SIST-TP TR 101 771 V1.1.1:2004

SLOVENSKI STANDARD
SIST-TP TR 101 771 V1.1.1:2004
01-april-2004
Harmonizacija telekomunikacij in internetnega protokola prek omrežij (TIPHON), 4.
izdaja - Definicija zahtev neodvisne storitve - Analiza groženj
Telecommunications and Internet protocol Harmonization Over Networks (TIPHON)
Release 4; Service Independent requirements definition; Threat Analysis
Ta slovenski standard je istoveten z: TR 101 771 Version 1.1.1
ICS:
33.020 Telekomunikacije na splošno Telecommunications in
general
SIST-TP TR 101 771 V1.1.1:2004 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TP TR 101 771 V1.1.1:2004

---------------------- Page: 2 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
ETSI TR 101 771 V1.1.1 (2001-04)
Technical Report
TIPHON Release 4;
Service Independent requirements definition;
Threat Analysis

---------------------- Page: 3 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
2 ETSI TR 101 771 V1.1.1 (2001-04)
Reference
DTR/TIPHON-08002
Keywords
IP,network,security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33492 94 4200 Fax: +33493 65 4716
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at http://www.etsi.org/tb/status/
If you find errors in the present document, send your comment to:
editor@etsi.fr
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2001.
All rights reserved.
ETSI

---------------------- Page: 4 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
3 ETSI TR 101 771 V1.1.1 (2001-04)
Contents
Intellectual Property Rights .6
Foreword.6
1 Scope.7
2 References.7
3 Definitions and abbreviations.8
3.1 Definitions . 8
3.2 Abbreviations. 8
4 Overview.9
5 System's Design.11
5.1 Network Architecture. 11
5.2 General Design. 11
5.3 TIPHON Connectivity Scenarios . 12
5.3.1 Scenario 1. 12
5.3.2 Scenario 2. 13
5.3.3 Scenario 3. 13
5.3.4 Scenario 4. 14
5.4 Services . 14
6 Security Objectives.14
6.1 Main Security Objectives. 14
6.2 Customers' (Subscribers') Objectives . 15
6.3 Objectives of (TIPHON) Service and Network Providers . 15
6.4 Manufacturers' Objectives . 15
7 System's Review.15
8 Threat Analysis and possible Countermeasures .16
8.1 Denial of service . 17
8.1.1 Possible Attack Methods. 17
8.1.2 Impact . 17
8.1.3 Possible Countermeasures. 17
8.2 Eavesdropping. 17
8.2.1 Possible Attack Methods. 17
8.2.2 Impact . 18
8.2.3 Possible Countermeasures. 18
8.3 Masquerade. 18
8.3.1 Possible Attack Methods. 18
8.3.2 Impact . 18
8.3.3 Possible Countermeasures. 18
8.4 Unauthorized access . 19
8.4.1 Possible Attack Methods. 19
8.4.2 Impact . 19
8.4.3 Possible Countermeasures. 19
8.5 Loss of information . 19
8.5.1 Possible Attack Methods. 19
8.5.2 Impact . 19
8.5.3 Possible Countermeasures. 20
8.6 Corruption of information. 20
8.6.1 Possible Attack Methods. 20
8.6.2 Impact . 20
8.6.3 Possible Countermeasures. 20
8.7 Repudiation. 20
8.7.1 Possible Attack Methods. 20
8.7.2 Impact . 21
ETSI

