1、 ETSI TS 102 165-1 V4.2.3 (2011-03)Technical Specification Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN);Methods and protocols;Part 1: Method and proforma for Threat,Risk, Vulnerability Analysisfloppy3ETSI ETSI TS 102 165-1 V4.2.3 (2011-03)2Referen
2、ce RTS/TISPAN-07050-NGN-R3 Keywords authentication, confidentiality, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (
3、06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the refer
4、ence version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or chan
5、ge of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright
6、 Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and t
7、he ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Orga
8、nizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TS 102 165-1 V4.2.3 (2011-03)3Contents Intellectual Property Rights 6g3Foreword . 6g3Introduction 6g31 Scope 8g32 References 8g32.1 Normative references . 8g32.2 Informative references 9g
9、33 Definitions, symbols and abbreviations . 10g33.1 Definitions 10g33.2 Symbols 11g33.3 Abbreviations . 11g34 Introduction 13g34.1 Role of TVRA 13g34.2 Generic TVRA relationships 15g34.3 Countermeasure strategies 18g34.3.1 Asset redesign . 18g34.3.2 Asset hardening 18g34.4 Relationship with Common C
10、riteria evaluation . 18g35 TVRA method 19g35.1 Overview 19g35.1.1 Target of Evaluation description . 21g35.1.1.1 Security environment 21g35.1.1.2 Security objectives 22g35.1.1.3 Security requirements 23g35.1.1.3.1 The relationship between security objectives and security requirements 23g35.1.1.3.2 S
11、ecurity requirements statements 23g35.1.2 Threats and threat agents 25g35.2 Actors and roles 27g35.3 Rationale. 27g36 Method process 27g36.1 Overview 27g36.2 Step 1: Identification of Target Of Evaluation (TOE) 28g36.3 Step 2: Identification of objectives . 29g36.4 Step 3: Identification of function
12、al security requirements 29g36.5 Step 4: Systematic inventory of the assets 30g36.6 Step 5: Systematic identification of vulnerabilities 31g36.6.1 Identification of weakness 32g36.6.2 Identification of a vulnerability 32g36.6.3 Identification of attack method (threat agent) . 32g36.6.3.1 Assessment
13、of the practicality . 32g36.6.3.1.1 Knowledge factor 32g36.6.3.1.2 Time factor 33g36.6.3.1.3 Expertise factor 34g36.6.3.1.4 Opportunity factor . 34g36.6.3.1.5 Equipment factor . 34g36.6.3.1.6 Intensity factor. 35g36.7 Step 6: Calculation of the likelihood of the attack and its impact 35g36.8 Step 7:
14、 Establishment of the risks 36g36.8.1 Impact of intensity 37g36.8.2 Classification of risk . 37g36.8.2.1 Overview . 37g36.9 Step 8: Security countermeasure identification 38g3ETSI ETSI TS 102 165-1 V4.2.3 (2011-03)46.9.1 Countermeasures in the system . 38g36.9.2 Composite countermeasures applied to
15、the system . 39g36.9.3 Impact of countermeasures applied to the system . 39g36.10 Step 9: Countermeasure Cost-benefit analysis . 39g36.10.1 Standards design . 39g36.10.2 Implementation . 39g36.10.3 Operation 40g36.10.4 Regulatory impact . 40g36.10.5 Market acceptance 40g36.11 Step 10: Specification
16、of detailed requirements . 41g3Annex A (normative): TVRA proforma . 42g3Annex B (informative): The role of motivation . 43g3Annex C: Void . 44g3Annex D (informative): Denial of service attacks 45g3D.1 DDoS Attacks viable on the NGN . 45g3D.1.1 Land 45g3D.1.2 SYN Flood 45g3D.1.3 Ping of Death 45g3D.1
17、.4 Process Table 46g3D.1.5 Smurf Attack 46g3D.1.6 SSH Process Table . 46g3D.1.7 TCP Reset . 46g3D.1.8 Teardrop . 46g3D.1.9 UDP Storm . 46g3D.2 DDoS characteristics 47g3D.3 Defence against DDoS . 47g3D.3.1 Preventive Mechanisms 47g3D.3.2 Reactive Mechanisms . 47g3D.3.2.1 Signature detection mechanism
18、s . 48g3D.3.2.2 Anomaly detection mechanisms . 48g3D.3.3 Difficulties of defence 48g3Annex E (informative): TVRA database structure . 49g3E.1 Database structure 49g3E.2 SQL code for TVRA database 51g3E.2.1 Lookup tables . 51g3E.2.2 Core tables 52g3E.2.3 Linking tables . 54g3E.2.4 Sample queries (use
19、d to complete input to eTVRA proforma) 55g3Annex F (informative): Use of ISO/IEC 15408-2 security functional classes in security requirements statements . 56g3F.1 Overview 56g3F.2 Review of functional capabilities . 58g3F.2.1 Authentication and identification . 58g3F.2.2 Communication class (non-rep
20、udiation) 59g3F.2.3 User data protection class . 60g3F.2.4 Privacy class . 64g3F.2.5 Resource utilization class . 66g3F.2.6 Trusted path/channel class 66g3F.2.7 Security management class. 67g3F.2.8 Protection of the TSF class . 68g3F.2.9 Cryptographic support class . 70g3F.2.10 Security audit class
21、. 71g3ETSI ETSI TS 102 165-1 V4.2.3 (2011-03)5F.2.11 TOE Access class . 72g3Annex G (normative): TVRA Risk Calculation Template and Tool . 74g3Annex H (normative): TVRA Countermeasure Cost-Benefit Analysis Template and Tool . 75g3Annex I (informative): Bibliography . 77g3I.1 UML . 77g3Annex J (infor
22、mative): Change history . 78g3History 79g3ETSI ETSI TS 102 165-1 V4.2.3 (2011-03)6Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI me
23、mbers and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.
