ETSI TR 101 771 V1.1.1 (2001-04)

SLOVENSKI STANDARD
01-april-2004
Harmonizacija telekomunikacij in internetnega protokola prek omrežij (TIPHON), 4.
izdaja - Definicija zahtev neodvisne storitve - Analiza groženj
Telecommunications and Internet protocol Harmonization Over Networks (TIPHON)
Release 4; Service Independent requirements definition; Threat Analysis
Ta slovenski standard je istoveten z: TR 101 771 Version 1.1.1
ICS:
33.020 Telekomunikacije na splošno Telecommunications in
general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

Technical Report
TIPHON Release 4;
Service Independent requirements definition;
Threat Analysis
2 ETSI TR 101 771 V1.1.1 (2001-04)
Reference
DTR/TIPHON-08002
Keywords
IP,network,security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33492 94 4200 Fax: +33493 65 4716
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at http://www.etsi.org/tb/status/
If you find errors in the present document, send your comment to:
editor@etsi.fr
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2001.
All rights reserved.
ETSI
3 ETSI TR 101 771 V1.1.1 (2001-04)
Contents
Intellectual Property Rights .6
Foreword.6
1 Scope.7
2 References.7
3 Definitions and abbreviations.8
3.1 Definitions . 8
3.2 Abbreviations. 8
4 Overview.9
5 System's Design.11
5.1 Network Architecture. 11
5.2 General Design. 11
5.3 TIPHON Connectivity Scenarios . 12
5.3.1 Scenario 1. 12
5.3.2 Scenario 2. 13
5.3.3 Scenario 3. 13
5.3.4 Scenario 4. 14
5.4 Services . 14
6 Security Objectives.14
6.1 Main Security Objectives. 14
6.2 Customers' (Subscribers') Objectives . 15
6.3 Objectives of (TIPHON) Service and Network Providers . 15
6.4 Manufacturers' Objectives . 15
7 System's Review.15
8 Threat Analysis and possible Countermeasures .16
8.1 Denial of service . 17
8.1.1 Possible Attack Methods. 17
8.1.2 Impact . 17
8.1.3 Possible Countermeasures. 17
8.2 Eavesdropping. 17
8.2.1 Possible Attack Methods. 17
8.2.2 Impact . 18
8.2.3 Possible Countermeasures. 18
8.3 Masquerade. 18
8.3.1 Possible Attack Methods. 18
8.3.2 Impact . 18
8.3.3 Possible Countermeasures. 18
8.4 Unauthorized access . 19
8.4.1 Possible Attack Methods. 19
8.4.2 Impact . 19
8.4.3 Possible Countermeasures. 19
8.5 Loss of information . 19
8.5.1 Possible Attack Methods. 19
8.5.2 Impact . 19
8.5.3 Possible Countermeasures. 20
8.6 Corruption of information. 20
8.6.1 Possible Attack Methods. 20
8.6.2 Impact . 20
8.6.3 Possible Countermeasures. 20
8.7 Repudiation. 20
8.7.1 Possible Attack Methods. 20
8.7.2 Impact . 21
ETSI
4 ETSI TR 101 771 V1.1.1 (2001-04)
8.7.3 Possible Countermeasures. 21
9 Risk Assessment.21
9.1 Methodology. 21
9.2 Evaluation of Risks . 23
9.3 Effectiveness of Countermeasures. 24
10 Recommendations .26
10.1 Security Policy. 26
10.2 Recommendation to the TIPHON Security Profiles. 27
10.3 Recommendation to the TIPHON network architecture. 27
10.4 Recommendation to TIPHON Services . 27
Annex A: Legislation Issues .28
A.1 Privacy .28
A.2 Security Order .28
A.3 Lawful Interception .28
A.4 Contract.29
Annex B: Description of Threats .30
B.1 Denial of services .30
B.1.1 Denial of Service on Network Elements. 30
B.1.2 Denial of Services . 30
B.2 Eavesdropping.30
B.2.1 Eavesdropping of content of communication. 30
B.2.2 Eavesdropping of network element IDs. 30
B.2.3 Eavesdropping of service authorization data. 31
B.2.4 Eavesdropping of network element authentication data. 31
B.3 Masquerade .31
B.3.1 Masquerade as legitimate user during the registration process . 31
B.3.2 Masquerade as network entity during the registration process. 31
B.3.3 Masquerade as legitimate user during the authentication process . 31
B.3.4 Masquerade as network entity during the authentication process. 32
B.3.5 Masquerade as calling party during call setup . 32
B.3.6 Masquerade as called party during call setup. 32
B.3.7 Masquerade as non-terminating network entity during call setup . 32
B.3.8 Masquerade as conference call party during an active connection. 32
