1、 ETSI TR 187 011 V2.1.1 (2008-07)Technical Report Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN);NGN Security;Application of ISO-15408-2 requirements to ETSI standards -guide, method and application with examplesETSI ETSI TR 187 011 V2.1.1 (2008-07)
2、 2 Reference DTR/TISPAN-07028-NGN-R2 Keywords security, protocol, methodology ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (
3、06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the refer
4、ence version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or chan
5、ge of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright
6、 Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2008. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and t
7、he ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TR 187 011 V2.1.1 (2008-07) 3 Contents Intellectual Property Rights4 Foreword.4 1 Scope 5 2 Refe
8、rences 5 2.1 Normative references .5 2.2 Informative references5 3 Definitions and abbreviations.6 3.1 Definitions6 3.2 Abbreviations .7 4 Standards, assets and systems 8 5 Objectives and requirements in security standards 8 5.1 Overview 8 5.2 Security objectives .10 5.3 Security requirements.10 5.3
9、.1 Functional security requirements10 5.3.2 Detailed security requirements .11 6 Threat Analysis 11 7 Specifying security objectives12 7.1 Getting started 12 7.2 Identifying security objectives .13 7.3 Formulating security objectives .13 7.4 Validating security objectives 14 8 Requirements capture.1
10、5 8.1 The characteristics of requirements15 8.2 Specifying requirements.15 8.2.1 Functional requirements .15 8.2.2 Detailed requirements .16 9 Specifying security objectives and requirements using ISO/IEC 15408-2 17 9.1 Overview 17 9.1.1 The structure of functional components17 9.1.2 ISO/IEC 15408-2
11、 functional classes.18 9.2 Characterizing functional components .19 9.3 Identifying ISO/IEC 15408-2 component elements in standards .20 9.4 Integration with TVRA 20 Annex A: Worked examples of using the method in NGN applications .21 A.1 RACS .21 A.2 Unsolicited communication21 A.3 Media security22
12、A.4 IPTV.22 History 23 ETSI ETSI TR 187 011 V2.1.1 (2008-07) 4 Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-membe
13、rs, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.a
14、sp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the pr
15、esent document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN). ETSI ETSI TR 187 011 V2.1.1 (2008-07) 5 1 Scope The present document defines a method, based on the app
16、lication of ISO/IEC 15408-2 i.10, for concisely and unambiguously declaring security requirements expressed in ETSI standards. The purpose of the present document is to provide support to developers of ETSI standards in using the security functional components of ISO/IEC 15408-2 i.10. In particular
17、it explains the elements in the ISO/IEC 15408-2 i.10 functional capabilities and describes how they fit within a structured security requirements engineering method. Required elements are defined with respect to the NGN and, where appropriate, are illustrated with examples from the NGN Security prog
18、ramme. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. Non-specific reference may be made only to a complete document or a part thereof and only in th
19、e following cases: - if it is accepted that it will be possible to use all future changes of the referenced document for the purposes of the referring document; - for informative references. Referenced documents which are not found to be publicly available in the expected location might be found at
20、http:/docbox.etsi.org/Reference. For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably, the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the reference should, as far as possi
21、ble, remain valid for the expected life of the document. The reference shall include the method of access to the referenced document and the full network address, with the same punctuation and use of upper case and lower case letters. NOTE: While any hyperlinks included in this clause were valid at
22、the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are indispensable for the application of the present document. For dated references, only the edition cited applies. For non-specific references, the latest edition of
23、the referenced document (including any amendments) applies. Not applicable. 2.2 Informative references The following referenced documents are not essential to the use of the present document but they assist the user with regard to a particular subject area. For non-specific references, the latest ve
24、rsion of the referenced document (including any amendments) applies. i.1 ETSI EG 202 387: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method for application of Common Criteria to ETSI deliverables“. i.2 ETSI ES 202 382: “
25、Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Protection Profiles“. ETSI ETSI TR 187 011 V2.1.1 (2008-07) 6 i.3 ETSI TS 102 165-1: “Telecommunications and Internet converged Services and Prot
26、ocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis“. i.4 ETSI TR 102 420: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Review of activity on security“. i.5 ETSI EG
27、201 383: “Methods for Testing and Specification (MTS);Use of SDL in ETSI deliverables; Guidelines for facilitating validation and the development of conformance tests“. i.6 ETSI EG 201 872: “Methods for Testing and Specification (MTS); Methodological approach to the use of object-orientation in the
28、standards making process“. i.7 ETSI EG 202 106: “Methods for Testing and Specification (MTS); Guidelines for the use of formal SDL as a descriptive tool“. i.8 ITU-T Recommendation I.130: “Method for the characterization of telecommunication services supported by an ISDN and network capabilities of a
29、n ISDN“. i.9 ISO/IEC 15408-1: “Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model“. i.10 ISO/IEC 15408-2: “Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional require
