ITU-T X.805 based Vulnerability Analysis Method for Security Framework of End-to-End Network Services



Similar documents
Next Generation Networks architecture by ITU-T

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

ITU-T Y General overview of NGN

Introduction of Information Security Research Division

ITU-T Kaleidoscope Conference Innovations in NGN. Managing NGN using the SOA Philosophy. Y. Fun Hu University of Bradford

Overview of the Internet of things

IP Telephony and ENUM

Regulation of New Technologies: IP Telephony and Next Generation Networks

Next Generation 112 Explained

Strategy. 1 Humanism in the Digital World. Ministry of Information and Communication, Republic of Korea

M2M Service Platform to Support Carrier Cloud

This document is a preview generated by EVS

ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17

Draft ITU-T Recommendation X.805 (Formerly X.css), Security architecture for systems providing end-to-end communications

Regulatory Approaches to Next Generation Networks: An International Comparison

Broadband Networks Virgil Dobrota Technical University of Cluj-Napoca, Romania

Wireless Security Architecture

Compliance Risk Assessment Measures of Financial Information Security using System Dynamics

A business view for NGN service usage

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Mobile Wireless Overview

PARAMETERS TO BE MONITORED IN THE PROCESS OF OPERATION WHEN IMPLEMENTING NGN TECHNICAL MEANS IN PUBLIC TELECOMMUNICATION NETWORKS

Voice over Internet Protocol (VOIP) By: Ahmed Said Mahmoud Supervisor: Prof.Dr. Shawkat K.Guirguis

Requirements and Service Scenarios for QoS enabled Mobile VoIP Service

Hansuk Kim, Ph.D. SVP, Global Business October 2004

End-to-End QoS Monitoring Tool Development and Performance Analysis for NGN

An Architecture for Home-Oriented IPTV Service Platform on Residential Gateway

NTT s challenge: create new business on the NGN

IoT/M2M standardization activities in ITU T. Yoshinori Goto, NTT

Society, Law Enforcement and the Internet

A Model-based Methodology for Developing Secure VoIP Systems

Business case for NGN. Arunabha Mukhopadhyay IIM Lucknow

VOICE OVER IP SECURITY

Security issues in Voice over IP: A Review

SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Security

Chapter 2 PSTN and VoIP Services Context

Inter-Domain QoS Control Mechanism in IMS based Horizontal Converged Networks

OECD Policy Guidance on Convergence and Next Generation Networks

Internet of Things (IoT): A vision, architectural elements, and future directions

Service Delivery Platforms for Network Operators

How to Measure Network Performance by Using NGNs

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification

Plans and Strategies for UBcN Networks and Services

How To Test A Robot Platform And Its Components

A Systemfor Scanning Traffic Detection in 3G WCDMA Network

A Phased Framework for Countering VoIP SPAM

Context-Aware Role Based Access Control Using User Relationship

Network Management Architectures for Broadband Satellite Multimedia Systems

Architecture and Technologies for HGW

3-12 Autonomous Access Control among Nodes in Sensor Networks with Security Policies

The need for bandwidth management and QoS control when using public or shared networks for disaster relief work

Threats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security

Information Systems and Electronic Communications in Logistics Management

Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information

Bachelor of Information Technology (Network Security)

Regional Development Forum for Africa /5/2009 Lusaka (Zambia) Broadband Wireless Infrastructure & IPv6 Issues.

COPYRIGHTED MATERIAL. Contents. Foreword. Acknowledgments

Cisco Advanced Services for Network Security

How To Protect Your Network From Attack From A Network Security Threat

Secure Networks for Process Control

IT Security. Securing Your Business Investments

Measurement of V2oIP over Wide Area Network between Countries Using Soft Phone and USB Phone

Firewall and VPN Investigation on Cloud Computing Performance

An Evaluation of Architectures for IMS Based Video Conferencing

Cisco Satellite Services Platform Delivering Managed Services over Satellite

NETCONF-based Integrated Management for Internet of Things using RESTful Web Services

