A Security and Trust Framework for a Wireless World: A Cross Issue Approach to
Stewart Kowalski Ph.D Communication Security Lab IP Networks Ericsson Research Ericsson AB
[email protected] 1
Outline •
”European ” Consensus Research in Telecom Security – Ambient Networks – WWI – The Cross Issue Security Team Security Matrix • Security Objectives • Security Continuum • Mapping Requirements
•
•
Trust Model –
Definition Model
–
Privacy Identify Bootstrapping
–
Actors and Trust Matrix
Conclusion/Questions 2
•”European ” Consensus Research in Telecom Security
Project Consortium • EU 6th Framework Integrated Project (the main mobile networks one) • Partners – – – – – –
9 Manufacturers 10 Operators 11 Universities 4 R&D Centres 1 SME EU member states, associated candidate countries, Non EU
• Phase I, started Jan 2004 – “Establishing the Ambient Networks Concept and its Feasibility” – 2000 person months over 2 years • Phase II - Detailed Specification, Technical Development, Performance • Phase III - Optimisation for Performance and Deployment; Market Dissemination 3
”European ” Consensus Research in Telecom Security Partners in Ambient Networks
• • • • • • • • •
• • •
• •
Ericsson AB (project co-ordinator), Sweden Alcatel SEL AG, Germany British Telecommunications plc, UK Budapest University Of Technology And Economics, Hungary Concordia University, Canada Consorzio Ferrara Ricercha, Italy Critical Software S.A., Portugal DaimlerChrysler AG, Germany DoCoMo Communications Laboratories Europe GmbH, Germany Elisa Corporation, Finland Ericsson Eurolab Deutschland GmbH, Germany Ericsson Magyarorszag Kommunikacios Renszerek K.F.T., Hungary France Telecom SA, France Fraunhofer Gesellschaft Zur Foerderung Der Angewandten Forschung e. V., Germany
•
• • • • • • • • • •
• •
Instituto De Engenharia De Sistemas E Computadores Do Porto, Portugal Kungliga Tekniska Högskolan, Sweden Lucent Technologies Network Systems GmbH, Germany Lucent Technologies Network Systems UK Limited, UK Motorola Japan, Japan National ICT Australia (University Of New South Wales), Australia NEC Europe ltd, UK Nokia Corporation, Finland Oy LM Ericsson AB, Finland Panasonic European Laboratories GmbH, Germany Rheinisch-Westfaelische Technische Hochschule Aachen, Germany Siemens AG, Germany Siemens AG Oesterreich, Austria
4
• • • • • • • • •
• • • • •
Siemens Mobile Communications SPA, Italy Swedish Institute Of Computer Science AB, Sweden Technical Research Centre Of Finland, Finland Technische Universitaet Berlin, Germany Telecom Italia SPA, Italy Telefonica Investigacion Y Desarrollo SA Unipersonal, Spain Telenor Communication AS, Norway TeliaSonera AB, Sweden TNO - Netherlands Organisation For Applied Scientific Research, Netherlands University Of Surrey, UK Universidad De Cantabria, Spain University College London, UK University Of Ottawa, Canada Vodafone Group Services Limited, UK
Cross Issue Team
http://www.ambient-networks.org/ Mobilife
Ambient Networks
WP7 XI-ST
End to end Reconfigurability
Wireless World Initiative
New Radio
http://www.wireless-world-initiative.org/ 5
Actors in WWI Spectrum manager Regulator Trusted 3rd Party/ Security Entity
Certification Entity Content provider
Reconfiguratio n Manager
Pilot Channel Provider Service Aggregator
Software provider
Access User/ Subscriber Network Value Added Service Equipmentprovider (VASP)
Network Operator Manufacturer
6
Access Network
User/ Subscriber
Outline •
Cross Issue Security Team
•
Security Matrix
•
•
–
Security Objectives
–
Security Continuum/security value chain
–
Mapping Requirements
Trust Model –
Definition Model
–
Privacy Identify Bootstrapping
–
Trust Matrix
Conclusion/Questions
7
Security Objectives
• • • • • •
Availability Integrity Confiedntiality Accountablity Assurance Privacy 8
Security Continuum
• • • • •
Deter Protect/Control Detect/Monitor Respond Recover Deter
Protect
Detect
Respond Recover 9
Different Mental Security Spending Models
Deter
Protect
Detect
Total Security Spending $
10
Respond Recover
