1、 International Telecommunication Union ITU-T Y.2705TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (03/2013) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security Minimum security requirements for the interconnection of
2、the Emergency Telecommunications Service (ETS) Recommendation ITU-T Y.2705 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS GLOBAL INFORMATION INFRASTRUCTURE General Y.100Y.199 Services, applications and middleware Y.200Y.299 Ne
3、twork aspects Y.300Y.399 Interfaces and protocols Y.400Y.499 Numbering, addressing and naming Y.500Y.599 Operation, administration and maintenance Y.600Y.699 Security Y.700Y.799 Performances Y.800Y.899 INTERNET PROTOCOL ASPECTS General Y.1000Y.1099 Services and applications Y.1100Y.1199 Architecture
4、, access, network capabilities and resource management Y.1200Y.1299 Transport Y.1300Y.1399 Interworking Y.1400Y.1499 Quality of service and network performance Y.1500Y.1599 Signalling Y.1600Y.1699 Operation, administration and maintenance Y.1700Y.1799 Charging Y.1800Y.1899 IPTV over NGN Y.1900Y.1999
5、 NEXT GENERATION NETWORKS Frameworks and functional architecture models Y.2000Y.2099 Quality of Service and performance Y.2100Y.2199 Service aspects: Service capabilities and service architecture Y.2200Y.2249 Service aspects: Interoperability of services and networks in NGN Y.2250Y.2299 Numbering, n
6、aming and addressing Y.2300Y.2399 Network management Y.2400Y.2499 Network control architectures and protocols Y.2500Y.2599 Packet-based Networks Y.2600Y.2699 Security Y.2700Y.2799Generalized mobility Y.2800Y.2899 Carrier grade open environment Y.2900Y.2999 FUTURE NETWORKS Y.3000Y.3499 CLOUD COMPUTIN
7、G Y.3500Y.3999 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T Y.2705 (03/2013) i Recommendation ITU-T Y.2705 Minimum security requirements for the interconnection of the Emergency Telecommunications Service (ETS) Summary Emergency telecommunications service (ETS)
8、is a national service, providing priority communications services to ETS authorized users in times of disaster and emergencies. Recommendation ITU-T Y.2705 provides minimum security requirements for the inter-network interconnection of ETS. This will allow ETS to be supported with the necessary secu
9、rity protection between different national networks with bilateral and/or multilateral agreements in times of disaster and emergencies. History Edition Recommendation Approval Study Group 1.0 ITU-T Y.2705 2013-03-01 13 Keywords Emergency telecommunications service (ETS), NGN security, priority servi
10、ces and capabilities. ii Rec. ITU-T Y.2705 (03/2013) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a
11、permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, est
12、ablishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary s
13、tandards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression Administration is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Re
14、commendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words shall or some other obligatory language such as must and the negative equivalents ar
15、e used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Int
16、ellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not rece
17、ived notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ip
18、r/. ITU 2013 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T Y.2705 (03/2013) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in t
19、his Recommendation . 2 4 Abbreviations and acronyms 2 5 Conventions 3 6 Security threats and risks 3 7 Reference architecture for ETS interconnection security . 4 8 Security objectives and guidelines for interconnection of ETS 5 8.1 General objectives 5 8.2 General guidelines 6 8.3 Common objectives
20、 and requirements . 6 8.4 ETS authentication, authorization and access control 7 8.5 ETS integrity 8 8.6 ETS communications confidentiality and PII protection . 9 8.7 Inter-network IP transport 11 8.8 ETS availability 12 8.9 Management and operations security . 13 Bibliography. 16 iv Rec. ITU-T Y.27
21、05 (03/2013) Introduction Emergency telecommunications service (ETS) is a national service, providing priority communications services to ETS authorized users in times of disaster and emergencies. ETS implementation is a national matter. However, disasters/emergencies can transcend international geo
22、graphic boundaries, and thus there is a potential that countries/administrations may enter into bilateral and/or multilateral agreements to link their respective ETS systems. This would allow priority communications services (e.g., voice, messaging, video and data) under the umbrella of ETS to be su
23、pported between different national networks with bilateral and/or multilateral agreements in times of disaster and emergencies. The integrity, confidentiality and availability of ETS between interconnected national networks will depend on the security of each national network involved in an end-to-e
24、nd communication. To allow network-provided security of end-to-end ETS between different national networks (i.e., countries/administrations), security requirements for the interconnection of ETS are needed. Rec. ITU-T Y.2705 (03/2013) 1 Recommendation ITU-T Y.2705 Minimum security requirements for t
25、he interconnection of the Emergency Telecommunications Service (ETS) 1 Scope This Recommendation provides the minimum security requirements for the inter-network interconnection of ETS. The scope of the security requirements includes the integrity, confidentiality and availability protection for ETS
26、 communications across network boundaries (i.e., between different national networks). The purpose of this Recommendation is to provide a minimum set of security requirements that can be used to facilitate the support of ETS across directly or indirectly interconnected networks. 2 References The fol
27、lowing ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Rec
28、ommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does no
29、t give it, as a stand-alone document, the status of a Recommendation. ITU-T E.106 Recommendation ITU-T E.106 (2003), International Emergency Preference Scheme (IEPS) for disaster relief operations. ITU-T E.107 Recommendation ITU-T E.107 (2007), Emergency Telecommunications Service (ETS) and intercon
