Implementation of Universal Global Trusted Service Provider Identity (Trusted SPID)

Similar documents
ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17

The identity management (IdM) ecosystem: minding the gaps

INTERNATIONAL TELECOMMUNICATION UNION

Overview ENUM ENUM. VoIP Introduction (2/2) VoIP Introduction (1/2)

THE WORLD IS MOVING FAST, SECURITY FASTER.

The SIEM Evaluator s Guide

SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Security protocols

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

How To Manage Security On A Networked Computer System

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

Into the cybersecurity breach

GEARS Cyber-Security Services

Connect C CURE 9000 with dozens of applications for a holistic business-empowering, all inclusive solution

future data and infrastructure

U. S. Attorney Office Northern District of Texas March 2013

Charter of Consumer Rights in the Digital World

CONSULTATION. National Numbering Plan Review. A short Consultation issued by the Telecommunications Regulatory Authority 28 August 2007

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES

Regional Seminar on Cyber Preparedness ITU s work in Cybersecurity and Global Cybersecurity Index (GCI)

Best Practices for Outdoor Wireless Security

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Microsoft s cybersecurity commitment

Cyber security Country Experience: Establishment of Information Security Projects.

The FBI and the Internet

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Lith Networking and Network Marketing Safety

AUSTRALIAN COMMUNICATIONS AUTHORITY CALL FOR EXPRESSIONS OF INTEREST FOR A TIER 1 REGISTRY OPERATOR FOR THE AUSTRALIAN TRIAL OF ENUM

Internet Reputation Management Guide. Building a Roadmap for Continued Success

ENUM: an Enabler for VoIP and Next Generation Services

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

The Convergence of IT Security and Physical Access Control

Fostering Incident Response and Digital Forensics Research

INTERNATIONAL TELECOMMUNICATION UNION

BIG DATA. Shaun McLagan General Manager, RSA Australia and New Zealand CHANGING THE REALM OF POSSIBILITY IN SECURITY

Provide access control with innovative solutions from IBM.

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

Log Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security

Nine Steps to Smart Security for Small Businesses

Seamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.

Draft WGIG Issues Paper on E-Commerce

The evolution of data connectivity

The Next Generation Security Operations Center

National Cybersecurity & Communications Integration Center (NCCIC)

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

By Authority Of THE UNITED STATES OF AMERICA Legally Binding Document

Computer Crime & Security Survey

Promoting Cross Border Data Flows Priorities for the Business Community

CESG Certification of Cyber Security Training Courses

DOC NO: INFOSOC 52/14 DATE ISSUED: June Resolution on the open and neutral Internet

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Egyptian Best Practices Securing E-Services

Who s Doing the Hacking?

The Cisco and Pelco Industrial Wireless Video Surveillance Solution: Real-Time Monitoring of Process Environments for Safety and Security

NOS for Network Support (903)

A Telephone Domain Name System (T-DNS) for Internet Telephony Service at All IP Network

Cyber Security for SCADA/ICS Networks

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

Planning and Maintaining a Microsoft Windows Server Network Infrastructure

Cybersecurity for ALL

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES

The Growth of the European Cybersecurity Market and of a EU Cybersecurity Industry

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Log Management for the University of California: Issues and Recommendations

The Sophos Security Heartbeat:

Cyber Security and Privacy - Program 183

Getting real about cyber threats: where are you headed?

Patching & Malicious Software Prevention CIP-007 R3 & R4

Zscaler Internet Security Frequently Asked Questions

Technology Blueprint. Protect Your . Get strong security despite increasing volumes, threats, and green requirements

CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency

The Convergence of IT Security and Physical Access Control

isheriff CLOUD SECURITY

IMPROVING VULNERABILITY MANAGEMENT EFFECTIVENESS WITH APPLICATION SECURITY MONITORING

Cyber Security Recommendations October 29, 2002

CERT.AZ description as per RfC 2350

Protecting Your Organisation from Targeted Cyber Intrusion

Transcription:

V1.0 Implementation of Universal Global Trusted Service Provider Identity (Trusted SPID) Tony Rutkowski mailto:trutkowski@verisign.com Co-editor, ITU-T Rec X.idmreq ITU HLEG member International Telecommunication Union

Trusted-SPID is like doing a fingerprint check on the identity of a Service Provider Service Provider = everyone except end users

Why? Historically, the Service Provider trust that is essential for network security was provided by closed, fixed networks operating under substantial domestic and international regulatory regimes During the past decade open public networks (e.g., Internet), wireless, globalization, smart terminal devices, application providers, and a shift away from legacy regulatory regimes occurred rapidly without the development of any kind of underlying global service provider trust infrastructure The lack of a Service Provider trust infrastructure has contributed significantly to the operations, settlements, security and infrastructure protection problems that adversely affect consumers, providers, and government the abuses will likely continue to increase exponentially without effective Service Provider identity trust remedies

