SIST-TS TS 102 165-1 V4.1.1:2004

SLOVENSKI STANDARD
SIST-TS TS 102 165-1 V4.1.1:2004
01-april-2004
Harmonizacija telekomunikacij in internetnega protokola prek omrežij (TIPHON), 4.
izdaja - Definicija okvira protokola - Varnostne metode in protokoli - 1. del: Analiza
groženj
Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON)
Release 4; Protocol Framework Definition; Methods and Protocols for Security; Part 1:
Threat Analysis
Ta slovenski standard je istoveten z: TS 102 165-1 Version 4.1.1
ICS:
33.020 Telekomunikacije na splošno Telecommunications in
general
SIST-TS TS 102 165-1 V4.1.1:2004 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS TS 102 165-1 V4.1.1:2004

---------------------- Page: 2 ----------------------

SIST-TS TS 102 165-1 V4.1.1:2004

ETSI TS 102 165-1 V4.1.1 (2003-02)
Technical Specification


Telecommunications and Internet Protocol
Harmonization Over Networks (TIPHON) Release 4;
Protocol Framework Definition;
Methods and Protocols for Security;
Part 1: Threat Analysis

---------------------- Page: 3 ----------------------

SIST-TS TS 102 165-1 V4.1.1:2004
 2 ETSI TS 102 165-1 V4.1.1 (2003-02)



Reference
DTS/TIPHON-08005-1R4
Keywords
IP, protocol, security, VoIP
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, send your comment to:
editor@etsi.org
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2003.
All rights reserved.

TM TM TM
DECT , PLUGTESTS and UMTS are Trade Marks of ETSI registered for the benefit of its Members.
TM
TIPHON and the TIPHON logo are Trade Marks currently being registered by ETSI for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 4 ----------------------

SIST-TS TS 102 165-1 V4.1.1:2004
 3 ETSI TS 102 165-1 V4.1.1 (2003-02)
Contents
Intellectual Property Rights.6
Foreword.6
1 Scope.7
2 References.7
3 Definitions and abbreviations.8
3.1 Definitions.8
3.2 Abbreviations.8
4 TIPHON overview.8
4.1 Introduction.8
4.2 Architecture.9
4.2.1 Specific meta-protocols.9
4.2.2 Specific implementations.9
4.3 Forms of implementation .10
4.3.1 Terminal types.10
4.4 Cryptographic countermeasures.10
4.5 Future TIPHON terminal.11
5 Security objectives.11
6 Legislation issues.12
6.1 Privacy.12
6.2 Security order.12
6.3 Lawful Interception (LI).12
6.4 Contract.13
7 Security framework.13
7.1 General assumptions.13
7.2 Capabilities in framework .13
7.2.1 Network access security.13
7.2.1.1 User identity confidentiality.13
7.2.1.2 Entity authentication.13
7.2.1.3 Confidentiality.14
7.2.2 Security visibility and configurability .14
7.2.2.1 Visibility.14
7.2.2.2 Configurability.14
8 Threat analysis and risk assessment .15
8.1 Threats.15
8.2 Actors and roles.16
8.3 Security domains.16
8.4 Description of threats .16
8.4.1 General threats.16
8.4.1.1 Eavesdropping of TIPHON-id on interfaces or entities .16
8.4.1.2 Getting the TIPHON-id from a terminal .16
8.4.1.3 Denial of service.17
8.4.1.4 Unauthorized access to data .17
8.4.1.5 Flooding the network .17
8.4.1.6 Stolen terminals.17
8.4.1.7 Subscription fraud.17
8.4.1.8 Unauthorized access to data in terminals .18
8.4.1.9 Masquerading as one network entity to an other one .18
8.4.2 Threats related to data deletion procedures.18
8.4.2.1 Eavesdropping of old address .18
8.4.2.2 Masquerading as a network entity to delete data.18
8.4.3 Threats related to subscription registration procedures.18
ETSI