---------------------- Page: 5 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
4 ETSI TR 101 771 V1.1.1 (2001-04)
8.7.3 Possible Countermeasures. 21
9 Risk Assessment.21
9.1 Methodology. 21
9.2 Evaluation of Risks . 23
9.3 Effectiveness of Countermeasures. 24
10 Recommendations .26
10.1 Security Policy. 26
10.2 Recommendation to the TIPHON Security Profiles. 27
10.3 Recommendation to the TIPHON network architecture. 27
10.4 Recommendation to TIPHON Services . 27
Annex A: Legislation Issues .28
A.1 Privacy .28
A.2 Security Order .28
A.3 Lawful Interception .28
A.4 Contract.29
Annex B: Description of Threats .30
B.1 Denial of services .30
B.1.1 Denial of Service on Network Elements. 30
B.1.2 Denial of Services . 30
B.2 Eavesdropping.30
B.2.1 Eavesdropping of content of communication. 30
B.2.2 Eavesdropping of network element IDs. 30
B.2.3 Eavesdropping of service authorization data. 31
B.2.4 Eavesdropping of network element authentication data. 31
B.3 Masquerade .31
B.3.1 Masquerade as legitimate user during the registration process . 31
B.3.2 Masquerade as network entity during the registration process. 31
B.3.3 Masquerade as legitimate user during the authentication process . 31
B.3.4 Masquerade as network entity during the authentication process. 32
B.3.5 Masquerade as calling party during call setup . 32
B.3.6 Masquerade as called party during call setup. 32
B.3.7 Masquerade as non-terminating network entity during call setup . 32
B.3.8 Masquerade as conference call party during an active connection. 32
B.3.9 Masquerade as non-terminating network entity during an active connection . 32
B.4 Modification of information.33
B.4.1 Modification of Terminal IDs . 33
B.4.2 Modification of call setup information . 33
B.4.3 Modification of routing information. 33
B.4.4 Modification of user access authentication data (e.g. for subsequent use). 33
B.4.5 Modification of data exchanged in the registration process . 34
B.4.6 Modification of content of communication. 34
B.4.7 Modification of network element IDs. 34
B.4.8 Modification of service authentication data (i.e. part of content of communication) . 34
B.4.9 Modification of network element authentication data . 34
B.4.10 Modification of billing data . 34
B.5 Unauthorized access .35
B.5.1 Unauthorized access to a network element . 35
B.5.2 Unauthorized access on service elements . 35
Annex C: Description and possible examples of Countermeasures .36
C.1 Authentication .36
C.1.1 Authentication with password. 36
C.1.2 Authentication based on one-time passwords . 37
ETSI

---------------------- Page: 6 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
5 ETSI TR 101 771 V1.1.1 (2001-04)
C.1.3 Authentication based on secret key . 37
C.1.4 Authentication based on digital signature. 38
C.2 Digital Signature.38
C.3 Access Control .38
C.4 Virtual Private Network.39
C.5 Secure Configuration of Operating Systems .39
C.6 Secure Configuration of Networks .39
C.7 Protection from Denial of Service Attacks on Hosts and Media Streams.40
C.7.1 Filtering at network ingress. 40
C.7.2 Filtering at network egress. 40
C.7.3 Disable directed broadcast. 40
C.7.4 H.235v2 Media Anti-spamming method for RTP channels. 40
C.7.5 Tools to scan for distributed drones. 41
C.7.6 Procedures and plans for crisis management: . 41
C.8 Physical Protection .41
C.9 Encryption.42
C.9.1 Algorithms and Keys. 42
C.9.2 Symmetric and Public-Key Algorithms. 42
C.9.3 Hardware and Software . 43
C.9.4 Security on call management . 43
C.9.5 Security on the voice data stream. 43
C.10 Intrusion Detection Systems.44
C.11 Auditing and logging .44
C.12 Non-Repudiation measures .45
Annex D: Threat and Countermeasure Template for Providers .46
Annex E: Bibliography.48
History .49
ETSI

---------------------- Page: 7 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
6 ETSI TR 101 771 V1.1.1 (2001-04)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://www.etsi.org/ipr).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Report (TR) has been produced by ETSI Project Telecommunications and Internet Protocol
Harmonization Over Networks (TIPHON).
ETSI

