ImageVerifierCode 换一换
格式:PDF , 页数:26 ,大小:323.07KB ,
资源ID:737293      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-737293.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 187 009-2008 Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN) Feasibility study of prevention of unsolicited communication .pdf)为本站会员(explodesoak291)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 187 009-2008 Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN) Feasibility study of prevention of unsolicited communication .pdf

1、 ETSI TR 187 009 V2.1.1 (2008-07)Technical Report Telecommunications and Internet Converged Services andProtocols for Advanced Networking (TISPAN);Feasibility study of preventionof unsolicited communication in the NGNETSI ETSI TR 187 009 V2.1.1 (2008-07) 2 Reference DTR/TISPAN-07025-NGN-R2 Keywords

2、Regulation, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the p

3、resent document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In ca

4、se of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this a

5、nd other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authori

6、zed by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2008. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the b

7、enefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 187 009 V2.1.1 (2008-07) 3 Contents Intellectual Property Rights5 Foreword.5 1 Scope 6 2 References 6 2.1 Normative references .6 2.2 Informative refe

8、rences7 3 Abbreviations .8 4 General overview .9 5 Threat analysis for UC in the NGN10 5.1 UC attack configurations for basis of TVRA .10 5.1.1 Scenario 1: One-to-One UC10 5.1.2 Scenario 2: One-to-Many UC .11 5.1.3 Scenario 3: Many-to-One UC .11 5.1.4 Scenario 4: Many-to-Many UC 12 5.2 Attack vector

9、 of UC in NGN12 5.3 Risk assessment for UC in NGN 13 5.4 Objectives for the prevention of UC in NGN.13 5.5 Security requirements for prevention of UC in the NGN.14 5.5.1 Functional security requirements14 5.6 Prevention of UC in NGN countermeasure framework14 5.6.1 Existing solutions / countermeasur

10、es14 5.6.1.1 MCID - Malicious call identification 14 5.6.1.2 OIR - Originating Identification Restriction .15 5.6.1.3 ACR - Anonymous Communication Rejection and ICB - Incoming Communication Barring 15 5.7 System management requirements .15 5.7.1 User requirements.15 5.7.2 Architectural requirements

11、16 6 Feasibility of providing UC prevention in the NGN16 6.1 Identifying UC16 6.2 Marking UC17 6.3 Reacting to UC .17 6.4 Architectural impact .17 6.4.1 Technical impact.17 6.4.1.1 User Interaction.17 6.4.2 Identifying and marking UC .17 6.4.3 Handling Essential, or potentially Essential, IPRs notif

12、ied to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can

13、 be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Telecommunications and Inter

14、net converged Services and Protocols for Advanced Networking (TISPAN). ETSI ETSI TR 187 009 V2.1.1 (2008-07) 6 1 Scope The present document seeks to determine if UC is a risk to the NGN user or to the NGN Operator (a CSP using NGN technology to provide services). The present document offers justific

15、ation for UC countermeasures by presenting the results of a Threat Vulnerability and Risk Analysis (TVRA) that quantifies the likelihood and impact of UC in the NGN where UC is initiated in a variety of forms described using a number of scenarios for illustration. The present document defines the te

16、rm unsolicited communication in the context of the NGN. Where risk is shown from UC in the NGN the present document considers means to mitigate the risk using metrics of applicability, effectiveness and architectural instantiation. NOTE: Whilst this document is a technical report it identifies requi

17、rements for future work. In all cases these requirements are considered indicative pending their ratification in formal ETSI Technical Specifications within the TISPAN Work Programme. 2 References References are either specific (identified by date of publication and/or edition number or version numb

18、er) or non-specific. For a specific reference, subsequent revisions do not apply. Non-specific reference may be made only to a complete document or a part thereof and only in the following cases: - if it is accepted that it will be possible to use all future changes of the referenced document for th

19、e purposes of the referring document; - for informative references. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. For online referenced documents, information sufficient to identify and locate the source

20、shall be provided. Preferably, the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the method of access to the referenced