30、nection framework for national implementations of ETS. ITU-T M.3342 Recommendation ITU-T M.3342 (2006), Guidelines for the definition of SLA representation templates. ITU-T Y.2012 Recommendation ITU-T Y.2012 (2010), Functional requirements and architecture of next generation networks. ITU-T Y.2205 R
31、ecommendation ITU-T Y.2205 (2011), Next Generation Networks Emergency telecommunications Technical considerations. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 authorization b-ITU-T X800: The granting of rights, which includes the gr
32、anting of access based on access rights. 3.1.2 availability b-ITU-T X.800: The property of being accessible and useable upon demand by an authorized entity. 3.1.3 confidentiality b-ITU-T X.800: The property that information is not made available or disclosed to unauthorized individuals, entities, or
33、 processes. 3.1.4 data integrity b-ITU-T X.800: The property that data has not been altered or destroyed in an unauthorized manner. 2 Rec. ITU-T Y.2705 (03/2013) 3.1.5 emergency telecommunications service (ETS) ITU-T E.107: A national service, providing priority telecommunications to ETS authorized
34、users in times of disaster and emergencies. 3.2 Terms defined in this Recommendation This Recommendation defines the following term: 3.2.1 Service Provider: Service Provider (initial capital letters) is a public telecommunications service provider authorized to provide emergency telecommunications s
35、ervice (ETS). 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: ANI Application Network Interface CVE Common Vulnerabilities and Exposures CVE Common Vulnerability and Exposure CVSS Common Vulnerability Scoring System CWE Common Weakness Enumeration CYBE
36、X Cybersecurity information Exchange DDoS Distributed Denial of Service DNS Domain Name Server DoS Denial of Service DSCP Diffserv Code Point ETS Emergency Telecommunications Service IDS Intrusion Detection System IEPS International Emergency Preference Scheme IP Internet Protocol IPS Intrusion Prev
37、ention System IPsec IP Security LAN Local Area Network NE Network Element NGN Next Generation Network NNI Network-Network Interface PII Personally Identifiable Information PSTN Public Switch Telephone Network QoS Quality of Service SLA Service Level Agreement SNI Service Network Interface UNI User N
38、etwork Interface Rec. ITU-T Y.2705 (03/2013) 3 5 Conventions In this Recommendation: The initial letters of the term “Service Provider“ are capitalized in this Recommendation where “Service Provider“ refers to a public telecommunications service provider which is authorized to provide ETS (see claus
39、e 3.2.1). The keywords is required to indicate a requirement which must be strictly followed and from which no deviation is permitted if conformance to this document is to be claimed. The keywords is recommended indicate a requirement which is recommended but which is not absolutely required. Thus t
40、his requirement need not be present to claim conformance. The keywords is prohibited from indicate a requirement which must be strictly followed and from which no deviation is permitted if conformance to this document is to be claimed. The keywords can optionally indicate an optional requirement whi
41、ch is permissible, without implying any sense of being recommended. This term is not intended to imply that the vendors implementation must provide the option and the feature can be optionally enabled by the network operator/service provider. Rather, it means the vendor may optionally provide the fe
42、ature and still claim conformance with the specification. In the body of this Recommendation and its annexes, the words shall, shall not, should, and may sometimes appear, in which case they are to be interpreted, respectively, as is required to, is prohibited from, is recommended, and can optionall
43、y. The appearance of such phrases or keywords in an appendix or in material explicitly marked as informative are to be interpreted as having no normative intent. 6 Security threats and risks ETS communications may be targeted for cybersecurity attacks because of the critical nature of the communicat
44、ions. Refer to ITU-T E.107, ITU-T Y.2205 and b-ITU-T Q-Sup.57 for the definition of and information on ETS. The source of threats or malevolent actions intent on disrupting, misusing, manipulating or otherwise harming ETS could originate from a variety of sources including interconnected networks. F
45、or example, ETS may be targeted for cybersecurity attacks for reason such as to: disrupt the ability of disaster recovery personnel to communicate obtain sensitive information by eavesdropping on ETS calls/sessions. A threat is viewed as a security weakness or potential vulnerability that if exploit
46、ed may negatively affect the availability, integrity or confidentiality of ETS communications. This Recommendation focuses mainly on threats pertaining to network interconnection for ETS. Example threats relating to network interconnection include, but are not limited to: General interconnection thr
47、eat: security weaknesses or potential vulnerabilities associated with connecting the network (e.g., NGN) to other managed and unmanaged networks, such as the public Internet. Design and implementation threat: security weaknesses or potential vulnerabilities in the network interconnection architectur
48、e and implementation designs. Management, operational and insider threat: security weaknesses or potential vulnerabilities in the command and control functions for ETS and their underlying infrastructure. 4 Rec. ITU-T Y.2705 (03/2013) Transport and facilities threat: security weaknesses or potential
49、 vulnerabilities associated with the underlying transport network (e.g., routing, network duplication, diversity, resiliency), support systems (e.g., power, environmental) and the physical protection of network assets. 7 Reference architecture for ETS interconnection security This Recommendation relies on the functional architecture and network connectivity model defined in ITU-T Y.2012. Y.2705(13)_F01TerminalequipmentUsernetworksCorporatenetworksOther serviceprovidersOther