---------------------- Page: 8 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
7 ETSI TR 101 771 V1.1.1 (2001-04)
1 Scope
The present document provides a comprehensive analysis of security threats to the TIPHON environment as described
in principle in TS 101 313 [9]. It includes a definition of the security objectives, a description of the assets within the
TIPHON environment, a list of threats to the TIPHON environment, a risk assessment, and a recommendation of the
necessary security countermeasures.
TIPHON compliant systems bring together IP-based and SCN-based communications. Therefore it is recommended to
comply with a certain level of security. Because of the well-known threats and counter-measures in the SCN, the
present document focuses primarily on the IP-internal, IP-to-SCN functions.
The following network elements form the simplified TIPHON architecture as described in principle in TS 101 313 [9]
for ITU-T Recommendation H.323 [12] to SCN interworking, which is used as basis for the present document:
• Terminals;
• Call control element, e.g. Gatekeeper;
• Admission control element, e.g. User Profile;
• Decomposed Inter-technology gateway consisting of:
- Media Gateway Controller;
- Media Gateway;
- Signalling Gateway.
Where appropriate the guidelines for conduct of a threat analysis described in ETR 332 [1] are followed.
It is intended to expand the present document to cover additional functions and services in a future edition to cover the
extended TIPHON environment described by TS 101 314 ed1 (for TIPHON release 2), for TS 101 314 ed2 (TIPHON
release 3) and also in TS 101 882 [17] (TIPHON release 3) as an examination of threats against meta-protocols.
2 References
For the purposes of this Technical Report (TR) the following references apply:
[1] ETSI ETR 332: "Security Techniques Advisory Group (STAG); Security requirements capture".
[2] ETSI ETR 232: "Security Techniques Advisory Group (STAG); Glossary of security
terminology".
[3] ETSI TR 101 750: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON); Security; Studies into the Impact of lawful interception".
[4] ITU-T Recommendation X.811 (1995): "Information technology - Open System
Interconnection - Security framework for open systems: Authentication framework".
[5] ETSI ETR 237 (1996): "Security Techniques Advisory Group (STAG); Baseline security
standards; Features and mechanisms".
[6] ETSI EN 301 261-3 (1998): "Telecommunications Management Network (TMN); Security;
Part 3: Security services; Authentication of users and entities in a TMN environment".
[7] ISO/IEC 13335 (parts 1 to 5): "Information technology - Guidelines for the Management of IT
Security (GMITS)".
[8] ISO/IEC 10181-4: "Information technology - Open Systems Interconnection - Security
frameworks for open systems: Non-repudiation framework".
[9] ETSI TS 101 313:"Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON); Network architecture and reference configurations; Phase II: Scenario 1 + Scenario 2".
ETSI

---------------------- Page: 9 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
8 ETSI TR 101 771 V1.1.1 (2001-04)
[10] ISO/IEC 10181-3:"Information technology - Open Systems Interconnection - Security frameworks
for open systems: Access control framework".
[11] ETSI TS 101 323: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON); Interoperable security profiles".
[12] ITU-T Recommendation H.323: "Packet based multimedia communication systems".
[13] ITU-T Recommendation H.235: "Security and encryption for H-Series (H.323 and other
H.245-based) multimedia terminals".
[14] ITU-T Recommendation H.245: "Control protocol for multimedia communication".
[15] ETSI TS 101 314: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON); Network architecture and reference configurations; TIPHON Release 2".
[16] RFC 2194 (1997): "Review of Roaming implementations".
[17] ETSI TR 101 882: "TIPHON Release 3; Protocol Framework Definition; General".
[18] RFC 2828: "Internet Security Glossary".
[19] RFC 2644: "Changing the Default for Directed Broadcasts in Routers".
[20] RFC 2267: "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP
Source Address Spoofing ".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in ETR 232 [2] and the following apply.
NOTE: TIPHON is used in the following as synonym for "TIPHON compliant systems".
federation: collection of networked systems that can interact (interoperate) without being part of a single management
domain
hijack attack: form of active wiretapping in which the attacker seizes control of a previously established
communication association [18]
security policy: set of rules and practices that specify or regulate how a system or organization provides security to
protect sensitive and critical system resources and the offered services
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
BE Back End
BER Back End Routing function
CH ClearingHouse
DoS Denial of Service
GK GateKeeper
GW GateWay
ID Identifier
IETF Internet Engineering Task Force
IP Internet Protocol
ITSP IP-Telephony Service Provider
MGC Media Gateway Controller
MGW Media Gateway
MMI Man-Machine-Interface
ETSI

---------------------- Page: 10 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
9 ETSI TR 101 771 V1.1.1 (2001-04)
NE Network Element
OSP Open Settlement Protocol
PIN Personal Identification Number
PRS Premium Rate Service
PSTN Public Switched Telephony Network
RAS Request Admission Status
RFC Request For Comments
RS Resolution Service
SAP Service Access Point
SCN Switched Circuit Network
SGW Signalling Gateway
TCP Transport Control Protocol
TIPHON Telecommunication and Internet Protocol Harmonization over Networks
TR Technical Report
UP User Profile
UPT Universal Personal Telecommunications
VoIP Voice over IP
4Overview
The present document follows the methodology generally described in ETR 332 [1] and is therefore structured in the
following way.
ETSI

---------------------- Page: 11 ----------------------

SIST-TP TR 101 771 V1.1.1:2004
10 ETSI TR 101 771 V1.1.1 (2001-04)
Re-design
System’s Design
(clause 5)
Security Objectives
Definition
(clause 6)
System’s Review
(clause 7)
Threat Analysis
(clause 8)
dentification of possible
countermeasures
(subclauses 8.x.3)
Evaluation of Risks
(subclause 9.2)
Effectiveness of
Countermeasures
(subclause 9.3)
Recommendations
...