ITU-T Recommendation X.

805 Security Architecture for

Systems Providing End-to-End Communications

IETF 63 meeting

Zachary Zeltsan, Bell Laboratories, Lucent Technologies Rapporteur of Question 5 SG 17

Outline
Origin of the ITU-T Recommendation X.805 - Security Architecture for Systems Providing End-to-End Communications Three main issues that X.805 addresses Security Dimensions Security Layers Security Planes ITU-T X.805 Security Architecture ITU-T Recommendation X.805 as a base for security work in FGNGN Security Capability WG

Origin of the ITU-T Recommendation X.805

ITU-T Recommendation X.805 Security architecture for systems providing end-to-end communications had been developed by ITU-T SG 17 (ITU-T Lead Study Group on Telecommunication Security) and was published in October 2003. The group has developed a set of the well-recognized Recommendations on security. Among them are X.800 Series of Recommendations on security and X.509 -

Public-key and Attribute Certificate Frameworks.

Three main issues that X.805 addresses

The security architecture addresses three essential issues: 1. What kind of protection is needed and against what threats? 2. What are the distinct types of network equipment and facility groupings that need to be protected?

3. What are the distinct types of network activities that need to be protected?

ITU-T X.800 Threat Model (simplified)

1 - Destruction (an attack on availability): Destruction of information and/or network resources 2 - Corruption (an attack on integrity): Unauthorized tampering with an asset 3 - Removal (an attack on availability): Theft, removal or loss of information and/or other resources 4 - Disclosure (an attack on confidentiality): Unauthorized access to an asset 5 - Interruption (an attack on availability): Interruption of services. Network becomes unavailable or unusable

X
5

 Hn ch v iu khin vic truy nhp vo cc phn t mng, dch v v ng dng. V d: Mt khu, danh sch iu khin truy cp ACL, firewall Ngn chn kh nng ngi s dng no t chi hnh ng m h thc hin vo mng. V d: c ch ghi li s kin h thng, s dng ch k s.

iu khin truy nhp

Nhn thc ngi dng Chng minh trnh ph nhn Bo mt d liu m bo an ton Khi truyn d liu m bo tnh ton vn d liu

Nhn dng ngi s dng kim tra tnh ng n ca ngi s dng. V d: kho chia s, s dng h tng kho cng cng, ch k s, chng ch s.

m bo tnh b mt cho d liu ca ngi s dng V d: S dng mt m

m bo dng thng tin ch i t ngun n ch mong mun, cc im trung gian khng th truy nhp vo dng thng tin. V d: VPN, MPLS, L2TP
m bo cho ngi s dng hp l lun c th s dng cc phn t mng, cc dch v v cc ng dng V d: h thng pht hin / ngn nga truy nhp tri php (IDS / IPS)

m bo tnh kh dng

m bo rng d liu nhn c v c phc hi l ging vi d liu c gi i t ngun. V d: thut ton MD5, ch k s, phn mm chng Virus m bo tnh ring t cho nhn dng v vic s dng mng ca ngi s dng V d: NAT, s dng mt m
6

m bo tnh ring t

How the Security Dimensions Map to the Security Threats

Security Dimension Access Control X.800 Security Threats Destruction Corruption Removal Disclosure Interruption

Authentication

Non-Repudiation

Data Confidentiality Communication Security Data Integrity

Availability

Privacy

Security Layers
Concept of Security Layers represents hierarchical approach to securing a network Mapping of the network equipment and facility groupings to Security Layers could be instrumental for determining how the network elements in upper layers can rely on protection that the lower layers provide.

