ImageVerifierCode 换一换
格式:PDF , 页数:13 ,大小:498.15KB ,
资源ID:737308      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-737308.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 187 019-2011 Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) Feasibility Study of Security of NGN Interconnection at the N.pdf)为本站会员(visitstep340)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 187 019-2011 Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) Feasibility Study of Security of NGN Interconnection at the N.pdf

1、 ETSI TR 187 019 V3.1.1 (2011-02)Technical Report Telecommunications and Internet converged Services andProtocols for Advanced Networking (TISPAN);Feasibility Study of Security of NGNInterconnection at the NNI for Release 3;Interconnection securityETSI ETSI TR 187 019 V3.1.1 (2011-02) 2Reference DTR

2、/TISPAN-07043-NGN-R3 Keywords interworking, IP, NNI, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Im

3、portant notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is

4、the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. In

5、formation on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No

6、 part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are

7、 Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partn

8、ers. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 187 019 V3.1.1 (2011-02) 3Contents Intellectual Property Rights 4g3Foreword . 4g31 Scope 5g32 References 5g32.1 Normative references . 5g32.2 Informative references 5g33 Abbreviations . 6g34 Main inte

9、rconnection use cases 7g34.1 TISPAN Interconnection scenarios 7g34.2 Main NNI scenarios relevant for security consideration 7g34.2.1 Direct SoIx 7g35 NGN Reference points and current security mechanisms 8 g3History 13g3ETSI ETSI TR 187 019 V3.1.1 (2011-02) 4Intellectual Property Rights IPRs essentia

10、l or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially

11、Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by E

12、TSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Telecom

13、munications and Internet converged Services and Protocols for Advanced Networking (TISPAN). ETSI ETSI TR 187 019 V3.1.1 (2011-02) 51 Scope The present document addresses issues related to interoperator NNI interface interconnection. Security issues on NNI interconnections between the different subsy

14、stems of the NGN will also be addressed. The present document will identify the impact on 3GPP and TISPAN specifications. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited v

15、ersion applies. For non-specific references, the latest version of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks inclu

16、ded in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references The following referenced document

17、s are not necessary for the application of the present document but they assist the user with regard to a particular subject area. i.1 ETSI TS 187 001: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN SECurity (SEC); Requirements“. i.2 ETSI TS 1

18、87 003: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Security; Security Architecture“. i.3 ETSI TS 187 005: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Release 2 Lawful Interception

19、; Stage 1 and Stage 2 definition“. i.4 ETSI TR 187 009: “Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN); Feasibility study of prevention of unsolicited communication in the NGN“. i.5 ETSI TS 133 210: “Digital cellular telecommunications system (Phas

20、e 2+); Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Network Domain Security (NDS); IP network layer security (3GPP TS 33.210)“. i.6 ETSI ES 282 001: “Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN); NGN Functional Architecture

21、“. i.7 ETSI TS 181 005: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Service and Capability Requirements“. i.8 ETSI TR 184 008: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Infrastructure EN

22、UM Options for a TISPAN IPX“. i.9 IETF RFC 2246 (1999): “Transport Layer Security version 1.0“. ETSI ETSI TR 187 019 V3.1.1 (2011-02) 6i.10 ETSI TS 133 203: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; 3G security; Access security fo

23、r IP-based services (3GPP TS 33.203)“.“. i.11 ETSI TS 133 310: “Universal Mobile Telecommunications System (UMTS); LTE; Network Domain Security (NDS); Authentication Framework (AF) (3GPP TS 33.310)“.“. i.12 ETSI TS 124 229: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Tel

24、ecommunications System (UMTS); LTE; IP multimedia call control protocol based on Session Initiation Protocol (SIP) and Session Description Protocol (SDP); Stage 3 (3GPP TS 24.229)“. i.13 ETSI TR 187 008: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPA

25、N); NAT traversal feasibility study report“. i.14 ETSI TR 187 007: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Feasibility study on Media Security in TISPAN NGN“. i.15 ETSI TS 133 328: “Universal Mobile Telecommunications System (UMTS); LTE; IP

26、 Multimedia Subsystem (IMS) media plane security (3GPP TS 33.328)“.“. i.16 ETSI TR 187 015: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Specifications for PUC (Prevention of Unsolicited Communication) in the NGN“. i.17 ETSI TS 133 220: “Digital

27、 cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Generic Authentication Architecture (GAA); Generic Bootstrapping Architecture (GBA) (3GPP TS 33.220)“. i.18 IETF RFC 3261: “SIP: Session Initiation Protocol“. 3 Abbreviations For the purposes of t

28、he present document, the following abbreviations apply: 3G 3rd Generation 3GPP 3rd Generation Partnership Project AS Application Server CoIx Connectivity oriented Interconnection CSCF Call Session Control Function DoS Denial-of-Service I-BGF Interconnect Border Gateway Function ID IDentity IKE Inter

29、net Key Exchange IMS IP Multimedia Subsystem IP Internet Protocol IPSEC Internet Protocol Security IT Information Technology IWF Inter-Working Function NAF operator controlled Network Application Function NAPT Network Address and Port Translations NASS Network Access SubSystem NAT Network Address Tr