Section 6-Functional Requirements for IEEE m

Service Quality Assessment in All-IP Networks

2.3GHz Portable Internet (WiBro) for Wireless Broadband Access

RESILIENCE IN CONVERGED NETWORKS GOOD PRACTICE GUIDANCE

A Road Map on Security Deliverables for Mobile Cloud Application

Nokia Networks. security you can rely on

TUSKEGEE CYBER SECURITY PATH FORWARD

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

UIIPA - Security Risk Management. June 2015

International Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015

The Experimental Practices of VoIP Based on the Commercial Softswitch Device

International Telecommunication Union. ITU Internet Report 2006 SUMMARY

Alcatel-Lucent Services

A Study on Countering VoIP Spam using RBL

Agile Information Security Management in Software R&D

Transcription:

ITU-T X.805 based Vulnerability Method for Security Framework of End-to-End Network Services YOUNGDUK CHO YOOJAE WON BYONGJIN CHO Information Security Technology Division Korea Information Security Agency 78, Garak-Dong, Songpa-Gu, Seoul, Korea 138-803 KOREA Abstract: - This paper proposes a ITU-T X.805 based Vulnerability Method for developing Security Framework of NGN infrastructure and services. It is derived from ITU-T X.805 and security consulting methods. It provides a holistic approach and a systematic vulnerability analysis view of security model for new network infrastructure and services. As a further works, we will apply this methodology to new emerging network infrastructures and services. Key-Words:- ITU X.805, Vulnerability, Security Framework 1. Introduction NGN(Next Generation Network) is a packet-based network which is able to provide telecommunication services and able to make use of multiple broadband, QoS-enabled transport technologies and in which service-related functions are independent from underlying transportrelated technologies. It offers unrestricted access by users to different services providers. With growth of NGN, new multiple network services is toward converging. But broadband convergence network like NGN is expected that a threat effect is considerably enormous extended over a network to overall connected networks. So, security should implement before constructing of new infrastructures and services in networks. But it is important that the existing network security concept is not robust to adapt to the convergence networks, which is a complex set of multi-infrastructures and services. Also, quality of service related to trade off services performance is increasingly more valuable than ever. For example, if a person using a Internet telephony software in a wireless broadband internet terminal connects a another person using a telephone in PSTN, the person goes through wireless network, Internet, and PSTN. Generally the person has to be controlled doubly the security mechanisms of network itself. Multi-level security facilities and activities often have become a critical services degrade in this situation. However, the Reference architecture of ITU-T X.805 is useful tool to comprehend a complex set of network infrastructures and services. The reference architecture addresses security concerns for the management, control, and use of network infrastructure, services, and applications. The reference architecture provides a comprehensive, top-down, end-to-end perspective of network security and can be applied to

network elements, services, and applications in order to predict, detect, and correct security vulnerabilities. 2. Related Work In this section, we provide the vulnerability analysis method that derived consulting methods such as BS7799, IT protection manual and so on. layer has unique vulnerabilities, threats, and mitigations. Security Planes represent the types of activities that occur on a network, which are (1) Management security plane, (2) Control security plane, (3) End-User security plane. Each security plane is applied to every security layer to yield nine security perspectives. Each security perspective has unique vulnerabilities and threats. Security Dimension is a set of security measures designed to address a particular aspect of the network security. Security Dimensions are 8 sets (1) Access control, (2) Authentication, (3) Nonrepudiation, (4) Data confidentiality, (5) Communication flow security, (6) Data integrity, (7) Availability, (8) Privacy. 8 Security Dimensions applied to each security perspective. Fig.1 shows Reference Architecture for end-to-end network security of ITU-T X.805. (figure from ITU- T X.805) Fig. 1 Reference Architecture for End-to- End Network Security(source from ITU-T X.805) The X.805 is a standard specification of developing in security model of ITU-T FG-NGN. The X.805 has 3 architectural components Security Dimensions, Security Layers and Security Planes. Security Layers are a hierarchy of equipment and facilities groupings, which are 3 layers: (1) Infrastructure security layer, (2) Services security layer, (3) Application security layer. Each security Fig. 2 Modular Form of X.805 (source from ITU-T X.805)

