1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1041 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (05/2018) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Information and network security Network security Security framework for voice-over-long-term
2、-evolution (VoLTE) network operation Recommendation ITU-T X.1041 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DI
3、RECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.
4、1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES (1) Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols (1) X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1
5、179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES (2) Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1319 Smart grid security X.1330X.1339 Cert
6、ified mail X.1340X.1349 Internet of things (IoT) security X.1360X.1369 Intelligent transportation system (ITS) security X.1370X.1389 Distributed legder technology security X.1400X.1429 Security protocols (2) X.1450X.1459 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulne
7、rability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 CLOUD COMPUTING SECURITY Overview of cloud computing security
8、 X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computing security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For further details, please refer to the list of ITU-T Recommendations. Rec.
9、 ITU-T X.1041 (05/2018) i Recommendation ITU-T X.1041 Security framework for voice-over-long-term-evolution (VoLTE) network operation Summary Voice over LTE (VoLTE) is a voice communication service over IP multimedia subsystem (IMS) network, and its traffic is routed through long term evolution (LTE
10、) wireless network, evolved packet core (EPC) core network and IMS core network. VoLTE adopts a full Internet protocol (IP) network framework based on session initiation protocol (SIP), which makes VoLTE more vulnerable to attacks than traditional voice service, which is based on circuit switch. The
11、refore, there is an urgent desire to establish the overall security framework for VoLTE network operation. Recommendation ITU-T X.1041 analyses security threats encountered by the VoLTE network and recommends countermeasures for telecommunication operators to ensure the secure operation. It also pro
12、vides a security reference framework for VoLTE network. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X.1041 2018-05-14 17 11.1002/1000/13603 Keywords Countermeasures, security reference framework, threats, VoLTE. * To access the Recommendation, type the URL http:/handle.i
13、tu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T X.1041 (05/2018) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telec
14、ommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecom
15、munications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the pro
16、cedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a tel
17、ecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of
18、these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSI
19、TU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU mem
20、bers or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may n
21、ot represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2018 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.104
22、1 (05/2018) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 1 4 Abbreviations and acronyms 1 5 Conventions 3 6 Introduction . 3 6.1 Background . 3 6.2 Threats analysis 4 6.3 Countermeasures 4 6.4 Securit
23、y reference architecture . 4 7 Threats analysis 4 7.1 Threats to data 4 7.2 Threats to applications 5 7.3 Threats to network 5 7.4 Threats to infrastructure . 6 8 Countermeasures . 6 8.1 Countermeasures for data security . 6 8.2 Countermeasures for application security 7 8.3 Countermeasures for netw
24、ork security . 8 8.4 Countermeasures for infrastructure security 8 8.5 Security management . 9 9 Security reference architecture for VoLTE network 9 Bibliography. 11 Rec. ITU-T X.1041 (05/2018) 1 Recommendation ITU-T X.1041 Security framework for voice-over-long-term-evolution (VoLTE) network operat
25、ion 1 Scope This Recommendation analyses security threats encountered by VoLTE network and recommends countermeasures for telecommunication operators to ensure secure operation. It also provides a security reference framework for VoLTE network. This Recommendation: Describes security threats to VoLT
26、E network operation. Provides technical and management measures for countering security threats. Defines a security framework for VoLTE network operation. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provis
27、ions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendation
28、s and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. None. 3 Definitions 3.1 Terms defined elsewhere None. 3
29、.2 Terms defined in this Recommendation This Recommendation defines the following term: 3.2.1 session border controller (SBC): A device deployed in VoLTE network to exert control over signalling and media streams involved in setting up, conducting, and tearing down telephone calls or other interacti
30、ve media communications for the telecommunication operator. It provides functions such as security (e.g., Firewall, topology hiding), control-plane interworking between different protocols, network address translation, transcoding between different user-plane data types, load-balancing and routing,
31、etc. b-GSMA FCM.01. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: AKA Authentication and Key Agreement AS Application Server CLR Cancel Location Request CSCF Call Session Control Function 2 Rec. ITU-T X.1041 (05/2018) DB Database DDoS Distributed Den
