ImageVerifierCode 换一换
格式:PDF , 页数:36 ,大小:216.87KB ,
资源ID:727651      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-727651.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI EG 202 549-2006 Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) Design Guide Application of security countermeasures to servi.pdf)为本站会员(花仙子)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI EG 202 549-2006 Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) Design Guide Application of security countermeasures to servi.pdf

1、 ETSI EG 202 549 V1.1.1 (2006-12)ETSI Guide Telecommunications and Internet converged Services andProtocols for Advanced Networking (TISPAN);Design Guide;Application of security countermeasuresto service capabilitiesETSI ETSI EG 202 549 V1.1.1 (2006-12) 2 Reference DEG/TISPAN-07004-Tech Keywords int

2、ernet, IP, protocol, security, service, VoIP ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice In

3、dividual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Docu

4、ment Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the

5、current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be repr

6、oduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2006. All rights reserved. DECTTM, PLUGTESTSTM and UMTSTM are Trade Marks of ETSI registered for the benefit of its Memb

7、ers. TIPHONTMand the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI EG 202 549 V1.1.1 (2006-12) 3 Contents Intellectual Property

8、 Rights5 Foreword.5 Introduction 5 1 Scope 7 2 References 7 3 Definitions and abbreviations.9 3.1 Definitions9 3.2 Abbreviations .9 4 Service capabilities as building blocks in the NGN .10 4.1 General .10 4.2 Security requirements with respect to service capabilities .11 4.3 Service capability desig

9、n considerations12 4.3.1 General model.12 4.3.2 Security countermeasures .14 5 Security analysis of NGN service capabilities .15 5.1 Introduction 15 5.2 Service capabilities.17 5.2.1 Service capability data model .17 5.2.2 Service capability model.20 5.3 Formal statement of security requirements.21

10、5.3.1 Identification and authentication.21 5.3.2 Integrity of data.21 6 Consideration of Common Criteria Composition class22 6.1 Composition assurance classes.22 6.1.1 CAP-A: Structurally composed 22 6.1.2 CAP-B: Methodically composed 22 6.1.3 CAP-C: Methodically composed, tested and reviewed.23 6.2

11、 Class description 23 6.3 Implications for the standardization process 23 6.4 Families and components .24 6.4.1 Composition class evaluation levels .24 6.4.2 Composition rationale family (ACO_COR) .24 6.4.3 Development evidence family (ACO_DEV) 24 6.4.3.1 Functional description (ACO_DEV.1)24 6.4.3.2

12、 Basic evidence of design (ACO_DEV.2)25 6.4.3.3 Detailed evidence of design (ACO_DEV.3) .25 6.4.4 Reliance of dependent component family (ACO_REL) .25 6.4.4.1 Basic reliance information (ACO_REL.1)25 6.4.4.2 Reliance information (ACO_REL.2) 26 6.4.4.3 Detailed reliance information (ACO_REL.3) .26 6.

13、4.5 Base TOE testing 26 6.4.5.1 Interface testing (ACO_TBT.1) 26 6.4.6 Composition vulnerability analysis.26 6.4.6.1 Composition vulnerability review (ACO_VUL.1)26 6.4.6.2 Composition vulnerability analysis (ACO_VUL.2)27 6.4.6.3 Extended basic composition vulnerability analysis (ACO_VUL.3)27 Annex A

14、 (informative): Use of Cryptographic techniques .28 A.1 Introduction 28 A.2 Key management overview28 ETSI ETSI EG 202 549 V1.1.1 (2006-12) 4 A.3 Symmetric key management 29 A.3.1 Overview 29 A.3.2 Key expiry29 A.4 Asymmetric key management30 A.4.1 Overview 30 A.4.2 Certificate generation .30 A.4.3

15、Certificate revocation .30 A.4.4 Certificate extension.31 A.4.5 Certification authority 31 A.5 Manual and automatic key management 31 A.5.1 Manual key management31 A.5.2 Automatic key management.31 A.5.3 Key exchange algorithms and protocols.32 A.5.3.1 Ellis and non-secret cryptography 32 A.5.3.2 Di

16、ffie-Hellman algorithm .32 A.5.3.3 Internet Key Exchange32 A.6 Restrictions on use of cryptographic techniques34 Annex B (informative): Bibliography.35 History 36 ETSI ETSI EG 202 549 V1.1.1 (2006-12) 5 Intellectual Property Rights IPRs essential or potentially essential to the present document may

17、have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI sta

18、ndards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of o

19、ther IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This ETSI Guide (EG) has been produced by ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for

20、 Advanced Networking (TISPAN). Introduction The present document is one of a set of documents that addresses standardization of security protocols and mechanisms within the context of the eEurope 2005 programme. The suite of documents in this suite is composed as follows: EG 202 387: “Telecommunicat

21、ions and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method for application of Common Criteria to ETSI deliverables“. ES 202 383: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design

22、 Guide; Method and proforma for defining Security Targets“. ES 202 382: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Protection Profiles“. TS 102 165-1: “Telecommunications and Internet con

23、verged Services and Protocols for Advanced Networking (TISPAN); Protocol Framework Definition; Methods and Protocols for Security; Part 1: Threat Analysis“. TS 102 165-2: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Protocol Framework Definition

24、; Methods and Protocols for Security; Part 2: Counter Measures“. DTS/TISPAN-07008-Tech: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Protocol Framework Definition; Protection Profile“. EG 202 549: “Telecommunications and Internet converged Servi