30、anslation NDS Network Domain Security NGN Next Generation Network NNI Network to Network Interface PES PSTN/ISDN Emulation Subsystem RACS Resource Admission Control Subsystem SBC Session Border Controller SEGF SEcurity Gateway Functions SIP Session Initiation Protocol SoIx Service oriented Interconn

31、ection THIG Topology-Hiding Inter-network Gateway ETSI ETSI TR 187 019 V3.1.1 (2011-02) 7TISPAN Telecommunication and Internet converged Services and Protocols for Advanced Networking TLS Transport Layer Security TS Technical Specification UMTS Universal Mobile Telecommunication System UNI User to N

32、etwork Interface 4 Main interconnection use cases This clause contains the main interconnection use cases to take into consideration for the security analysis of the present document. The scope of the clause is to list the already defined interconnection scenarios, without defining new ones. 4.1 TIS

33、PAN Interconnection scenarios The ES 282 001 NGN Functional Architecture i.6 describes all the NGN interconnection scenarios relevant for the TISPAN context. The NNI interconnection scenarios have been divided taking into account the layer involved. Currently the following categories have been defin

34、ed: Interconnection at the transport layer: - Interconnection at NASS level; - Interconnection ad RACS level; - NGN Interconnection could also occur with other PSTN/ISDN networks (non IP networks). This kind of interconnection can be considered as an inter-working scenario between NGN with legacy ne

35、tworks and as such already covered by other specifications. Interconnection at the Service layer (PES, IPTV and IMS are the current service layer subsystems). Moreover, all kind of NGN interconnections can be recognized as one of the following types: Service Oriented Interconnection (SoIx), characte

36、rized by the presence of the service-related signalling (mandatory) in order to enable the end-to-end service awareness; and Connection oriented Interconnection (CoIx) that characterized by the absence of the service-related signalling. This implies that there is no service awareness in CoIx Interco

37、nnection. Finally Both SoIx and CoIx can also be “direct interconnection“, which refers to the interconnection between two network domains without any intermediate network domain, or “indirect interconnection“, where interconnection between two network domains is achieved by means of one or more int

38、ermediate network domain(s) acting as transit networks. The intermediate network domain(s) provide(s) transit functionality to the two other network domains. 4.2 Main NNI scenarios relevant for security consideration The following clauses describe the main use cases related to the TISPAN NGN NNI int

39、erconnection. Only the scenarios described in this clause will be taken into consideration for the scope of the present document. 4.2.1 Direct SoIx The direct SoIx i.6 foresees the communication of signalling (mandatory) and bearer (optional) directly between two operators without any intermediary.

40、Figure 1 shows the SoIX reference model and shows the relevant reference point involved (i.e. Ic or Iw and Iz) in the interconnection between two different operators. The red ovals highlight the two kind of SoIX, one related to the Ic and the other to the Iw reference point (the Iz reference point c

41、ould be missing since it is optional in the SoIx): SoIx Interconnection interface includes at least Ic and Iz reference points between two interconnected domains that have same or compatible service control sub systems/domains. ETSI ETSI TR 187 019 V3.1.1 (2011-02) 8 SoIx Interconnection interface w

42、ith Interworking includes at least the Iw and Iz reference points between two interconnected domains that have non-compatible service control sub systems/domains. IcMedia FlowsI-BGFRACSNon-compatibleControl domainIwIzTransport LayerService LayerIzService ControlSubsystemIWFCompatibleControl domainFi

43、gure 1: SoIx reference model TS 181 005 (V2.4.1) i.7 “Service and Capability Requirements“ reports the security requirements that SoIx addresses: Lawful interception. Support of appropriate privacy. Support of authorization. Support of authentication and access control. Support of communications and

44、 data security (including integrity and confidentiality). Support of DoS protection. 5 NGN Reference points and current security mechanisms This clause contains a review of the main aspects that have been defined in the current specification for the security of the NGN NNI interconnection. Since the

45、re is not a single point of reference, the present clause tries to identify the most relevant items where described, and tries to give an overall picture of the matter. 5.1 TISPAN NNI interconnection security review The main security mechanisms and concepts defined in the current TISPAN specs (NGN r

46、elease 2) related to the security of the NNI are the following: Security Domain i.1 and i.2. Security Gateway Function (SEGF) i.1 and i.2. Main reference points defined at NNI level: Za, Zb, Ic, Iw and Iz i.2. Topology-Hiding Inter-network Gateway (THIG) i.1 and i.2. ETSI ETSI TR 187 019 V3.1.1 (201

47、1-02) 9 Lawful Interception i.3. Prevention of unsolicited communication i.4, although no specific NNI interconnection analysis has been preformed. NAT and firewall traversal i.13, that have been analyzed only from the UNI point of view. The SEGF could be seen as the most relevant security element i

48、nvolved in the interconnection of NGN at NNI. The SEGF concept is endorsed from the TS 133 210 i.5 but the TISPAN SEGFs may include filtering policies and firewall functionality not required by 3GPP. The SEGFs within each security domain protect the exposed interfaces between operators and ensure th

49、at a security policy among security domains is enforced (currently such a inter security domain policy is not standardized and is left to the discretion of the roaming agreements of the operators). The outbound NGN traffic from an operator cannot by pass the SEGF and NGN operators operate NDS/IP Za interface between SEGFs (which foresees the usage of IKE and IPSEC ESP tunnel). The reference points involved in the interconnection between different Operators and protected by the

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1