Fig.2 shows provides a systematic, organized way of performing network security assessments and planning. This is the best merits of X.805. The usage of Security Consulting method is to analysis the risk assessment of specific organization. Risk assessment methods are BS7799, OCTAVE(Operationally Critical Threat, Asset and Vulnerability Evaluation), ISO 13335 GMITS(Guidelines for the management of IP security), and so on. Fig.3 is a general procedure of these methods. analysis model is useful of applying to any network technology and any scope of network function. Fig. 4 tells that the proposed method is similar to security consulting method. But, this is focused in discriminating protection target, especially multi-facet network infrastructures and services. Target of Infrastructures and services Discriminating security target Threat analysis By Security Layers Infrastructure/Service/Application Layer By Security Planes Management/Control/End-user Plane Asset Threat Vulnerability Vulnerability analysis Security Objectives & Requirements ITU-T X.805,ISO 18028 Reference Security Architecture 적용 Security Objectives by security dimensions Access control, Authentication, Non-repudiation, Data confidentiality, Communication flow security, Data integrity, Availability, Privacy Risk analysis Deriving Security Measures Correlation analysis between security measures Using Technology Tree Security Framework for Network Infrastructures and services Security Measures Fig. 3 General procedure of Risk Assessment Method 3. ITU-T X.805 based Vulnerability Method In this section, we propose the vulnerability analysis method to develop NGN Security Framework that is motive consulting methods such as BS7799, IT protection manual and so on. This Fig. 4 ITU-T X.805 based Vulnerability Method As it offers a systematic view of the protected target, we can consider wholly threats and vulnerabilities without exception. Security measures of unrealized network infrastructures and services can be reflected in the step of the implementation. Fig.5 describes the detail steps of proposed Vulnerability Method. In addition to following a general procedure of Security consulting method, it references ITU-T X.805 to analysis the protected target. So, this

method is more comprehensive end-toend network view of security than ITU-T X.805. Discriminating security target Defining Technology related work Defining Technical reference model Network services flow Classifying Security Layers Classifying Security Planes Related security technology Threat Identifying Threats Ranking Threats Vulnerability Identifying Vulnerabilities Ranking Vulnerabilities Risk Assessment Defining Risk Scenario Security Objectives & Requirements Defining Security Objectives Layer,Plane/Dimension table Deriving Security Measures Security Technical Tree Correlation analysis between security measures Network Security Framework Fig. 5 Steps of Proposed Vulnerability Method This method chooses the technical tree development for making security measures. Fig.6 explains to making a technical tree. The merits of this way can deduce a number of new security measurements. rank Security Requirement 1st Function 2nd function 3rd function 1 Securi ty requirement t echni cal sol ut i on1 2 nd sol ut i on 1 3 rd sol uti on 1 4. Conclusion and Further Works We propose a ITU-T X.805 based Vulnerability Method for developing Security Framework of NGN infrastructure and services. It is derived consulting methods. It provides a holistic approach to network security and guides for NGN security. In Korea, new network infrastructures and services has been constructed in according to IT839 strategy. IT839 strategy means 3 Infrastructures(Broadband Convergence Network, IPv6, Ubiquitous Sensor Network), 8 Services(Voice over IP, Home Network, Digital Multimedia Broadcast, Digital TV, Wireless Broadband Internet, RFID, Telematics, WCDMA) and 9 New Growth Engines(Next-generation mobile communications, Digital TV, Home Network, IT SoC, Next-generation PC, Embedded SW, Digital contents, Telematics, Intelligent Service Robot). In further works, we will apply this vulnerability analysis method to 8 Services and BcN. So we will present a NGN Security Framework model, which will be reflected in implement of BcN infrastructure and services. Technical solution2 2 nd sol uti on 2 2 nd sol ut i on1 3 rd sol uti on 1 Technical 기술 트리Tree 목록lists Filtering 주요가능 기술 도출 Realizable Security Measures Fig. 6 Technical Tree Development References: [1] ITU-T X.805, Security Architecture for Systems Providing End-to-End Communications [2] S.Kim, J.Jee, T.Nam, S.Sohn, C.Park, Framework of Network Security Service for Next Generation, Proceeding. WISA 2002, 123-130 [3] ITU-T SG17 Q.5, ITU-T Rec. X.805 and its application to NGN, ITU-T FG-NGN Workshop Proceeding, 2005 April [4] Korea Information Security Agency, Vulnerability & Assessment

Methodology version, 2002 [5] Kong, Luo, Xu, Gu, Gerla, Lu, Adaptive Security for Multi-layer Ad-hoc Networks, Wireless Communications and Mobile Computing, Wiley Interscience Press, 2002 [6] Bass T., Intrusion detection systems and multi-sensor data fusion, Communications of the ACM, vol.43, issue 4, 2000 April

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information