); IMS/NGN Security Testing and Robustness Network Testing (INT); IMS/NGN Security Testing and Robustness Benchmark Technical Report ETSI 2 ETSI TR 101 590 V1.1.1 (2013-03) Reference

  • View
    219

  • Download
    5

Embed Size (px)

Text of ); IMS/NGN Security Testing and Robustness Network Testing (INT); IMS/NGN Security Testing and...

  • ETSI TR 101 590 V1.1.1 (2013-03)

    IMS Network Testing (INT); IMS/NGN Security Testing and Robustness Benchmark

    Technical Report

  • ETSI

    ETSI TR 101 590 V1.1.1 (2013-03) 2

    Reference DTR/INT-00066

    Keywords robustness, security, testing

    ETSI

    650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE

    Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16

    Siret N 348 623 562 00017 - NAF 742 C

    Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88

    Important notice

    Individual copies of the present document can be downloaded from: http://www.etsi.org

    The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).

    In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat.

    Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at

    http://portal.etsi.org/tb/status/status.asp

    If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp

    Copyright Notification

    No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to reproduction in all media.

    European Telecommunications Standards Institute 2013.

    All rights reserved.

    DECTTM, PLUGTESTSTM, UMTSTM and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and

    of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association.

    http://www.etsi.org/http://portal.etsi.org/tb/status/status.asphttp://portal.etsi.org/chaircor/ETSI_support.asp

  • ETSI

    ETSI TR 101 590 V1.1.1 (2013-03) 3

    Contents

    Intellectual Property Rights ................................................................................................................................ 4

    Foreword ............................................................................................................................................................. 4

    1 Scope ........................................................................................................................................................ 5

    2 References ................................................................................................................................................ 5 2.1 Normative references ......................................................................................................................................... 5 2.2 Informative references ........................................................................................................................................ 5

    3 Definitions and abbreviations ................................................................................................................... 6 3.1 Definitions .......................................................................................................................................................... 6 3.2 Abbreviations ..................................................................................................................................................... 6

    4 Introduction to Robustness Testing .......................................................................................................... 7 4.1 Robustness testing in IMS .................................................................................................................................. 8

    5 Role of robustness testing in industry ...................................................................................................... 8 5.1 Drivers for security and reliability testing with network equipment .................................................................. 9 5.2 Drivers for security and reliability testing with converging networks and IP-based services ............................ 9 5.2.1 User plane traffic .......................................................................................................................................... 9 5.2.2 Consumer Premise Equipment (CPE) can pose a threat to core networks .................................................... 9 5.2.3 Control plane security and integrity ............................................................................................................ 10 5.3 Fuzzers as a hacker tool .................................................................................................................................... 10

    6 Characteristics of robustness testers and fuzzers .................................................................................... 11 6.1 What can be fuzz tested .................................................................................................................................... 12

    7 Model-based and Mutation-based fuzzing ............................................................................................. 12 7.1 Model-based Fuzzing - Robustness testing ...................................................................................................... 12 7.2 Mutation-based fuzzing .................................................................................................................................... 13

    8 Case study: Planning robustness testing for IMS service ....................................................................... 13 8.1 Attack Surface analysis primer ......................................................................................................................... 14 8.1.1 Technical Specifications ............................................................................................................................. 15 8.1.2 Scanning or Probing.................................................................................................................................... 15 8.1.3 Passive Monitoring ..................................................................................................................................... 15 8.1.4 On-host process and resource monitoring ................................................................................................... 16 8.1.5 Physical Properties ...................................................................................................................................... 16 8.1.6 Configuration .............................................................................................................................................. 16 8.1.7 User Interface .............................................................................................................................................. 17 8.2 Expected outcome of Attack Surface Analysis ................................................................................................ 17 8.3 Attack Surface Analysis for example architecture by studying the interfaces ................................................. 17 8.3.1 Interfaces and protocols .............................................................................................................................. 17 8.3.2 CVSS Scoring ............................................................................................................................................. 18 8.3.3 Scoring ........................................................................................................................................................ 19 8.4 Attack Surface Analysis conclusions and recommendations............................................................................ 19 8.4.1 Attack Surface Analysis as part of Threat Analysis .................................................................................... 19 8.4.2 Alternative perspectives on Attack Surface and Threat Analysis ............................................................... 19 8.4.3 Attack Surface Analysis of network equipment.......................................................................................... 19 8.4.4 Trust boundaries as Attack Surface ............................................................................................................ 20

    9 Test plans and certification ..................................................................................................................... 20 9.1 Robustness test plan ......................................................................................................................................... 20 9.2 Robustness certification ................................................................................................................................... 20

    10 Conclusions and further work ................................................................................................................ 21

    History .............................................................................................................................................................. 22

  • ETSI

    ETSI TR 101 590 V1.1.1 (2013-03) 4

    Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and ca