 6.9.1 Algorithms The section will provide guidance regarding cryptographic algorithms, key length, cryptographic modes, and random number generators. This re

45、commendation will be based on the supporting the needs of the security mechanisms in providing the needed security functionality to secure the user plane. 6.9.1.1 AES The Advanced Encryption Standard (AES) is specified in FIPS-197. This standard specifies a FIPS-approved symmetric encryption algorit

46、hm that may be used by U.S. Government organizations (and others) to protect unclassified but sensitive information. The AES algorithm is a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. These different “flavors” are referre

47、d to as “AES-128”, “AES-192”, and “AES-256”. The modes of operation of AES are: Electronic Codebook Mode (ECB) Cipher Block Chaining Mode (CBC) Cipher Feedback Mode (CFB). CFB variants supported are: (CBF1, CBF8, CBF128), where the length of the data segment is s bit, s=1, s=8 or s=128) Output Feedb

48、ack Mode (OFB) Counter Mode (CM) Counter Mode of AES is Mandatory for SRTP. 6.9.1.2 ECC Elliptic Curve Cryptography (ECC) is a new method of performing public-key cryptography comparable to the existing RSA encryption algorithm. With ECC, an elliptic curve is defined over a certain field and then th

49、e elliptic curve discrete logarithm problem (ECDLP) is solved over this field. The main advantage of ECC as compared to other public-key algorithms is key size. An ECC key of 160-bits is roughly equivalent in security to a 1024-bit RSA key, and a 210-bit ECC key is roughly equivalent to a 2048-bit RSA. The smaller ECC key results in less computational overhead and a more efficient cryptosystem. NOTE - ECC and RSA are typically used in the key-management functions and peer-entity authentication, and not for encrypting bulk da