21、 document and the full network address, with the same punctuation and use of upper case and lower case letters. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced d

22、ocuments are indispensable for the application of the present document. For dated references, only the edition cited applies. For non-specific references, the latest edition of the referenced document (including any amendments) applies. Not applicable. ETSI ETSI TR 187 009 V2.1.1 (2008-07) 7 2.2 Inf

23、ormative references The following referenced documents are not essential to the use of the present document but they assist the user with regard to a particular subject area. For non-specific references, the latest version of the referenced document (including any amendments) applies. i.1 OMA-RD-CBC

24、S-V1-0-20060711-C: “Categorization Based Content Screening Framework Requirements“. i.2 OMA-AD-CBCS-V1-0-20060828-D: “Categorization-based Content Screening Framework Architecture“. i.3 IETF RFC 5039: “The Session Initiation Protocol (SIP) and Spam“. i.4 ETSI TS 183 011: “Telecommunications and Inte

25、rnet converged Services and Protocols for Advanced Networking (TISPAN); PSTN/ISDN simulation services: Anonymous Communication Rejection (ACR) and Communication Barring (CB); Protocol specification“. i.5 ETSI ETS 300 128: “Integrated Services Digital Network (ISDN); Malicious Call Identification (MC

26、ID) supplementary service; Service description“. i.6 ETSI TS 183 016: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); PSTN/ISDN simulation services; Malicious Communication Identification (MCID); Protocol Specification“. i.7 ETSI TS 183 007 (V2.0.0

27、): “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); PSTN/ISDN simulation services; Originating Identification Presentation (OIP) and Originating Identification Restriction (OIR); Protocol specification“. i.8 Directive 2002/20/EC of the European Parl

28、iament and of the Council of 7 March 2002 on the authorisation of electronic communications networks and services. i.9 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communi

29、cations sector (Directive on privacy and electronic communications - OJ L 201, 31.07.2002). i.10 ETSI TS 102 165-1: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability A

30、nalysis“. i.11 ETSI TR 187 010: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Security; Report on issues related to security in identity imanagement and their resolution in the NGN“. i.12 ETSI TR 187 011: “Telecommunications and Internet conv

31、erged Services and Protocols for Advanced Networking (TISPAN); NGN Security; Application of ISO-15408-2 requirements to ETSI standards - guide, method and application with examples“. i.13 IETF draft-niccolini-sipping-spitstop: “Signalling TO Prevent SPIT (SPITSTOP) Reference Scenario“. i.14 IETF dra

32、ft-niccolini-sipping-feedback-spit: “SIP Extensions for SPIT identification“. i.15 IETF draft-jung-sipping-authentication-spit: “Authentication between the Inbound Proxy and the UAS for Protecting SPIT in the Session Initiation Protocol (SIP)“. i.16 IETF draft-schwartz-sipping-spit-saml: “SPAM for I

33、nternet Telephony (SPIT) Prevention using the Security Assertion Markup Language (SAML)“. i.17 IETF draft-froment-sipping-spit-authz-policies: “Authorization Policies for Preventing SPIT“. i.18 ISO/IEC 15408-2: “Information technology - Security techniques - Evaluation criteria for IT security - Par

34、t 2: Security functional requirements“. ETSI ETSI TR 187 009 V2.1.1 (2008-07) 8 i.19 ETSI TS 186 006-1: “Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN); Originating Identification Presentation (OIP) and Originating Identification Restriction (OIR);

35、Part 1: Protocol Implementation Conformance Statement (PICS)“. i.20 ETSI EN 300 798: “Digital Audio Broadcasting (DAB); Distribution interfaces; Digital baseband In-phase and Quadrature (DIQ) interface“. i.21 ETSI TR 141 031: “Digital cellular telecommunications system (Phase 2+); Fraud Information

36、Gathering System (FIGS); Service requirements; Stage 0 (3GPP TR 41.031 version 6.0.0 Release 7)“. i.22 ETSI TS 122 031: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Fraud Information Gathering System (FIGS); Service description; Stage 1 (

