Upload
blaise-skinner
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Overview and System Security to Security Testing
Company: NEC CorporationAuthor(s): Anand R. Prasad,
Chairman Security & Privacy Working GroupContact: [email protected]: DiscussionDocument#: GISFI_SP_201206244
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Purpose
• Start relationship between mobile operators and GISFI
• This workshop on network security requirements is to – Share initial information and– Bring common understanding
• Next step is to have regular meetings and/or workshops– Preferably during GISFI meetings– Separately, just before or after a GISFI meeting
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
GISFI Security & Privacy WG
Tasks• Work on security, privacy,
legal intercept and algorithms
• Perform threat analysis and identify requirements
• Develop – recommendations
regarding the above– security and privacy
solutions– legal intercept solutions
• Bring Indian requirements to international bodies
Activities• Network security testing
requirements of India• Proposed new topics
– Identity management– Unsolicited communication– Child security in cyber
space
• Inter-WGs– Internet-of-things– Service Oriented Networks– Future Radio Networks
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Security Testing Requirements• Companies should fulfill ISO 27k
security guidelines• Highest level of security from design,
development, deployment, maintenance to running of all comm. products and networks
• Security testing of all products and network based on Indian guidelines set as per Common Criteria (ISO 15408) where testing: – performed by Indian labs from 1 April 2013 onwards – yearly– labs will be accredited by Indian government– test result will be certified by Indian government– only “type” testing will be done
• Products/network should fulfill Indian security requirements, implementation should comply with common security considerations and implemented as per standard specification (e.g. 3GPP)
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Impacts and Gaps
Impact of requirements• Technical skills growth• Security awareness• Vendors will see delay in
sales and increase in product cost
• Operator cost will increase impacting rural deployment
• Potential trade impact
Gaps• Lab: Accreditation and certifi
cation method• Common criteria
– CC level– PP & STs – certify? who?
• Specification details• Relation with CCRA, 3GPP e
tc.• Acceptable level of risk• Define safe to connect• How to test existing network
CC: Common CriteriaPP: Protection ProfileST: Security Target
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Testing Related
• Duration of testing: Longer time to wait will impact business• Periodicity of testing: Given product can have monthly software or
firmware update• Timing of testing: Before purchase will mean impact on vendors
while after purchase could mean issues for operators/service providers
• Volume of testing, number of points: Type approval, extent/depth of testing to be performed and level of value-chain to be touched
• Human resource: Initially sufficient people will not be available to perform security tests. Steps to perform test and develop resources should be a concern
• Cost of testing: Cost of testing will lead to impact on market.• Responsibility of accidents: Vendors pay for the accidents due to
certified products? Security threats / attacks are maturing with time thus there should be consideration from long-term perspective
• Confidentiality and intellectual property: How can the testing “person” be certified? Also issue regarding escrow.
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
S&P Work Item
Following deliverables are expected:• Requirement analysis and proposals• (Framework) Complete security together with
terminology definitions and proposals• Policy study and proposals• Security architecture in mobile communication
systems: Comparison and proposals for India• Monitoring• Proposals for security testingPlanning to liaise with 3GPP and CCRA
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Market Trend: Over-The-Top Services (OTT) and Cyber Attacks
Over-the-top services
NodeB
WLAN AP
X-CSCFHSS/AAA
RNC
PDG
MSC xGSN
eNodeB
H(e)NBGW
H(e)NB
MME S/PGW
Advertisement
1.OTT is the killer app Impact:
-Loss of profit source and no new source of profit
- Increase in CAPEX & OPEX
Market trend : Moving towards services Mobile operator becoming part of “the
Internet” OTT services is the killer app Cyber attack is increasing
2.Cyber attacks is increasing Impact:
- Increase in CAPEX & OPEX- Dissatisfied customers
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Security Considerations
Over-the-top services
NodeB
WLAN AP
X-CSCFHSS/AAA
RNC
PDG
MSC xGSN
eNodeB
H(e)NBGW
H(e)NB
MME S/PGW
1.Overloading of network (DoS / DDoS)
Overloading network with botnets, malware, home made terminals etc.
2.Finding network topology (privacy)3.Network element attacks4.Protocol attack5.Subscriber privacy issues6.Fraudulent charging
Analyzing network to find network topologyAttacking specific network elements
Protocol weaknesses used to perform attack
OAM attack, spoofing etc. used to get subscriber private data and cause fraudulent charging
Several attacks are possible on mobile network
Newer services bring new business opportunities and also threats
Complete system security consideration is necessary
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Mobile Systems Security ComparisonGSM GPRS UMTS SAE/LTE
Security services CipheringUser authenticationEquivalent to wired
CipheringUser authentication
Ciphering & integrityMutual auth.
Ciphering & integrityMutual auth.
Authentication Authentication: 3 values UMTS-AKA: 5 values EPS-AKA: 5 values
Keys Derivation of a ciphering key after auth. Derivation of CK & IK Separate keys for each purpose
Key length Shared key 128 bits for authenticationDerived 64 bits out of which 54 used for ciphering
Shared key 128 bits for authenticationDerived 64 bits for ciphering
128 bits 128 bits
Key handling Changed on authentication Changed on each handover & more
Algorithm A5/1 / 2 /3; specification is confidential. A5/3 is based on Kasumi
GPRS Encryption Algorithm (GEA):GEA0, GEA1, GEA2 and GEA3
Kasumi from Rel. 4 SNOW 3G, AES and ZUC
Security end-point BTS SGSN RNC / SGSN eNB for UP & RRCMME for NAS
Network security None None initially MAPsec and IPsec IPsec
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Designing Security
• Determine the assets• Determine the threats and risks to each asset set
security requirements• Design and implement
countermeasures for the threats and residual risks economical
• Monitor, manage and update the implementation
• Deter, detect and react against any attack
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Common Criteria Testing
PP ST Documentation
Design Review
Code Review
Product Test
Certification
9 ~ 24 months
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
SecurityTest Lab
SecurityTest Lab
Accreditation & Certification
TEC/DOT & CCRA,3GPP
SecurityTest Lab
Vendors /Operators
1.Vendors/operators request security testing
0.Security test labs accredited by CCRA taking care of Indian needs as per TEC
2.Send security test results for certification
3.Result: Certified or not certified
4.Result: Certified or not certified
CCRA: Common Criteria Recognition ArrangementDOT: Department of TelecommunicationsTEC: Telecommunications Engineering Centres
GISFI_SP_201206244 Operator-GISFI Workshop22 June, 2012
Finally
• A balance need to be found between what is needed and what can be done regarding the Indian national security requirements– Should be acceptable to all, particularly operators
• Current national requirements have gaps• GISFI is working on several topics related to
security testing requirements• GISFI proposes Indian mobile operators to work
together on network security testing requirements