SIST-V ETSI/EG 201 510 V1.1.2:2003

SLOVENSKI STANDARD
SIST-V ETSI/EG 201 510 V1.1.2:2003
01-november-2003
Inteligentno omrežje (IN) - Varnostni vidiki funkcije krmiljenja storitev (SCF) -
Funkcija komutacije storitve (SSF) medsebojnega povezovanja omrežij - Operacije
na podlagi prvega nabora zmožnosti (CS1)
Intelligent Network (IN) - Security aspects of Switching Control Function (SCF) - Service
Switching Function (SSF) interconnection between networks - Part 1: Capability Set 1
(CS1) based operations
Ta slovenski standard je istoveten z: EG 201 510 Version 1.1.2
ICS:
33.040.35 Telefonska omrežja Telephone networks
SIST-V ETSI/EG 201 510 V1.1.2:2003 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-V ETSI/EG 201 510 V1.1.2:2003

---------------------- Page: 2 ----------------------

SIST-V ETSI/EG 201 510 V1.1.2:2003
ETSI EG 201 510 V1.1.2 (2000-05)
ETSI Guide
Intelligent Network (IN);
Security aspects of Switching Control Function (SCF) -
Service Switching Function (SSF)
interconnection between networks;
Part 1: Capability Set 1 (CS1) based operations

---------------------- Page: 3 ----------------------

SIST-V ETSI/EG 201 510 V1.1.2:2003
2 ETSI EG 201 510 V1.1.2 (2000-05)
Reference
DEG/SPAN-061212-1
Keywords
CS1, IN, interworking, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.:+33492944200 Fax:+33493654716
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network
drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at http://www.etsi.org/tb/status/
If you find errors in the present document, send your comment to:
editor@etsi.fr
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2000.
All rights reserved.
ETSI

---------------------- Page: 4 ----------------------

SIST-V ETSI/EG 201 510 V1.1.2:2003
3 ETSI EG 201 510 V1.1.2 (2000-05)
Contents
Intellectual Property Rights.4
Foreword .4
Introduction .4
1 Scope.5
2 References.5
3 Definitions and abbreviations .5
3.1 Definitions.5
3.2 Abbreviations .6
4 Functionality .6
4.1 SSF .6
4.2 SCF.6
4.3 SSF-SCF Interconnection.7
5 Security considerations of operations .8
5.1 initialDP .8
5.2 connect .8
5.3 releaseCall .8
5.4 eventReportBCSM .8
5.5 requestReportBCSMEvent .8
5.6 continue .9
5.7 activityTest .9
6 Security countermeasures.9
6.1 Topology .9
6.2 Authentication .9
6.3 Access control .9
6.4 Integrity .10
6.5 Confidentiality.10
6.6 Non Repudiation.10
6.7 Accountability and auditing.10
6.8 Network security management .10
6.9 Testing and operation maintenance .10
Bibliography.11
History.12
ETSI

---------------------- Page: 5 ----------------------

SIST-V ETSI/EG 201 510 V1.1.2:2003
4 ETSI EG 201 510 V1.1.2 (2000-05)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect
of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server
(http://www.etsi.org/ipr).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in SR 000 314 (or the updates on the ETSI Web server)
which are, or may be, or may become, essential to the present document.
Foreword
This ETSI Guide (EG) has been produced by ETSI Technical Committee Services and Protocols for Advanced
Networks (SPAN).
The present document is part 1 of a multi-part EG covering the Intelligent Network (IN); Security aspects of Switching
Control Function (SCF) - Service Switching Function (SSF) interconnection between networks, as identified below:
Part 1: "Capability Set 1 (CS1) based operations";
Part 2: "Capability Set 2 (CS2) based operations".
Introduction
Under IN CS1 and CS2, the IN SCP to SSP relationship, or Service Control to Switch, is confined to a single network
operator's domain and may actually be physically co-located as an SSCP. To optimize performance, the switch requires
little security, particularly if implemented within a 'single unit' or SSCP. By not using the local processor for security,
switch performance may be optimized toward call processing with security and network protection measures provided at
the Service Control Point.
In the case of inter-connected networks, direct implementation of the Inter-network Control to Switch relationship would
require appropriate security and authentication measures to be provided and managed at each SSF.
Within a single network, potential conflict between multiple SCFs is avoided by their management within a common
domain. When two networks are interconnected two (or more) SCFs in different domains can potentially control the
same resource (SSF). Then some secure resource allocation and management procedure must be deployed. Suitable
mechanisms have not yet been standardized. Network operators may prefer the option of utilizing the established
inter-network SCF to SCF security procedures and route inter-network service switching signalling messages via each
Network's Service Control Point. In this case appropriate security and authentication measures would be provided and
managed at each SCF.
ETSI

---------------------- Page: 6 ----------------------

SIST-V ETSI/EG 201 510 V1.1.2:2003
5 ETSI EG 201 510 V1.1.2 (2000-05)
1 Scope
The present document describes security aspects in conjunction with the interconnection of two IN structured networks.
The present document concentrates on the SCF - SSF interconnection.
The purpose of the present document is to describe the security aspects of interconnection of SCF to SSF. The
operations considered in this interconnection are a subset of CS1. For the time being CAMEL is the only application of
SCF - SSF interconnection, therefore the present document considers only CAMEL phase 1 operations. A later edition
may also consider other CS1 operations.
Future parts of the present document will investigate the security aspects of operation sets that are a subset of CS2
and CS3.
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
• References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies.
• A non-specific reference to an ETS shall also be taken to refer to later versions published as an EN with the same
number.
[1] ITU-T Recommendation Q.1228 (1997): "Interface Recommendation for intelligent network
Capability Set 2".
[2] ETSI ETR 232: "Security Techniques Advisory Group (STAG); Glossary of security terminology".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
masquerade ("spoofing"): pretence of an entity to be a different entity. This may be a basis for other threats like
unauthorized access or forgery
unauthorized access: entity attempts to access data in violation to the security policy in force
eavesdropping: breach of confidentiality by monitoring communication
loss or corruption of information: integrity of data (transferred) is compromised by unauthorized deletion, insertion,
modification, reordering, replay or delay
replay of information: repetition of previously valid commands and responses with the intention of corrupting service
or causing an overload
repudiation: denial by one of the entities involved in a communication of having participated in all or part of the
communication
forgery: entity fabricates information and claims that such information was received from another entity or sent to
another entity
ETSI

---------------------- Page: 7 ----------------------

SIST-V ETSI/EG 201 510 V1.1.2:2003
6 ETSI EG 201 510 V1.1.2 (2000-05)
denial of service: prevention of authorized access to resources or the delaying of time critical operat
...