1、T/SF 56 E Page 1 Recornmendation T/SF 56 (Copenhagen 1987) SERVICES AND FACILITIES FOR INFORMATION SECURITY IN VISUAL TELEMATTC SERVICES Recommendation proposed by Working Group T/WG 7 “Services and facilities” (SF) Text of the Recommendation ndopted by “Telecommunicatioits” Commission ; “The Europe
2、an Conference of Posts and Telecommunications Administrations, considering 1. several teleconferencing services are being harmonised by CEPT, in which real-time, or quasi-real-time visual telematic services are provided between two or more terminals, 2. visual telematic services are a useful alterna
3、tive to face-to-face meetings, but that business customers will be reluctant to use the service unless confidentiality can be assured, 3. revenue potential will be maximised if the level of security of visual telematic services is perceived to be acceptable to customers of the Administrations, 4. se
4、rvices and facilities for information security in visual telematic services may be provided in several different ways, according both to local circumstance, and to the organisation of the networks that support the service, 5. visual telematic services conforming to the CEPT Recommendation for securi
5、ty may have an operational requirement to intenvork with non-conforming terminals, or with terminals operated by Administrations outside CEPT, 6. information condentiality and key-management comprise the set of security supplementary services that have the greatest economic justification in visual t
6、elematic services, 7. the options for information confidentiality currently being considered by CEPT Administrations, and available to CEPT technical groups (as notified on 1987-05-06) are: The American Data Encryption Standard; The GRETAG psivacy system and the B-CRYPT system, 8. the options for ke
7、y-management available to CEPT technical groups are: Manual exchange of secret key; Bilateral master key protocols; Stand-alone number-theoretic systems; and a visual services derivative of CCITT X.ds7 Public directory number-theoretic key-management system, O recommends that 1. the following guide
8、is adopted for the further detailed study of the optional information security supplementary services for visual telematic services, 2. three network service security options have currently been identified, which can be used by Administrations at their discretion, in which: 2.1. for a minimum cost s
9、olution, the security supplementary services may be implemented between the network nodes supporting the visual telematic services so as to provide protection to those parts of the route of the bearer network that are most exposed to monitoring or attack, 2.2. at a higher cost than 2.1., the securit
10、y supplementary services may be provided on an end-to-end basis, thus protecting the local network part of the visual telematic service route, as well as the inter-nodal network, 2.3. in order to provide a harmonised procedure for dealing with non-conforming terminals, an interworking capability may
11、 provide facilities for secure visual telematic services by means of a relay node or gateway, offering conversion facilities for visual telematic services deploying differing security parameters, O Edition of January 15, 1988 T/SF 56 E Page 2 _I- CEPT T/SF*Sb*E 87 - 2326414 0009451 O - 3. there shou
12、ld be compatibility between terminals of the visual telematic services that have invoked the same set 4. direct inter-communication should be possible between terminals arranged in different network security topologies 5. the method/system of information confidentiality should ensure that for visual
13、 telematic services: of security supplementary services, of clause 2. of this Recommendation, 51, the method/system is available to customers of all CEPT Administrations without restriction, and should be 5.2. the cost is reasonable compared to the functionality offered, 6. subject to bilateral agre
14、ement between the Administrations participating in the visual telematic service, any other arrangement may be used for confidentiality and interworking with terminals conforming to the CEPT Recom- mendations for confidentiality effected by means of the conversion facility described in clause 2.3. of
15、 this Recommendation, 7. manual exchange of secret keys is adopted, pending Recommendations from CCITT on systems that can be used for key-management .” multi-sourced, Edition of January 15, 1988 CEPT T/SF*5b*E 87 2326414 OOOLl52 2 W _ 1. 2. e 2.1. 2.2. 2.3. T/SF 56 E Page 3 Annex THE VISUAL TELEMAT
16、IC SERVICES MARKET Several teleconferencing services are being harmonised by CEPT in which real-time, or quasi-real-time visual services, sometimes accompanied by speech, text or graphic services, are provided between two or more terminals by means of high-speed bearer services. Market surveys in se
17、veral countries indicate that these visual telematic services are a useful alternative to face-to-face meetings, but that business customers are reluctant to use the service unless confidentiality can be assured to a level commensurate with commercial practice. Therefore CEPT is recommending a reper