B.3.9 Masquerade as non-terminating network entity during an active connection . 32
B.4 Modification of information.33
B.4.1 Modification of Terminal IDs . 33
B.4.2 Modification of call setup information . 33
B.4.3 Modification of routing information. 33
B.4.4 Modification of user access authentication data (e.g. for subsequent use). 33
B.4.5 Modification of data exchanged in the registration process . 34
B.4.6 Modification of content of communication. 34
B.4.7 Modification of network element IDs. 34
B.4.8 Modification of service authentication data (i.e. part of content of communication) . 34
B.4.9 Modification of network element authentication data . 34
B.4.10 Modification of billing data . 34
B.5 Unauthorized access .35
B.5.1 Unauthorized access to a network element . 35
B.5.2 Unauthorized access on service elements . 35
Annex C: Description and possible examples of Countermeasures .36
C.1 Authentication .36
C.1.1 Authentication with password. 36
C.1.2 Authentication based on one-time passwords . 37
ETSI
5 ETSI TR 101 771 V1.1.1 (2001-04)
C.1.3 Authentication based on secret key . 37
C.1.4 Authentication based on digital signature. 38
C.2 Digital Signature.38
C.3 Access Control .38
C.4 Virtual Private Network.39
C.5 Secure Configuration of Operating Systems .39
C.6 Secure Configuration of Networks .39
C.7 Protection from Denial of Service Attacks on Hosts and Media Streams.40
C.7.1 Filtering at network ingress. 40
C.7.2 Filtering at network egress. 40
C.7.3 Disable directed broadcast. 40
C.7.4 H.235v2 Media Anti-spamming method for RTP channels. 40
C.7.5 Tools to scan for distributed drones. 41
C.7.6 Procedures and plans for crisis management: . 41
C.8 Physical Protection .41
C.9 Encryption.42
C.9.1 Algorithms and Keys. 42
C.9.2 Symmetric and Public-Key Algorithms. 42
C.9.3 Hardware and Software . 43
C.9.4 Security on call management . 43
C.9.5 Security on the voice data stream. 43
C.10 Intrusion Detection Systems.44
C.11 Auditing and logging .44
C.12 Non-Repudiation measures .45
Annex D: Threat and Countermeasure Template for Providers .46
Annex E: Bibliography.48
History .49
ETSI
6 ETSI TR 101 771 V1.1.1 (2001-04)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://www.etsi.org/ipr).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Report (TR) has been produced by ETSI Project Telecommunications and Internet Protocol
Harmonization Over Networks (TIPHON).
ETSI
7 ETSI TR 101 771 V1.1.1 (2001-04)
1 Scope
The present document provides a comprehensive analysis of security threats to the TIPHON environment as described
in principle in TS 101 313 [9]. It includes a definition of the security objectives, a description of the assets within the
TIPHON environment, a list of threats to the TIPHON environment, a risk assessment, and a recommendation of the
necessary security countermeasures.
TIPHON compliant systems bring together IP-based and SCN-based communications. Therefore it is recommended to
comply with a certain level of security. Because of the well-known threats and counter-measures in the SCN, the
present document focuses primarily on the IP-internal, IP-to-SCN functions.
The following network elements form the simplified TIPHON architecture as described in principle in TS 101 313 [9]
for ITU-T Recommendation H.323 [12] to SCN interworking, which is used as basis for the present document:
• Terminals;
• Call control element, e.g. Gatekeeper;
• Admission control element, e.g. User Profile;
• Decomposed Inter-technology gateway consisting of:
- Media Gateway Controller;
- Media Gateway;
- Signalling Gateway.
Where appropriate the guidelines for conduct of a threat analysis described in ETR 332 [1] are followed.
It is intended to expand the present document to cover additional functions and services in a future edition to cover the
extended TIPHON environment described by TS 101 314 ed1 (for TIPHON release 2), for TS 101 314 ed2 (TIPHON
release 3) and also in TS 101 882 [17] (TIPHON release 3) as an examination of threats against meta-protocols.