37、3GPP TS 22.031 version 6.0.0 Release 7)“. i.23 ETSI TS 123 031: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Fraud Information Gathering System (FIGS); Service description; Stage 2 (3GPP TS 23.031 version 6.0.0 Release 7)“. i.24 ITU-T Rec

38、ommendation X.1244 (former X.ocsip): “Overview of countering SPAM for IP multimedia application“. i.25 ITU-T Recommendation X.fcsip: “Technical Framework of Countering IP Multimedia SPAM“. i.26 ITU-T Recommendation X.1231: (former X.csreq) - “Requirement on countering SPAM“. i.27 3GPP TR ab.cde draf

39、t: “Group Services and System Aspects; Protection against SMS, MMS and IMS SPAM; Study of Different SPAM Protection Mechanisms. Release 8.“. NOTE: This work item was never be finalized, for references please have a look at: square4 3GPP,“Protection against SMS and MMS spam“, SP-060446, SA#32; square

40、4 Orange, “Consumer protection against spam and malware“, S3-060331, Athens, April 2006; square4 Nokia, “Anti-spam work in OMA and IETF“, S3060504, 3GPP S3#44, Talinn, July 2006; square4 Orange, “Spam Flagging using In-band Signaling in Mobile and Broadband Networks“, S3-070094 TSGS3#46 Beijing 2007

41、. i.28 ETSI SR 002 211: “Electronic communications networks and services; Candidate list of standards and/or specifications in accordance with Article 17 of Directive 2002/21/EC“. 3 Abbreviations For the purposes of the present document, the following abbreviations apply: ACR Anonymous Communication

42、 Rejection CAMEL Customized Applications for Mobile network Enhanced Logic CBCS Categorization Based Content Screening CSP Communications Service Provider DAB Digital Audio Broadcasting DIQ Digital baseband In-phase and Quadrature interface DoS Denial of Service FIGS Fraud Information Gathering Syst

43、em gsmSCF GSM Service Control Function gsmSSF GSM Service Switching Function HPLMN Home Public Land Mobile Network ICAP Internet Content Adaptation Protocol ICB Incoming Communication Barring IDD International Direct Dialling IETF Internet Engineering Task Force IP Internet Protcol ETSI ETSI TR 187

44、009 V2.1.1 (2008-07) 9 ISDN Integrated Services Digital Network IST Immediate Service TerminationITU International Telecommunication Unit MCID Malicious Call Identification NGN Next Generation Network ODB Operator Determined Barring OIP Originating Identification Presentation OIR Originating Identif

45、ication Restriction OMA Open Mobile Alliance PICS Protocol Implementation Conformance Statement PSTN Public Switched Telecommunications Network SAML Security Assertion Markup Language SIP Session Initiation Protocol SIPPING Session Initiation Proposal Investigation SPIT SPAM over Internet Telephony

46、TAP Transferred Account Procedure TVRA Threat Vulnerability and Risk Analysis UC Unsolicited Communication UE User Equipment UMTS Universal Mobile telecommunication System VPLMN Visited Public Land Mobile Network WG Working Group 4 General overview In the email environment the instance of SPAM, the

47、common name used to refer to bulk Unsolicited Communication (UC) where the benefit is weighted in favour of the sender, has proliferated in recent years. SPAM is recognized as a problem and is regulated against, at least in part, in the context of the Privacy Directive 2002/58/EC i.9, specifically i

48、n article 13. However, as has been noted in SR 002 211 i.28: “Whilst proprietary technical means exist to assist algorithms that identify and filter spam emails, the legal framework for application of such means in face of processing error is uncertain. Article 13 supports the legal instruments unde

49、r which spammers may be prosecuted but does not seem to imply technical provision.“ As the NGN moves towards adoption of similar protocols for signalling and transport as used in email applications and services, there is a threat that similar UC phenomena will migrate to the NGN and may escalate in severity. NOTE 1: UC existed in the pre-NGN PSTN/ISDN and treatment of such calls when characterized as either nuisance or malicious calls has been well documented and is not repeated in the present document. In order

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1