18、toire of supplementary services for information security in visual telematic services that are appropriate and acceptable to its Administrations for protecting inter-European visual telematic services. The Security of other telematic services that may be used in conjunction with visual services, for
19、 example, speech (if not part of the implementation of the visual telematic service), Teletex and graphic services, facsimile and telewriting, are addressed in separate CEPT-SF Recommendations for the security of each individual telematic service. NETWORK SECURE SERVICE OPTIONS The services and faci
20、lities for information security in visual telematic services may be provided in several different ways according to the organisation of the networks that support the service. The choice of security options, as represented by the network secure service options described in 2.1. to 2.3., will be deter
21、mined by each Administration taking cognisance of local circumstance, the compromise between the requirements of the customer, the threats to the network and the cost of the various options. However, regardless of which nehvork security topology is chosen, the security framework for international vi
22、sual telematic services should enable: (a) complete compatibility behveen terminals of the visual telematic services terminals that have invoked (b) the ability to intercommunicate directly between terminals arranged in different network security the same set of security supplementary services, topo
23、logies. Inter-nodal protection For a minimum cost solution, the security supplementary services may be implemented between the network nodes supporting the visual telematic services so as to provide protection only on those parts of the route of the bearer network that are most exposed to monitoring
24、 or attack, e.g. : satellite and terrestrial radio links (see Figure 1 (T/SF 56). The location of the security supplementary services at a network node enables the Administration to dimension the security functionality on a shared basis at strategic network switching centres, thus reducing considera
25、bly the cost of security. However, the option requires that the Administration deals with key- management and control because the information security equipment is located in the premises of the Administration. End-to-end protection In this option, every terminal for visual telematic services that r
26、equires security supplementary services will need the additional functionality included within the terminal. Therefore the total volume of security equipment, and its reflection in the tarif or the purchase price of the terminal, would be greater than that of 2.1, However, the local network part of
27、the Videoconferencing link would also be protected as well as the links between network nodes (see Figure 2 (T/SF 56). Interworking of non-compatible terminals Assuming that Administrations comply with the CEPT Recommendation on condentiality for visual telematic services, then international interwo
28、rking will consist of direct interconnection between compatible terminals that are structured in a security topology of either 2.1. or 2.2. Edition of January 15, 1988 CEPT T/SF*5b*E 87 2326434 O009453 4 T/SF 56 E Page 4 However, this Recommendation also acknowledges that, subject to bilateral agree
29、ment, other means of confidentiality may also be used. Indeed visual telematic services conforming to the CEPT Recommendation for security may have an operational requirement to interwork with non-conforming terminals, or with terminals operated by Administrations outside CEPT. In order to provide a
30、 harmonised procedure for dealing with non-conforming terminals, a third network security option is defined in this Recommendation in which secure interworking is still possible by deploying a secure relay node or gateway offering a value-added conversion facility for visual telematic services havin
31、g differing information protection parameters (see Figure 3 (T/SF 56). In this option the secure functionality is stripped off the visual telematic services information at a secure gateway, and new secure functionality asserted for the completion of the information flow to its destination. As the se
32、nsitive information is processed without protection within the gateway, its standards of physical security should be sufficiently high to maintain overall security, and the operating standards at the gateway must be trusted by all users. All three options (2.1. to 2.3.) should be available for Admin
33、istrations to use, as appropriate to local circumstances. Therefore implementation should allow the interworking of terminals when they have invoked the supplementary information security services, regardless of which the three network secure service options for visual telematic services have been a