2 References
For the purposes of this Technical Report (TR) the following references apply:
[1] ETSI ETR 332: "Security Techniques Advisory Group (STAG); Security requirements capture".
[2] ETSI ETR 232: "Security Techniques Advisory Group (STAG); Glossary of security
terminology".
[3] ETSI TR 101 750: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON); Security; Studies into the Impact of lawful interception".
[4] ITU-T Recommendation X.811 (1995): "Information technology - Open System
Interconnection - Security framework for open systems: Authentication framework".
[5] ETSI ETR 237 (1996): "Security Techniques Advisory Group (STAG); Baseline security
standards; Features and mechanisms".
[6] ETSI EN 301 261-3 (1998): "Telecommunications Management Network (TMN); Security;
Part 3: Security services; Authentication of users and entities in a TMN environment".
[7] ISO/IEC 13335 (parts 1 to 5): "Information technology - Guidelines for the Management of IT
Security (GMITS)".
[8] ISO/IEC 10181-4: "Information technology - Open Systems Interconnection - Security
frameworks for open systems: Non-repudiation framework".
[9] ETSI TS 101 313:"Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON); Network architecture and reference configurations; Phase II: Scenario 1 + Scenario 2".
ETSI
8 ETSI TR 101 771 V1.1.1 (2001-04)
[10] ISO/IEC 10181-3:"Information technology - Open Systems Interconnection - Security frameworks
for open systems: Access control framework".
[11] ETSI TS 101 323: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON); Interoperable security profiles".
[12] ITU-T Recommendation H.323: "Packet based multimedia communication systems".
[13] ITU-T Recommendation H.235: "Security and encryption for H-Series (H.323 and other
H.245-based) multimedia terminals".
[14] ITU-T Recommendation H.245: "Control protocol for multimedia communication".
[15] ETSI TS 101 314: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON); Network architecture and reference configurations; TIPHON Release 2".
[16] RFC 2194 (1997): "Review of Roaming implementations".
[17] ETSI TR 101 882: "TIPHON Release 3; Protocol Framework Definition; General".
[18] RFC 2828: "Internet Security Glossary".
[19] RFC 2644: "Changing the Default for Directed Broadcasts in Routers".
[20] RFC 2267: "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP
Source Address Spoofing ".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in ETR 232 [2] and the following apply.
NOTE: TIPHON is used in the following as synonym for "TIPHON compliant systems".
federation: collection of networked systems that can interact (interoperate) without being part of a single management
domain
hijack attack: form of active wiretapping in which the attacker seizes control of a previously established
communication association [18]
security policy: set of rules and practices that specify or regulate how a system or organization provides security to
protect sensitive and critical system resources and the offered services
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
BE Back End
BER Back End Routing function
CH ClearingHouse
DoS Denial of Service
GK GateKeeper
GW GateWay
ID Identifier
IETF Internet Engineering Task Force
IP Internet Protocol
ITSP IP-Telephony Service Provider
MGC Media Gateway Controller
MGW Media Gateway
MMI Man-Machine-Interface
ETSI
9 ETSI TR 101 771 V1.1.1 (2001-04)
NE Network Element
OSP Open Settlement Protocol
PIN Personal Identification Number
PRS Premium Rate Service
PSTN Public Switched Telephony Network
RAS Request Admission Status
RFC Request For Comments
RS Resolution Service
SAP Service Access Point
SCN Switched Circuit Network
SGW Signalling Gateway
TCP Transport Control Protocol
TIPHON Telecommunication and Internet Protocol Harmonization over Networks
TR Technical Report
UP User Profile
UPT Universal Personal Telecommunications
VoIP Voice over IP
4Overview
The present document follows the methodology generally described in ETR 332 [1] and is therefore structured in the
following way.