Three Security Layers

Applications Security

3 - Applications Security Layer:

THREATS
Destruction Corruption Removal Disclosure

Services Security
VULNERABILITIES

Vulnerabilities Can Exist In Each Layer

Infrastructure Security

Interruption

ATTACKS

Network-based applications accessed by end-users Examples: Web browsing Directory assistance Email E-commerce

1 - Infrastructure Security Layer:

Fundamental building blocks of networks services and applications Examples: Individual routers, switches, servers Point-to-point WAN links Ethernet links

2 - Services Security Layer:

Services Provided to End-Users Examples: Frame Relay, ATM, IP Cellular, Wi-Fi, VoIP, QoS, IM, Location services Toll free call services

Each Security Layer has unique vulnerabilities, threats Infrastructure security enables services security enables applications security

Example: Applying Security Layers to IP Networks

Applying Security Layers to IP Networks Infrastructure Security Layer Individual routers, servers Communication links Services Security Layer Basic IP transport IP support services (e.g., AAA, DNS, DHCP) Value-added services: (e.g., VPN, VoIP, QoS) Applications Security Layer Basic applications (e.g. FTP, web access) Fundamental applications (e.g., email) High-end applications (e.g., e-commerce, e-training)

10

Security Planes
Concept of Security Planes could be instrumental for ensuring that essential network activities are protected independently (e.g. compromise of security at the Enduser Security Plane does not affect functions associated with the Management Security Plane). Concept of Security Planes allows to identify potential network vulnerabilities that may occur when distinct network activities depend on the same security measures for protection.

11

Three Security Planes

Security Layers Applications Security

THREATS
Destruction

1 - End-User Security Plane:

Access and use of the network by the customers for various purposes: Basic connectivity/transport Value-added services (VPN, VoIP, etc.) Access to network-based applications (e.g., email)

Services Security
VULNERABILITIES

Corruption

Removal
Disclosure

Vulnerabilities Can Exist In Each Layer and Plane

Interruption

Infrastructure Security

ATTACKS
End User Security

Security Planes

Control/Signaling Security Management Security

3 - Management Security Plane:

The management and provisioning of network elements, services and applications Support of the FCAPS functions

2 - Control/Signaling Security Plane:

Activities that enable efficient functioning of the network Machine-to-machine communications

Security Planes represent the types of activities that occur on a network. Each Security Plane is applied to every Security Layer to yield nine security Perspectives (3 x 3) Each security perspective has unique vulnerabilities and threats 12

Example: Applying Security Planes to Network Protocols

End User Security Plane
Activities End-user data transfer End-user application interactions Protocols HTTP, RTP, POP, IMAP TCP, UDP, FTP IPsec, TLS

Control/Signaling Security Plane

Activities
Update of routing/switching tables Service initiation, control, and teardown Application control

Protocols
BGP, OSPF, IS-IS, RIP, PIM SIP, RSVP, H.323, SS7. IKE, ICMP PKI, DNS, DHCP, SMTP

Management Security Plane

Activities Operations Administration Management Provisioning Protocols SNMP Telnet FTP HTTP
13

ITU-T X.805: Security Architecture for Systems Providing End-to-End Communications

Security Layers Lp an ninh Lp an ninh ng dng Applications Security

m bo tnh ton vn d liu Integrity

minh trnh ph Chng Non- repudiationnhn

iu khin truy cp Access Management

Communicationthng tin An ton truyn Security

Mi e da
Ph hy

Nhn thc ngi dng Authentication

Data Confidentiality Bo mt dc liu

Tnh kh dng Availability

Tnh ring t Privacy

Cc l hng
C th tn ti mi lp, mi mt phng an ninh

Lp an Security Servicesninh dch v

Lm sai lch

Xa Lm l Lm gin on

Lp Infrastructureh tng an ninh c s Security

Tn cng

Mt User Security End phng an ninh ngi dng Mt phngPlanes Security an ninh Mt phng an ninh iu khin Control/Signaling Security Mt phng an ninh qun l Management Security

8 Gii php an ninh

14

Modular Form of X.805

Lp c s h tng Mt phng qun l Mt phng iu khin Mt phng ngi s dng
Module 1

Lp dch v
Module 4

Lp ng dng
Module 7

Module 2

Module 5

Module 8

Module 3

Module 6

Module 9

iu khin truy cp

An ton truyn thng

Qun l mng: top row Dch v mng: middle column Module an ninh: Giao im lp vi mt phng

