Update on ETSI Security work

1
Update on ETSI Security work

• Charles Brookson
• OCG Security Chairman

Submission DateJune 27, 2008
2
OCG Security (1)

• Operational Co-ordination Sub-Group on Security
• Horizontal co-ordination structure for security
  issues
• Ensuring security is properly considered in each
  ETSI Technical Body (TB)
• Detecting any conflicting or duplicate work
• Participation
• TBs are free to nominate Members to participate
  in the work of the group
• Working methods
• Via email
• When necessary co-sited joint security
  technical working meetings
• Issues sent to SECsupport_at_etsi.org
• Mailing list OCG_SECURITY_at_LIST.ETSI.ORG

3
OCG Security (2)

• Security Workshop
• ETSI holds an annual security workshop. The 3rd
  Workshop held in January this year was well
  attended, and details can be found on many
  security issues at http//portal.etsi.org/security
  workshop/
• The next workshop is scheduled for 13th and 14th
  January 2009 in Sophia Antipolis, and
  contributions are welcome.
• White Papers
• The latest edition of our Security White and
  Product Proofing papers giving information and
  all security activities can be found at
  http//www.etsi.org/WebSite/technologies/WhitePape
  rs.aspx
• The Security White paper is in the process of
  being updated and a new edition will be published
  later this year.

4
ETSI Committees per Security Areas
Mobile/Wireless
Algorithms
Emergency Telecommunications
SES
MESA
SecurityAlgorithms Group of Experts (SAGE)
2G/3G Mobile3GPP
EMTEL
DECT
TETRA
LawfulInterception(LI)
Mobile Commerce
AT
Next GenerationNetworks(TISPAN)
ElectronicSignatures(ESI)
SmartCardPlatform(SCP)
Fixed and Convergent Networks
Information TechnologyInfrastructure
Smart Cards
ETSI is a founding partner for this partnership
project Closed Committee
5
TETRA

• TErrestrial Trunked Radio
• Mobile radio communications
• Used for public safety services
• Security features include
• Mutual Authentication
• Encryption
• Anonymity

6
Mobile Security

• IMEI (International Mobile Equipment Identity)
• Protection against theft
• Physical marking of the terminal
• Blacklisted by operator if stolen
• FIGS (Fraud Information Gathering System)
• Monitors activities of roaming subscribers
• Home network informed
• Fraudulent calls identified terminated
• Priority
• Public safety service
• Allows for high priority access
• Location

7
Algorithms

• ETSI is a world leader in creating cryptographic
  algorithms and protocols to prevent fraud and
  unauthorised access to ICT and broadcast
  networks, and to protect customers privacy
• ETSI SAGE (Security Algorithm Group of Experts)
• Centre of competence for algorithms in ETSI
• Algorithms for
• DECT
• GSM, GPRS, EDGE
• TETRA
• UMTS

8
Smart Card Standardization

• ETSI Smart Card Standardization
• ETSI Technical Committee Smart Card Platform (TC
  SCP)
• GSM SIM Cards among most widely deployed smart
  cards ever
• Work extended with UMTS USIM Card and UICC
  Platform
• Current challenges
• Expand the smart card platform
• Implement Extensible Authentication Protocol
  (EAP) in Smart Cards
• Allow users access to global roaming
• UICC platform in secure financial transactions
  over mobile communications systems

9
Lawful Interception

• Delivery of intercepted communications to Law
  Enforcement Authorities
• To support criminal investigation
• To counter terrorism
• Applies to any data in transit
• ETSI Technical Committee LI
• defines the Handover interface
• from the Operator to the Law Enforcement
  Authorities

10
Data Retention

• Data generated/processed in electronic
  communications services need to be retained
• Required by EC since 2006 (Directive 2006/24/EC)
• Retention of Data is similar to LI
• Concerns stored traffic, rather than traffic in
  transit (LI)
• ETSI TC LI currently working on three
  deliverables
• Requirements
• Specification for Handover interface
• Security framework in Lawful Interception and
  Retained Data environment

11
Electronic Signatures

• ETSI and CEN co-operation on the European
  Electronic Signature
• Goal provide Europe with a reliable electronic
  signatures framework
• Enabling electronic commerce
• Supporting eSignature EC Directive
• Current challenges
• eInvoicing
• Registered EMail (REM)
• International collaboration
• Certificate Policy mapped and aligned with US
  policy
• XML Signature Standard adopted in Japan

12
Future Challenges

• ETSI addressing a number of areas
• Issues on security are still open
• Security Metrics
• RFID Security and Privacy
• ETSI is ready to address these challenges
• Supporting its Members
• Following its Members requirements
• Collaborating with other SDOs