24、etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become,
25、essential to the present document. Foreword This Technical Specification (TS) has been produced by ETSI Technical Committee Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN). The present document is part 1 of a multi-part deliverable covering methods a
26、nd protocols for security standardization, as identified below: Part1: “Method and proforma for Threat, Risk, Vulnerability Analysis“; Part 2: “Protocol Framework Definition; Security Counter Measures“. Introduction The present document is one of a set of documents that addresses standardization of
27、security protocols and mechanisms within the context of the eEurope 2005 programme. The suite of documents is composed as follows: ETSI EG 202 387 i.1: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method for application of
28、 Common Criteria to ETSI deliverables“. ETSI ES 202 383 1: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Security Targets“. ETSI ES 202 382 2: “Telecommunications and Internet converged Serv
29、ices and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Protection Profiles“. ETSI TS 102 165-1: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Method and proforma for Thr
30、eat, Risk, Vulnerability Analysis“ (the present document). ETSI TS 102 165-2 4: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Protocol Framework Definition; Security Counter Measures“. ETSI TS 102 556 i.5: “Telecommunication and Internet converge
31、d Services and Protocols for Advanced Networking (TISPAN); Protection Profile“. ETSI EG 202 549 i.6: “Telecommunication and Internet converged Services and Protocols for Advanced Networking (TISPAN); Design Guide; Application of security countermeasures to service capabilities“. These documents are
32、developed based on the objectives of the eEurope programme and are also developed to ensure they comply with the overall objectives of the European regulatory framework as defined in the following documents: Directive 2002/19/EC 14 of the European Parliament and of the council of 7 March 2002 on acc
33、ess to, and interconnection of, electronic communications networks and associated facilities (Access Directive). ETSI ETSI TS 102 165-1 V4.2.3 (2011-03)7 Directive 2002/20/EC 15 of the European Parliament and of the council of 7 March 2002 on the authorization of electronic communications networks a
34、nd services (Authorization Directive). Directive 2002/21/EC 16 of the European Parliament and of the council of 7 March 2002 on a common regulatory framework for electronic communications networks and services (Framework Directive). Directive 2002/22/EC 17 of the European Parliament and of the counc
35、il of 7 March 2002 on universal service and users rights relating to electronic communications networks and services (Universal Service Directive). Directive 2002/58/EC 18 of the European Parliament and of the council of 12 July 2002 concerning the processing of personal data and the protection of p
36、rivacy in the electronic communications sector (Directive on privacy and electronic communications). In particular the present document forms part of the standardization initiative for the Next Generation Network (NGN) platform to be used in eEurope and upon which the trust and viability of the e-en
37、abled community will, to a very large part, depend on. The eEurope 2005 action plan has been drawn up to focus on “the widespread availability and use of broadband networks throughout the Union and the security of networks and information, eGovernment, eHealth and eBusiness“ requiring a supporting i
38、nfrastructure, which is truly pan-European. To quote COM(2002)263 i.8: “By 2005 Europe should have a secure information infrastructure“. ETSI ETSI TS 102 165-1 V4.2.3 (2011-03)81 Scope The present document defines a method for use by ETSI standards developers in undertaking an analysis of the threat
39、s, risks and vulnerabilities of a telecommunications system. The method builds from the Common Criteria for security assurance and evaluation defined in ISO/IEC 15408 9 and specifically targets the means to build a Threat Vulnerability and Risk Analysis (TVRA) to allow its reference by an ETSI speci
40、fication developed using the guidelines given in EG 202 387 i.1 and ES 202 382 2. The TVRA forms part of the documentation set for the Target Of Evaluation as specified in ES 202 382 2 with its intended audience being a developer of standards based Protection Profiles. The Unified Modelling Language
41、 (UML) is used to model relationships within systems for analysis within the TVRA as a semi-formal tool with verification and simulation capabilities deployed during development. NOTE: This is in accordance with the goals of the eEurope project under objective Good practices (COM(2002) 263 page 18)
42、i.8. The present document provides a database definition for TVRA and provides, in annexes, the application of the TVRA method to a number of NGN subsystems or components. The database definition is appended to the present document as a text file containing Structured Query Language (SQL) database d
43、efinition commands. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the reference document (including a
44、ny amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validit
45、y. 2.1 Normative references The following referenced documents are necessary for the application of the present document. 1 ETSI ES 202 383: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Sec
46、urity Targets“. 2 ETSI ES 202 382: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Protection Profiles“. 3 Void. 4 ETSI TS 102 165-2 (2006) “Telecommunications and Internet converged Services
47、and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 2: Protocol Framework Definition; Security Counter Measures“. 5 ETSI TS 187 001: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN SECurity (SEC); Requirements“. 6 ISO/IE
48、C 15408-1: “Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model“. 7 ISO/IEC 15408-2: “Information technology - Security techniques - Evaluation criteria for IT security - Part 2: Security functional requirements“. ETSI ETSI TS 1
49、02 165-1 V4.2.3 (2011-03)98 ISO/IEC 15408-3: “Information technology - Security techniques - Evaluation criteria for IT security - Part 3: Security assurance requirements“. 9 ISO/IEC 15408: “Information technology - Security techniques - Evaluation criteria for IT security“. NOTE: When referring to all parts of ISO/IEC 15408 the reference above is used. 10 CCMB-2005-07-004: “Common Methodology for Information Technology Security Evaluation; Evaluation methodology; July 2005; Version 3.0 Revision