Nhn thc Trnh ph nhn

Ton vn d liu Tnh kh dng

Bo mt d liu

Tnh rieng t

8 bin php an ninh c p dng vo mi module an ninh

Provides a systematic, organized way for performing network security assessments and planning

15

Module 3 Infrastructure Layer EndUser Plane

Security Dimension
Access Control

Security Objectives
Ensure that only authorised personnel or devices are allowed access to end-user data that is transiting a network element or communications link or is resident in an offline storage device. Verify the identity of the person or device attempting to access end-user data that is transiting a network element of communications link or is resident in an offline storage device. Authentication techniques may be required as part of Access Control.

Authentication

Non-Repudiation Data Confidentiality Communication Security

www.lucent.com/security

Provide a record identifying each individual or device that accessed end-user data that is transiting a network element or communications link, or is resident in offline devices and that the action was performed. The record is to be used as proof of access to end-user data. Protect end-user data that is transiting a network element or communications link, or is resident in an offline storage device against unauthorised access or viewing. Techniques used to address access control may contribute to providing data confidentiality for end-user data. Ensure that end-user data that is transiting a network element or communications link is not diverted or intercepted as it flows between the end points (without an authorised access) Protect end-user data that is transiting a network element or communications link or is resident in offline storage devices against unauthorised modification, deletion, creation and replication. Ensure that access to end-user data resident in in offline storage devices by authorised personnel and devices cannot be denied. Ensure that network elements do not provide information pertaining to the end-users network activities (eg. Users geographic location, websites visited, content etc.) to unauthorised personnel.

Data Integrity Availability Privacy

16

Summary: X.805 Provides a Holistic Approach to Network Security

Comprehensive, end-to-end network view of security Applies to any network technology Wireless, wireline, optical networks Voice, data, video, converged networks Applies to variety of networks Service provider networks Enterprise (service providers customer) networks Government networks Management/operations, administrative networks Data center networks Is aligned with other security ITU-T Recommendations and ISO standards

17

ITU-T Recommendation X.805 is a Base for Security work in FGNGN Security Capability WG
Guidelines for NGN security and X.805
NGN threat model (based on ITU-T X.800 and X.805 Recommendations) Security Dimensions and Mechanisms (based on ITU-T X.805)
Access control Authentication Non-repudiation Data confidentiality Communication security Data integrity Availability Privacy

NGN security requirements for Release 1 and X.805

General considerations based on the concepts of X.805

18

Acronyms
AAA ACL BC Authentication, Authorization, Accounting Access Control List Business Continuity L2TP NAT PIM PKI POP QoS RIP RTP SIP Layer Two Tunneling Protocol Network Address Translation Protocol-Independent Multicast Public Key Infrastructure Post Office Protocol Quality of Service Routing Information Protocol Real-time Transport Protocol Session Initiation Protocol MPLS Multi-Protocol Label Switching OSPF Open Shortest Path First ATM Asynchronous Transfer Mod BGP Border Gateway Protocol DHCP Dynamic Host Configuration Protocol DNS DR Domain Name Service Disaster Recovery

FCAPS Fault-management, Configuration, Accounting, Performance, and Security FTP File Transfer Protocol HTTP Hyper Text Transfer Protocol ICMP Internet Control Message Protocol IDS IKE IM IPS Intrusion Detection System Internet Key Exchange protocol Instant Messaging Intrusion Prevention System

RSVP Resource Reservation Setup Protocol

SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SS7 TCP Signaling System 7 Transmission Control Protocol

IMAP Internet Message Access Protocol IPsec IP security (set of protocols) IS-IS Intermediate System-to-Intermediate System (routing protocol)

TLS
UDP VoIP VPN

Transport Layer Security protocol

User Datagram Protocol Voice over IP Virtual Private Network

19

Thank you!

20