---------------------- Page: 5 ----------------------

SIST-TS TS 102 165-1 V4.1.1:2004
 4 ETSI TS 102 165-1 V4.1.1 (2003-02)
8.4.3.1 Illegal registration by an attacker masquerading as service provider.18
8.4.4 Threats related to subscription de-registration procedures .19
8.4.4.1 Illegal de-registration by an attacker masquerading as service provider.19
8.4.4.2 Subscriber does not allow de-registration by manipulating his terminal.19
8.4.4.3 Subscriber does not allow de-registration by manipulating the signalling interface .19
8.4.5 Threats related to incoming call procedures .19
8.4.5.1 Masquerading by using someone's TIPHON-id.19
8.4.5.2 Masquerading by using someone's TIPHON-id and authentication information.20
8.4.5.3 Eavesdropping of the communication on the access interface by use of the session key .20
8.4.5.4 Eavesdropping of the start of a communication on the access interface .20
8.4.5.5 Eavesdropping of roaming number or routing number .20
8.4.5.6 Modification of routing data .20
8.4.6 Threats related to outgoing call procedures .20
8.4.6.1 Masquerading by using someone's TIPHON-id.20
8.4.6.2 Masquerading by using someone's TIPHON-id and authentication information.21
8.4.6.3 Eavesdropping of the communication on the access interface by use of the session key .21
8.4.6.4 Eavesdropping of the communication on the NNI interfaces.21
8.4.6.5 Eavesdropping of the start of a communication on the access interface .21
8.4.6.6 Eavesdropping of the phone number of the called party.21
8.4.6.7 Modification of the dialled number.21
8.4.6.8 Masquerading by using someone's TIPHON-id only.21
8.4.7 Threats related to emergency call procedures.21
8.4.7.1 Misuse of emergency call.21
8.4.7.2 Manipulate data to give an emergency number to somebody .22
8.4.8 Threats related to service profile.22
8.4.8.1 Eavesdropping of transmitted information during service profile transfer.22
8.4.8.2 Manipulation of transmitted information during service profile transfer.22
8.4.8.3 Unauthorized access to the service profile of somebody by unauthorized use of service profile
interrogation .22
8.4.8.4 Unauthorized access to, or unauthorized use of, the service profile modification procedure .22
8.5 Tabulated summary of threats .23
8.6 Risk Measurement.24
8.7 Risk Assessment for the TIPHON network procedures .25
8.8 Consolidated Risk Assessment.29
8.9 Conclusion.29
9 TIPHON security requirements and security services.31
9.1 Authentication.32
9.1.1 A1 = Authentication of the terminal by the registrar (home of the user profile) .32
9.1.2 A2 = Authentication of the registrar by the terminal .32
9.1.3 A3 = Authentication of the terminal by the Service point of Attachment (SpoA).32
9.1.4 A4 = Authentication of the SpoA by the terminal .32
9.1.5 A5 = Authentication of the SpoA by the registrar .32
9.1.6 A6 = Authentication of the registrar by the SpoA .32
9.1.7 A7 = Authentication of the user to the TIPHON terminal device.32
9.2 Access control.32
9.2.1 C1 = Access control to services.32
9.2.2 C2 = Access control to data .33
9.2.3 C3 = Access control to data in terminal.33
9.2.4 C4 = Access control to software .33
9.2.5 C5 = Access control to hardware.33
9.3 Confidentiality.33
9.3.1 E1 = Confidentiality of user communication on the access interface .33
9.3.2 E2 = Confidentiality of signalling on the access interface.33
9.3.3 E3 = Confidentiality of signalling between SpoA entities.33
9.3.4 E4 = Confidentiality of signalling between SpoA and TpoA .34
9.3.5 E5 = Confidentiality of communication between TpoAs.34
9.3.6 E6 = Confidentiality of TIPHON-id on signalling interfaces .34
9.3.7 E7 = Confidentiality of communication between SpoA and Registrar (registration services).34
9.4 Integrity.34
9.4.1 I1 = Signalling data integrity .34
9.4.2 I2 = Bulk data transfer data integrity .34
ETSI