Value Based Risk Analysis For Deterrence of a Stolen Handsets
Ericsson
SonyEricsson
End User
Operator X
End Abuser
1.00 1.30
1.60
3.20
1.60
1.50 1.80
2.60
4.60
1.70
1.80 2.50
3.80
7.60
4.60
11
Security Requirment Matrix Deter
Protect
Availability
ANAN-R177
Integrity
W-R130 E2RE2R-R3
Detect
ANAN-R175
ANAN-R175
ML3
Confidentiality Accountablity
ANAN-R176
Assurance Privacy
ML-1
ML-2
Respond
ML1
12
Recover
Outline •
Cross Issue Security Team
•
Security Matrix
•
•
–
Security Objectives
–
Security Continuum
–
Mapping Requirements
Trust Model –
Definition Model
–
Privacy Identify Bootstrapping
–
Trust Matrix
Conclusion/Questions
13
What is a Trust Model? – Quantitative view: • A trust computation model used by each entity to manage trusts relevant to itself
– Qualitative View: • A global view of trust relations between pairs of entities
14
Four foundations of Trust – Blind trust • Personal judgement or instinct (e.g. I trust a friend)
– Trust based on reputation • Well known brand, recommendation of others
– Trust based on Control and Punishment – Trust based on Policy Enforcement • e.g. contractual agreement for business
– We should consider all of these within the WWI
15
Aspects of Trust (1): Privacy – Privacy important as WWI infrastructure is pervasive, invisible, and recording actions of user – Trade-off between privacy and trust: Assess trustworthiness from history
Hide history to protect privacy
– Possible solution: • Use of third parties to vouch for user without revealing identity
16
Aspects of Trust (2): Identity – How can you trust someone if you don’t know who they are? – Identity frameworks e.g. digital certificates • Hierarchical PKI e.g. X.509 • Peer-to-peer e.g. PGP web of trust
– Certificates don’t say what you can do – Punishment mechanisms may not work if new identity can be created easily – Relevant work: • Cryptographically generated addresses: generate an address by computing a hash from a public key and other parameters • Helps prevent spoofing of addresses 17
Aspects of Trust (3): Bootstrapping – User wants to establish a communications channel – User needs information on trustworthiness BEFORE establishing the connection
User
Unknown Network
– Possible solutions • Some kind of “PILOT” channel
• Schemes which do not require external trust information • User has public key of trusted party. Information is signed. 18
Some WWI Trust Requirements – R.Trust1 Users should be able to choose a trusted entity for charging, privacy management, etc (e.g. trusted brand) – R.Trust 2 Dynamic trust establishment should be possible – R.Trust 3 Use of networks possible with no prior trust relationship – R.Trust 4 Network context information should contain information enabling its trustworthiness to be evaluated – R.Trust 5 Authentication via trusted third party should be possible – R.Trust 6 Anonymity of users should be supported where appropriate – R.Trust 7 Certification processes should exist so that users know whether services are approved by trusted entities – R. Trust 9 Audit and lawful interception should be possible
19
Trust Chain (Action Concepts)
• Design • Base • Present • Establish • Maintain • Recover 20
Trust Matrix 1 (Actor)
Design
Base
Piolt Channel
Present
Establish
Maintain
W-R130 E2RE2R-R3
Network Operators Services aggregator
W-R130 E2RE2R-R3
ANAN-R175
W-R130 E2RE2R-R3
Access Network VASP
MLML-1
Manufactor
21
Recover
Actor and Trust Matrix 1 Spectrum manager Regulator Trusted 3rd Party/ Security Entity
Content provider
Reconfiguratio n Manager
(Actor)
Software provider Design
Bas e
Piolt Channel
User/ Subscriber
Network Operators Services aggregator Access Network VASP
Certification Entity
Presen t
Establis h
Maintain
W -R130 E2RE2R-R3
W -R130 E2RE2R-R3
ANAN-R175 W -R130 E2RE2R-R3
MLML-1
Manufactor
22
Recover
User/ Subscriber
Conclusion • By working with a framework with fixed objectives and highlevel abstract security and trust functions we are hoping to be able to reach consensus and ”anchor” security requirements into the next generation mobile networks
23