30、ments“. i.11 ISO/IEC 15408-3: “Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements“. i.12 ISO/IEC 15408: “Information technology - Security techniques - Evaluation criteria for IT security“. NOTE: When referring to all parts of
31、 ISO/IEC 15408 the reference above is used. i.13 Directive 2002/58/EC: “Directive 2002/58/Ec of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic commu-nications sector (Directive on privacy and elect
32、ronic communications). i.14 IETF RFC 4306: “Internet Key Exchange (IKEv2) Protocol“. i.15 IETF RFC 4303: “IP Encapsulating Security Payload (ESP)“. i.16 IETF RFC 4305: “Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)“. 3 Def
33、initions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: access service provider: entity that provides the underlying IP transport connectivity between the consumer and the NGN entities asset: information or resource to be protec
34、ted by countermeasures attack interface: point of attack presented by a functional entity that is reachable from outside a trust domain and which exposes the trust domain to one or more forms of malicious action NOTE: Malicious action may include but not be restricted to denial of service attack, tr
35、affic analysis, masquerade, replay attack, penetration and sabotage. ETSI ETSI TR 187 011 V2.1.1 (2008-07) 7 consumer: domain where the IPTV services are consumed NOTE: The consumer domain may consist of a single terminal, used directly for service consumption, or may be a network of terminals and r
36、elated devices, including mobile devices. Note that a single consumer domain may be connected obtaining content from multiple Content providers. content provider: entity that owns or is licensed to sell content or content assets NOTE: Although the IPTV Service Provider is the primary source for the
37、Consumer, a direct logical information flow may be set up between Content Provider and Consumer, e.g. for rights management and content protection. IPTV service provider: entity that prepares the content bundle provided by the content provider for delivery to the consumer by providing metadata, cont
38、ent encryption and physical binaries NGN service provider: entity offering IP based services, which shares a consistent set of policies and common technologies NOTE: It handles user authentication/identification, Service Control and security, Charging, IPTV common functions, etc. Several IPTV Servic
39、e Providers could use the same NGN Service Provider to delivery contents to the consumer. The NGN Service Provider may also provide IPTV service. secure connection: connection between two functional entities that provides properties of confidentiality, authenticity and integrity proof for any transm
40、ission across the connection secure ICT system: physical implementation of a security standard or set of associated security standards security standard: communications standard that includes provisions for protecting users and networks from threats to the confidentiality and integrity of both ident
41、ity and data trust domain: grouping and/or collection of functional entities (implemented in one or more physical devices) whose operation or ownership arrangements mitigate any risk of exploit to the grouping and/or collection within the trust domain boundary NOTE 1: In the simplest case, a Trust D
42、omain is a set of physical or functional entities with a single owner/operator who can accurately know the behaviour of those physical or functional entities. Such simple Trust Domains may be joined into larger Trust Domains by bi-lateral agreements between the owners/operators of the physical or fu
43、nctional entities. NOTE 2: A node is “trusted“ (with respect to a given Trust Domain) if and only if it is a member of that domain. NOTE 3: A node, A, in the Trust Domain is “trusted by“ a node, B, (or “B trusts A“) if and only if there is a secure connection between the nodes, AND B has configurati
44、on information indicating that A is a member of the Trust Domain. Further it is noted that B may or may not be a member of the Trust Domain, e.g. B may be a UE which trusts a given network intermediary, A (e.g. its home proxy). 3.2 Abbreviations For the purposes of the present document, the followin
45、g abbreviations apply: CSP Communications Service Provider EAL Evaluation Assurance Level ICT Information and Communications Technology IKE Internet Key Exchange Version 2 IPTV Internet Protocol TeleVision MSC Message Sequence Chart NAT Network Address Translation NGN Next Generation Network PATS Pu
46、blicly Available Telecommunications Service RACS Resource Admission Control Subsystem SDL Specification and Description Language SDPF Service Policy Decision Function TOE Target Of Evaluation TOE Target Of Evaluation ETSI ETSI TR 187 011 V2.1.1 (2008-07) 8 TSF TOE Security Functions TVRA Threat, Vul
47、nerability and Risk Analysis UDP User Datagram Protocol UML Unified Modelling Language 4 Standards, assets and systems Communications standards specify detailed requirements that must be met by implementations of the standard in order to be compliant. Depending on the range and complexity of the spe
48、cified requirements, such standards might be implemented by whole systems or by individual component parts of the systems. In those cases where implementations are likely to either provide or exist within a secure environment, the standard will specify addition, security-related requirements derived
49、 from a thorough Threat, Vulnerability and Risk Analysis (TVRA) as defined in TS 102 165-1 i.3. In TVRA terminology, a system component that implements a communications standard is referred to as an “asset“ and this term is used with the same meaning throughout the present document. In summary: Standards specify requirements for both communication and security aspects; Assets are implementations of one or more security-related standards; and Systems comprise one or more assets. 5 Objectives and requirements in security standards