---------------------- Page: 6 ----------------------

SIST-TS TS 102 165-1 V4.1.1:2004
 5 ETSI TS 102 165-1 V4.1.1 (2003-02)
9.5 General security policy.34
9.5.1 P1 = Bill limitations.34
9.5.2 P2 = Secure billing administration.35
9.5.3 P3 = Subscriber and terminal management.35
9.5.4 P4 = Hotline.35
9.5.5 P5 = Security related reports to the user .35
9.5.6 P6 = Secure dialogue between operators .36
9.5.7 P7 = Contractual agreements between operators .36
9.5.8 P8 = Contractual agreements between service providers and subscribers .36
9.5.9 P9 = Security related reports to the service provider .37
9.5.10 P10 = Secure subscription process.37
9.6 Threats and counteracting security measures .37
Annex A (informative): SIP specific threat analysis.40
A.1 Introduction.40
A.2 Extract from RFC 3261 .40
A.3 SIP protocol, methods and responses.41
A.3.1 Protocol.41
A.3.2 Methods.41
A.3.2.1 Security concerns of SIP methods .41
A.3.3 Protocol components.41
A.4 The threats and risk factors .42
Annex B (informative): ITU-T H.323 specific threat analysis.46
B.1 Introduction.46
B.2 Extract from H.323 (November 2000) .46
B.3 Discussion.46
B.4 Extract from H.323 annex J.47
B.4.1 Secure Audio Simple Endpoint Type (SASET) .47
B.4.1.1 Assumptions.47
B.4.1.2 Overview.47
B.4.3 Observations for TIPHON.48
B.5 The threats and risk factors .49
Annex C (informative): Bibliography.53
History .54

ETSI

---------------------- Page: 7 ----------------------

SIST-TS TS 102 165-1 V4.1.1:2004
 6 ETSI TS 102 165-1 V4.1.1 (2003-02)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
All published ETSI deliverables shall include information which directs the reader to the above source of information.
Foreword
This Technical Specification (TS) has been produced by ETSI Project Telecommunications and Internet Protocol
Harmonization Over Networks (TIPHON).
The present document is part 1 of a multi-part deliverable covering Methods and Protocols for security in TIPHON
Release 4, as identified below:
Part 1: "Threat Analysis";
Part 2: "Counter Measures".
ETSI

---------------------- Page: 8 ----------------------

SIST-TS TS 102 165-1 V4.1.1:2004
 7 ETSI TS 102 165-1 V4.1.1 (2003-02)
1 Scope
The present document defines by means of an information model, a functional entity behavioural model, and by
validated SDL a model of the abstract behaviour of each service and service capability identified as being essential in
TIPHON R4.
This part derives, by means of a threat analysis, the requirements for security features that when implemented are
necessary and sufficient to ensure that TIPHON derived products do no harm to their participants.
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
• References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
[1] Void.
[2] ETSI TR 101 877: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON); Requirements Definition Study; Scope and Requirements for a Simple call".
[3] ETSI TS 101 878: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON) Release 3; Service Capability Definition; Service Capabilities for a simple call".
[4] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a
Community framework for electronic signatures.
[5] ETSI TS 101 331: "Telecommunications security; Lawful Interception (LI); Requirements of Law
Enforcement Agencies".
[6] ETSI ETR 336: "Telecommunications Management Network (TMN); Introduction to
standardizing security for TMN".
[7] ETSI TS 101 314: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON) Release 3; Abstract Architecture and Reference Points Definition; Network
Architecture and Reference Points".
[8] ETSI TS 101 303: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON) Release 4; Service Independent Requirements Definition; Service and Network
Management Framework; Part 1: Overview and Introduction".
[9] ETSI TS 102 165-2: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON) Release 4; Protocol Framework Definition; Methods and Protocols for Security;
Part 2: Counter Measures".
[10] IETF RFC 3261: "SIP: Session Initiation Protocol ".
[11] ITU-T Recommendation H.323: "Packet-based multimedia communications systems".
[12] ITU-T Recommendation Q.1902 (1 to 6): "Bearer Independent Call Control protocol (Capability
Set 2)".
[13] ETSI EN 300 347-1: "V interfaces at the digital Local Exchange (LE); V5.2 interface for the
support of Access Network (AN); Part 1: V5.2 interface specification".
ETSI

---------------------- Page: 9 ----------------------

SIST-TS TS 102 165-1 V4.1.1:2004
 8 ETSI TS 102 165-1 V4.1.1 (2003-02)
[14] IETF RFC 1889: "RTP: A Transport Protocol for Real-Time Applications".
[15] IETF RFC 2326: "Real Time Streaming Protocol (RTSP)".
[16] IETF RFC 3015: "Megaco Protocol Version 1.0".
[17] IETF RFC 2327: "SDP: Session Description Protocol".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in TR 101 877 [2] and TS 101 878 [3] apply.
3.2 Abbreviations
For the purposes of the present do
...