ETSI
10 ETSI TR 101 771 V1.1.1 (2001-04)
Re-design
System’s Design
(clause 5)
Security Objectives
Definition
(clause 6)
System’s Review
(clause 7)
Threat Analysis
(clause 8)
dentification of possible
countermeasures
(subclauses 8.x.3)
Evaluation of Risks
(subclause 9.2)
Effectiveness of
Countermeasures
(subclause 9.3)
Recommendations
(clause 10)
Final Risk Selection of
Assessment Countermeasures
Figure 1: Structure of analysis
ETSI
TIPHON work
TIPHON WG8 work (this document)

11 ETSI TR 101 771 V1.1.1 (2001-04)
The present document is structured in the following way:
Clause 5 reflects the TIPHON architecture by using a simplified model as described in [17] according to the scope of
the present document. The definition of the Security Objectives can be found in clause 6. A System's Review for a
complete understanding of the system, its properties, boundaries and relationships to the external world is given in
clause 7 based on a simplified architectural model. Clause 8 describes the threats identified to the network elements,
their impact and lists possible countermeasures in clauses 8.1.3 to 8.7.3. The methodology of the risk assessment and
the risk assessment itself is outlined in clause 9, covering the Evaluation of risks in clause 9.2 and the Effectiveness of
countermeasures in clause 9.3. Clause 10 draws conclusions of the steps described in clauses 5 to 9 in listing a number
of recommendations.
The following annexes are informative. Annex A deals with the Legislation Issues. Annex B provides a comprehensive
description of the identified threats and gives examples. Annex C lists a number of countermeasures and possible
implementations. Annex D contains a checklist for countermeasures against major threats.
5System'sDesign
5.1 Network Architecture
This clause describes the general TIPHON network architecture in order to provide a basis to perform a complete threat
analysis as outlined in clause 4. It covers the step "System's Review".
5.2 General Design
In this clause the mapping of the functional to the physical architecture and the network procedures are shortly
described.
End to end service
IP
SCN
SCN
IP
Figure 2: Overview of a general TIPHON domain
TIPHON can be drawn as a network of networks where the constituent networks may be based upon IP or Circuit
Switching technologies. In addition TIPHON ensures that service users and providers are able to call upon standardized
inter-domain settlement protocols.
ETSI
12 ETSI TR 101 771 V1.1.1 (2001-04)
The following assumptions shall apply as guiding principles for TIPHON:
• TIPHON terminals may be PC-like or telephone-like;
• the MMI of the terminal shall tend towards that of a telephone;
• operation of a TIPHON terminal shall tend towards that of a telephone (and shall therefore encompass single
stage dialling, network type abstraction).
5.3 TIPHON Connectivity Scenarios
The TIPHON architecture is defined with respect to the support of a number of reference scenarios outlined below:
• the delivery of telephone calls which originate in an IP network and are delivered to Switched Circuit Networks
(SCN), such as Public Switched Telephone Network (PSTN), Integrated Services Digital Networks (ISDN) and
Global System for Mobile communication (GSM) networks (according to TIPHON Scenario 1);
• the delivery of telephone calls which originate in SCNs and are delivered in an IP network (according to
TIPHON Scenario 2);
• the delivery of telephone calls which originate in SCNs, routed through an IP network and finally delivered to an
SCN (according to TIPHON Scenario 3);
• the delivery of telephone calls which originate and terminate in IP networks. Such calls may be routed using an
SCN (according to TIPHON Scenario 4).
NOTE: In each of the above cases the IP network hosted user is assumed to be using a TIPHON compliant
terminal.
5.3.1 Scenario 1
H.323 terminal
IP
IP Network
Access
Access
Local or distributed
IWF
function
Call initiated from IP Network
to SCN
SCN
Phas e 1
Phas e I
Figure 3: Scenario 1, Source on IP network to destination on SCN network
ETSI
13 ETSI TR 101 771 V1.1.1 (2001-04)
5.3.2 Scenario 2
H.323 terminal
IP
IP Network
Access
Local or distributed
IWF
function
Call initiated from SCN
to IP Network
SCN
Phas e 1
Phas e I
Figure 4: Scenario 2, Source on SCN network to destination on IP network
5.3.3 Scenario 3
IP Network
Local or distributed Local or distributed
IWF IWF
function function
SCN SCN
Phase 1
Phase I
Figure 5: Scenario 3, Source and destination on SCN network using an IP transit network
ETSI
14 ETSI TR 101 771 V1.1.1 (2001-04)
5.3.4 Scenario 4
PSTN/ISDN
IP Network
SCN
Local or distributed Local or distributed
IWF IWF
function function
H.323 terminal H.323 terminal
IP IP
IP Network
Access IP Network Access
Phase 1
Phase I
Figure 6: Scenario 4, Source and destination on IP network (maybe using an SCN transit network)
5.4 Services
For further study.