32、ial of Service DoS Denial of Service ECGI Evolved Universal Terrestrial Radio Access Network Cell Global Identifier EPC Evolved Packet Core E-UTRAN Evolved Universal Terrestrial Radio Access Network GUTI Globally Unique Temporary UE Identity HSS Home Subscriber Server I-CSCF Interrogating Call Sessi
33、on Control Function IMEI International Mobile Equipment Identity IMS IP Multimedia Subsystem IMSI International Mobile Subscriber Identity IP Internet protocol IPSec IP Security Protocol ISDN Integrated Services Digital Network LTE Long Term Evolution MME Mobile Management Entity MS Mobile Station M
34、SISDN Mobile Subscriber International ISDN Number OM Operation and Management OS Operating System P-CSCF Proxy-Call Session Control Function PDN Public Data Network PGW PDN Gateway QoS Quality of Service RSZI Regional Subscription Zone Identity SBC Session Border Controller S-CSCF Serving-Call Sessi
35、on Control Function SGW Serving Gateway SIP Session Initiation Protocol SQL Structured Query Language TAI Tracking Area Identity TAS Telephony Application Server TMSI Temporary Mobile Subscriber Identity UE User Equipment VoLTE Voice over LTE XSS Cross-Site Scripting Rec. ITU-T X.1041 (05/2018) 3 5
36、Conventions In this Recommendation: The keywords “is required to“ indicate a requirement which must be strictly followed and from which no deviation is permitted, if conformance to this Recommendation is to be claimed. The keywords “is recommended“ indicate a requirement which is recommended but not
37、 absolutely required, if conformance to this Recommendation is to be claimed. 6 Introduction 6.1 Background VoLTE is a GSMA profile of the standards defined for the delivery of services (mainly voice) over the packet switched only network of long term evolution (LTE), leveraging the IP multimedia su
38、bsystem (IMS ) core network b-GSMA FCM.01. VoLTE is deemed as a standardized system for providing voice service for 4G mobile users. A VoLTE architecture is depicted in Figure 6-1. It is composed of a VoLTE mobile station (MS), evolved universal terrestrial radio access network (E-UTRAN), evolved pa
39、cket core (EPC), IMS, home subscriber server (HSS) and various application servers (AS). Figure 6-1 VoLTE architecture VoLTE MS is the mobile terminal which is authorized to access the network and use VoLTE service. It may be a smartphone or tablet or another kind of communication device. E-UTRAN co
40、nsists of eNodeBs which are in charge of wireless transceiver and base station control. The eNodeBs connect to the mobile management entity (MME) for signalling transmission, while data transmission is directly routed to the serving gateway (S-GW) and public data network (PDN) gateway (P-GW). EPC is
41、 the 4th generation of the 3GPP core network. The EPC basically contains MME and S/P-GW. MME is the most important control point in the core network and it is responsible for most of the control plane functions. S-GW is responsible for the quality of service (QoS). P-GW allocates IP addresses to use
42、r equipments (UEs), selects routes and provides interfaces towards Internet and IMS. IMS is a standalone system that connects to the LTE network via P-GW. VoLTE service is provided through the call session control function (CSCF) that controls the phone calls in the IMS network. 4 Rec. ITU-T X.1041
43、(05/2018) The CSCF manages VoLTE registration information, connects calls and relays voice call transmission and reception. According to its dedicated function, the CSCF is classified into proxy CSCF (P-CSCF), interrogating CSCF (I-CSCF) and serving CSCF (S-CSCF). The main function of P-CSCF is to f
44、orward all SIP messages between the UE and the IMS. The I-CSCF finds the corresponding S-CSCF by querying HSS. The S-CSCF provides session management such as session set up, session deletion and session control. The main AS is called telephony application server (TAS) and it is responsible for both
45、signalling and media manipulation for many services such as local number portability, free-call routing resolution, unified messaging and conference bridge services. The HSS contains all the information related to the subscribers and provides details of the subscribers to other network entities. The
46、 authentication center is part of HSS, which is responsible for generating authentication vectors for each subscriber. 6.2 Threats analysis VoLTE network is subject to various security threats and vulnerabilities. This Recommendation categorizes these threats into four groups: 1) Threats to data: Th
47、e threats to the sensitive data for VoLTE network operation. 2) Threats to applications: The threats to session initiation protocol (SIP) signalling, voice media and other application services. 3) Threats to networks, all the common threats to E-UTRAN, EPC and IMS network. 4) Threats to infrastructu
48、re: The threats to the software and hardware of the VoLTE network elements. 6.3 Countermeasures This Recommendation describes security measures in five dimensions according to different types of threats in the VoLTE network. 1) Countermeasures for data security. 2) Countermeasures for application se
49、curity. 3) Countermeasures for network security. 4) Countermeasures for infrastructure security. 5) Security management. 6.4 Security reference architecture This Recommendation provides a security framework to address security challenges of the VoLTE network operation. The security framework is designed based on the analysis of threats and countermeasures. 7 Threats analysis VoLTE suffers from various security threats, such as the leakage of data, eavesdropping, flood attack and so on. These threats can be categor