25、ces and Protocols for Advanced Networking (TISPAN); Design Guide; Application of security countermeasures to service capabilities“. These documents are developed based on the objectives of the eEurope programme and are also developed to ensure they comply with the overall objectives of the European

26、regulatory framework as defined in the following documents: Directive 2002/19/EC of the European Parliament and of the council of 7 March 2002 on access to, and interconnection of, electronic communications networks and associated facilities (Access Directive). Directive 2002/20/EC of the European P

27、arliament and of the council of 7 March 2002 on the authorisation of electronic communications networks and services (Authorisation Directive). Directive 2002/21/EC of the European Parliament and of the council of 7 March 2002 on a common regulatory framework for electronic communications networks a

28、nd services (Framework Directive). Directive 2002/22/EC of the European Parliament and of the council of 7 March 2002 on universal service and users rights relating to electronic communications networks and services (Universal Service Directive). ETSI ETSI EG 202 549 V1.1.1 (2006-12) 6 Directive 200

29、2/58/EC of the European Parliament and of the council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). In particular the present document forms part of the standardiz

30、ation initiative for the Next Generation Network (NGN) platform to be used in eEurope and upon which the trust and viability of the e-enabled community will, to a very large part, depend on. The eEurope 2005 action plan has been drawn up to focus on “the widespread availability and use of broadband

31、networks throughout the Union and the security of networks and information, eGovernment, eHealth and eBusiness“ requiring a supporting infrastructure, which is truly pan-European. To quote COM(2002)263: “By 2005 Europe should have a secure information infrastructure“. ETSI ETSI EG 202 549 V1.1.1 (20

32、06-12) 7 1 Scope The present document gives guidance on the application of security countermeasures to service capabilities. It covers the construction of services from service capabilities and how a security evaluation of a service capability should be performed. The present document examines and g

33、ives guidance on the use of the Composition assurance class defined by the Common Criteria working group in order to be able to answer the question: “if components A and B are evaluated as having security ratings X and Y what is the security rating that can be assigned to the combination of A and B?

34、“ The present document builds on the guidance to the Common Criteria for Information Technology Security Evaluation given in EG 202 387 3 with a particular view to assessing the security of the NGN. In the NGN context, where services are not explicitly defined but are made from combining service cap

35、abilities, the present document gives guidance on the means to apply effective security to both service capabilities in isolation, and to service capabilities in combination. The guidance reviews the service capability model in clause 4 and examines the requirements for security arising from the ser

36、vice capability requirements defined for NGN-R1 in clause 5. The analysed security requirements are presented in the form of ISO/IEC 15408-2 17 functional models. Clause 6 presents a review of the Common Criteria Composition assurance class and describes its impact on the ETSI standardization proces

37、s. Annex A reviews the use of cryptographic techniques in the NGN. A number of assumptions of the design of NGN for security analysis to take place are made on the NGN development process. The assumption in the present document is that the NGN has been developed using top-down decomposition of the s

38、pecification, using techniques of planned validation of the specification, with careful recording of design decisions and validation results. 2 References The following documents contain provisions which, through reference in this text, constitute provisions of the present document. References are e

39、ither specific (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies. Referenced documents which are not found to be publicly available in the

40、expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 1 ETSI TR 181 004: “Telecommunications and Internet converged Services and Protocols for Advan

41、ced Networking (TISPAN); NGN Generic capabilities and their use to develop services“. 2 ETSI TR 181 003: “Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN); Services capabilities, requirements and strategic direction for NGN services “. 3 ETSI EG 202 3

42、87: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method for application of Common Criteria to ETSI deliverables“. 4 ETSI TS 102 165-1 (2003): “Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) R

43、elease 4; Protocol Framework Definition; Methods and Protocols for Security; Part 1: Threat Analysis“. ETSI ETSI EG 202 549 V1.1.1 (2006-12) 8 5 ETSI TS 102 165-2 (2003) “Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4; Protocol Framework Definition; Methods a

44、nd Protocols for Security; Part 2: Counter Measures“. 6 ETSI TS 133 210: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); 3G security; Network Domain Security (NDS); IP network layer security (3GPP TS 33.210 version 7.0.0 Release 7)“. 7 ETSI

45、TS 133 203 (V7.0.0): “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); 3G security; Access security for IP-based services (3GPP TS 33.203 version 7.0.0 Release 7)“. 8 ETSI TR 101 878: “Telecommunications and Internet Protocol Harmonization Ove

46、r Networks (TIPHON) Release 5; Service Capability Definition; Service Capabilities for a Multi Media Call“. 9 ETSI TR 101 882 (V5.1.1): “Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 5; Protocol Framework Definition and Interface Requirement Definition; Genera

47、l“. 10 ETSI EG 202 238: “Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON); Evaluation criteria for cryptographic algorithms“. 11 ETSI EG 202 107: “Methods for Testing and Specification (MTS); Planning for validation and testing in the standards-making process“. 12 ETSI E

48、G 201 015: “Methods for Testing and Specification (MTS); Specification of protocols and services; Validation methodology for standards using Specification and Description Language (SDL); Handbook“. 13 ETSI ETR 184: “Methods for Testing and Specification (MTS); Overview of validation techniques for E

49、uropean Telecommunication Standards (ETSs) containing SDL“. 14 ITU-T Recommendation X.509: “Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks“. 15 ITU-T Recommendation I.130: “Method for the characterization of telecommunication services supported by an ISDN and network capabilities of an ISDN“. 16 ITU-T Recommendation I.210: “Principles of telecommunication services supported by an ISDN and the means to describe them“. 17 ISO/IEC 15408-2

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1