TISPAN activities
TISPAN Activity Report 2011
NGN Latest Drafts
Workshop archive
Technical Body Support
Open Area
Security Architecture

Terms of Reference for TISPAN WG7
(Competence centre for Security)

TISPAN WG7 is responsible for:

  • Conducting studies leading to deliverables on Security;

  • Management and co-ordination of the development of security specifications for the next generation telephony and multimedia communications;

  • Investigation of security services and mechanisms required for providing services over the Internet;

  • Development of security analyses of candidate protocols and network elements to be used within the NGN framework to implement capabilities e.g., EMTEL aspects, IPv6 migration, keying strategies and methods;

  • Tracking ongoing worldwide security activities of interest to TISPAN


TISPAN 7 shall undertake activities including, but not restricted to:

  • Determine and document the objectives and priorities for TISPAN security taking into account the needs and aspirations of users, operators, regulators and manufacturers (primarily building a secure Service Capability invocation and protection model).

  • Accommodate, as far as is practicable, any regional regulatory requirements in security objectives. This includes regional regulatory requirements that are related to the processing of personal data and privacy.

  • Ensure that a threat analysis for TISPAN is conducted and maintained as the feature set being standardised grows.

  • Detail the security requirements for TISPAN to include, but not necessarily be limited to, security requirements for services, user access to services, billing and accounting, operations and maintenance, and fraud control.

  • Detail the security requirements for the physical elements of TISPAN to include, but not necessarily be limited to, security requirements for the access network, the core network and its interfaces to legacy networks and terminals.

  • Define a security architecture for TISPAN which will satisfy the security requirements and align with the TISPAN system architecture.

  • Produce specifications for:

               -        all the elements in the security architecture.
               -        the operations and management of the security elements.
               -        any cryptographic algorithms needed for the security elements.

  • Ensure the availability of any cryptographic algorithms which need to be part of the common specifications (via SAGE for example).

  • Define how the specifications for the security elements are to be integrated into the access network, core network, terminal, O&M and other relevant specifications produced by for NGN, and to assist with that integration.

  • Detail the requirements for lawful interception in TISPAN, and produce all specifications needed to meet those requirements. This work shall be performed in conjunction with TC LI to ensure handover capabilities exist sufficient to support the intercepted material.

  • Produce a time and milestones plan for the introduction of the various elements of the security architecture which is in line with the development of TISPAN.

  • Produce guidelines on the use of the TISPAN security elements, including any requirements for operator specific algorithms.

  • Produce guidelines on the limitations of TISPAN security, and of the implications of not activating the security elements that are provided.

In addition, security services and mechanisms for providing services over the Internet will continue to be investigated. TISPAN security will also focus concretely on security mechanisms for network types of interest. For example (in alphabetic order):

  • Applications over Internet (e.g. SIP and other types of telephony)

  • Applications over private IP-net (e.g. H.323 and other types of telephony)

  • ATM-net

  • Ethernet

  • Internet

  • ISDN/PSTN over ATM

  • ISDN/PSTN over IP

  • ISDN/PSTN over SDH

  • MPLS-net

  • Next Generation SDH

  • Private IP-net

  • SDH

It is important to realize that security for open networks and for interoperability is challenging. Third party service creation is a major potential security issue that will be addressed by the new TB.

Protection of user privacy is a significant issue as well.  Solutions for protection of information like calling number in the PSTN/ISDN will not translate easily to, for example, an open SIP-based network where untrusted participants can directly receive SIP signalling.

Collaboration with other bodies (both inside and outside ETSI)

  • Liaisons may be established with the following bodies: 3GPP TSG SA3, ETSI SAGE, ETSI OCG Security, ETSI TC LI and other bodies as required.

see also: WG1 | WG2 | WG3 | WG4 | WG5 | WG6 | WG7 | WG8


Last updated: 2009-06-04 16:40:16