Signalling security Traffic exchange and settlements (eliminating Phantom Traffic) Roaming settlements Content IPR protection; control and fee settlement Access of content/application providers to traffic termination providers Threat management; incident response trust capabilities Federation interoperability; provider bridging capabilities Provider Use Cases T-SPID is used among providers to control access to signalling and OA&M resources T-SPID is used among providers to manage traffic peering and termination security and settlements T-SPID is facilitate roaming setup and settlements T-SPID is used to enable content provider so protect and collect for their IPTV and music programmes T-SPID is used to facilitate access of content and application providers to transport termination capabilities T-SPID is used to defend against network attacks; do tracebacks; participate in CERTs T-SPID is used to facilitate federation use and interoperation; provider bridging

Consumer Use Cases Access trust Transaction trust Protection against identity theft Protection of Personally Identifiable Information Disability assistance Preventing unwanted intrusions Universal Caller/ Sender ID T-SPID enables nomadic end user to know the identity and trust of a local access Service Provider T-SPID enables an end user to know the identity and trust of a transaction Service Provider T-SPID enables an end user to know the identity and trust Service Provider to evaluate potential identity theft T-SPID enables an end user to know the support levels for PPII (i.e., privacy) offered by the Service Provider T-SPID enables an end user to know the level of disability assistance supported by the Service Provider T-SPID enables SPAM/SPIT reduction T-SPID enables the ability of end users to access accurate identity information of callers; call harassment and stalking

Government Use Cases Government networks Critical infrastructure protection Emergency telecommunication services Law enforcement forensics Public safety services Universal Service contributions Number resource allocations Network Neutrality T-SPID is used by agencies to constitute their own global networks T-SPID is used to protect critical national communications and SCADA infrastructure T-SPID is used to enable ETS during disasters T-SPID is used to enable the production of criminal evidence T-SPID is used to enable users to reach emergency call centers or government to send emergency alerts T-SPID is used to facilitate collection of Universal Service contributions T-SPID is used to manage allocation of telephone numbers, IP addresses, Signalling Point Codes, etc T-SPID is used to enable fair, protected use of transport services

What is required? A universal global ability to achieve some trust level in a Service Provider s identity in today s complex network and service environment essential to achieve increased cybersecurity constitutes a special Identity Management implementation known as Trusted Service Provider Identity (SPID) Trusted SPID necessitates a universally recognized, globally unique identifier (a kind of call-sign) for each provider combined with the ability to allow instant interoperable discovery and lookup of identity trust resources associated with the provider Trusted SPID enables other providers and users to make trust decisions when relying on a provider s identity and assertions in any context or situation Governmental and Intergovernmental action Historically a basic role of the ITU Unlikely to occur without governmental support

How? Trusted SPID implementations must be decentralized, and sufficiently flexible and technology neutral to accommodate different network, application, provider and user contexts to meet diverse provisioning environments worldwide to avoid adverse effects on innovation or competition Although many different legacy and specialized service provider identifiers and platforms exist today, none meet these requirements Specialized to particular uses and individual national agencies or industries, and not universal Not interoperable Not extensible Not available for on-line queries Implementation of a Trusted SPID platform seems essential to meet the requirements Before SG17 via Q.6 and Q.10 at the current meeting

Trusted SPID Components Operations Publication Unique SPID Identifier Assignment + Trust Information Submission Rapid Resolution of Unique SPID Identifier to Trust Information Publication of Trust Information Templates Publication of Trust Assessment Templates Slow Search for SPID Identifier Trust Information

Trusted SPID Registration Service Provider request to register T-SPID Registration Authority complete these templates completed templates Trust Information Templates SPID Identifier assigned Fast Resolve r Template information placed into Systems Slow Search

Service Provider XYZ Trusted SPID Use (When the SPID Identifier is known) Identity & permission assertions Relying Party T-SPID Registration Authority Fast Resolver Request authoritative SPID information for XYZ Here is SPID information for XYZ Create Query Trust Information Request(s) for XYZ Identity Resources Create Queries Trust Assessment Templates Action based on identity & permission assertions Trust Analysis

Trusted SPID Identifier Search (When the SPID Identifier is not known) Relying Party T-SPID Registration Authority Slow Search Capability What is SPID Identifier for [Service Provider] Here is Identifier for [Service Provider] Create Query

Leverage what exists Trusted SPID requirements can be readily implemented on many different platforms A reliable public infrastructure requires robust platforms An ideal candidate is found in the past seven years of work on ENUM and ONS ENUM provides service information associated with E.164 number ONS provides identity of an object associated with an EPCglobal Universal Product Code Platform can be configured for protected universal open use and performance capabilities All of the standards can easily adapted and used by ITU-T All of the running code can be easily adapted by implementers Everything is open source with no intellectual property constraints Incents an existing developer community to produce new SPID trust applications

Potential Implementations (Reference Doc. C-286) A structured numerical ITU-ISO joint OID arc (domain) {2.28} optimised for rapid resolution. See X.spid-ident (C-285), F.spid, (C284) Model after ENUM/ONS (Future SG17 work) Model after IRIS (Future SG17 work) XML Schema (Future SG17, OASIS work) PKI certificates, governmental & industry databases, reputation information

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information