34、dopted by any Administration. 3. 3.1. 3.2. 3.3. 3.4. SECURITY SUPPLEMENTARY SERVICE REQUIREMENTS An analysis of the economic justification of supplementary information security services for visual telematic services follows. Definition of terms is consistent with the vocabulary of ISO/TC97/SC21 in r
35、egard to security architecture: Access conrol In visual telematic services that do not use permanently dedicated arrangements of networks, some mechanism for access control to visual conferences may be needed. However, it is unclear that this will be implemented as part of the supplementary services
36、 for information security. Information confidentiality Information Confidentiality is required to ensure the privacy of communication, which may be exposed to open bearer services involving satellite and terrestrial radio routes. It is unlikely that the full commercial potential of visual telematic
37、services will be achieved in the business sector unless customers can be assured that confidentiality is maintained to at least commercial standards. Information integrity It may be technically feasible for an attacker to insert, remove or alter information flowing between visual services terminals
38、in a way that deceives the users. But because of the interactive nature of the service, and the continuous flow of information, disruptions and replay attacks will be perceived quickly by the users. Therefore Integrity is allocated a relatively low commercial priority. Authentication Most visual tel
39、ematic conferences are expected to take place between participants who would recognise any attempt to impersonate others involved in the conference or communication. However, in conferences between participants who, for instance, are meeting for the first time, some method of authentication may be n
40、ecessary. O Edition of January 15, 1988 CEPT T/SF*Sb*E 87 232b414 O009454 b 3.5. O 4. 4.1. 4.2. 4.3. 5. 5.1. 5.2. 5.3. 5.4. T/SF 56 E Page 5 Non-repudiation There are only very few occasions in which participants of visual telematic services would be able to benefit by claiming not to have been invo
41、lved in a conference. Therefore non-repudiation is allocated a low commercial priority. This does not necessarily apply to other telematic services such as Teletex, telewriting and facsimile, which may be used in conjunction with visual telematic services, but are outside the scope of this Recommend
42、ation. INFORMATION CONFIDENTIALITY OPTIONS The following privacy service options are known to CEPT technical groups, and are characterized in Table 1 (T/SF 56): The American Data Encryption Standard. The Swiss GRETAG privacy system. The British Telecom B-CRYPT system. Noting the factors described in
43、 Table 1 (T/SF 56), it is recommended that the method/system of information confidentiality should ensure that, for visual telematic services: - it is available to the customers of all CEPT Administrations without restriction, - it is multi-sourced, the cost is reasonable compared to the functionali
44、ty offered. KEY-MANAGEMENT Key-management facilities are described in the context of the visual telematic services security framework to ensure compatibility of overall security for intercommunication. The following key-management options are known to CEPT technical groups, and are characterized in
45、Table 2 (T/SF 56): Manual exchange of secret key. Bilateral master key protocol. Stand-alone number-theoretic systems. A visual services derivative of CCITT X.ds7 Public directory number-theoretic key-management system. Noting the factors described in Table 2 (T/SF 56), it is recommended that, becau
46、se of the complexity. of agreeing and adopting a key-management scheme, key-management should be the subject of a separate SF Recommendation. In the meantime, it is recommended that: - a manual method of exchange of secret key visual telematic services is adopted, -a review of the method of key-mana
47、gement for visual telematic service is carried out when the CCITT X.ds7 draft Recommendation has been adopted. Edition of January 15, 1988 CEPT T/SF*5b*E 87 W 2326434 0009455 8 T/SF 56 E Page 6 O Terminal Local switching U centre centre Local switching - - - - Main network - - .- (Dimensioned accord
48、ing to traffic) Figure 1 (T/SF 56). Inter-nodal network protection. Local centre Main network - - switching (One per terminal invoking security supplementary services) Figure 2 (T/SF 56). End-to-end protection. Edition of January 15, 1988 CEPT T/SF*5b*E 87 2326434 0009456 - Terminal 7 Local switchin
49、g centre Main network Administration A Main network Administration B Local switching i I I I I I I Secure Supplementary services, Key i (Unprotected information) I I I Secure Supplementary services, Key 2 T/CF 56 E Page 7 Note. For clarity the Conversion Facility is shown in the international network. In practice it would be associated with the network of one of the Administrations. Figure 3 (T/SF 56). Conversion facility for the interworking of non-compatible terminals. Edition of January 15, 1988 CEPT T/SF*5b*E 87 W 2326414 0009457 1 W T/SF 56 E Pa