6 Security Objectives
The requirements for TIPHON security originate from different sources:
• Customers/Subscribers need confidence in services relying on EP TIPHON specifications, e.g. correct billing. In
addition Customers/Subscribers demand availability of services, fair competition and privacy protection;
• Network Operators/Service Providers/Access Providers themselves need security to safeguard their operation
and business interests, to meet their obligations to the customers and the public;
• The Authorities demand security by Directives and Legislation in order to ensure availability of services.
The reason why these parties are increasingly aware of security requirements is the fact that there are growing threats
and risks caused by changes in the overall regulatory and technological environment. The purpose of this clause is to
describe the aim of the security measures taken in a network and management for TIPHON compliant systems. Focus is
on what security will achieve rather than how it is done. These generic security objectives form, together with the
system's design (see clause 5: System's Design), a basis for threat analysis and risk assessment. The listed objectives do
not contain general constraints like performance, cost, user friendliness etc.
6.1 Main Security Objectives
The general security objectives of the present document can be summarized to the following main security objectives
(with appropriate definitions from ETR 332 [1]):
• confidentiality
The avoidance of the disclosure of information without the permission of its owner.
• integrity
The property that data has not been altered or destroyed in an unauthorized manner.
ETSI
15 ETSI TR 101 771 V1.1.1 (2001-04)
• accountability
The principle whereby individuals are held responsible for the effect of any of their actions that might lead to a
violation.
• availability
The property of being accessible and usable upon demand by an authorized entity.
• non-repudiation
A property by which one of the entities or parties in a communication cannot deny having participated in the
whole or part of the communication.
Therefore, threat analysis, risk assessment and proposed countermeasures will be based on these objectives. However,
the following specific objectives may also be considered.
6.2 Customers' (Subscribers') Objectives
The objectives of customers are not uniform. An enterprise does not always require the same as a private person. The
following list gives examples of possible objectives which may have implications on security:
• availability and correct functionality of service subscription (including reachability, availability and correct
functionality);
• correct and verifiable billing;
• data integrity;
• data confidentiality/privacy;
• capability to use a service anonymously;
• location confidentiality (is probably part of service anonymousity).
6.3 Objectives of (TIPHON) Service and Network Providers
The following list gives examples of objectives that may have implications on security:
• availability and correct functionality of network procedures for TIPHON;
• availability and correct functionality of service, network and element management for TIPHON;
• correct and verifiable billing and accounting, above all no possibility of fraud;
• non-repudiation for all network procedures and for all management activities;
• preservation of reputation (above all preservation of customers' and investors' trust).
6.4 Manufacturers' Objectives
The following list gives examples of objectives that may have implications on security:
• fulfilling market objectives;
• preservation of reputation.
7System'sReview
In this first edition of the Threat Analysis the following architecture, which is derived from annex B of [15] forms the
basis for evaluation and assessment. It has to be recognized that the architecture is subject to change as a result of the
present document and thus may lead to revisions of the present document.
ETSI
16 ETSI TR 101 771 V1.1.1 (2001-04)
However, it should be noted that for the purpose of this generic threat analysis it is not necessary to look at the internal
operations of the functional entities and therefore the following simplified architectural model can be used for all
TIPHON scenarios.
Back end
User profile routing
function
S2
SC2
R2
Gate- Gate-
keeper keeper
C2
R1
C2
C1
MG Sig-
C3
GW
control
Termi
S
nal
N3
C
M3
N
M1
MGW
Gateway
T1
T2 T3
IP transport plane
Figure 7: Network Elements and Interfaces
The primary investigations will be for reference points C1, C2, Mx, N3, Rx, S2, SC2 with all other reference points
being investigated only where significant risks are identified. Physical access points are used to access logical reference
points. This threat analysis concentrates on logical reference points to allow a finer granularity with the respect to
threats.
Reference point C3 is out of scope of the present document, because it is part of an SS7 network, which should be based
on an SS7 threat analysis.
For reference points Tx the IP transport plane is likely to also support non-TIPHON services. Generally a network
provider for a large number of IP-based services will provide the IP transport plane. The IP transport plane is therefore
out of scope of the present document. However, it is strongly recommended to IP network providers to perform an
individual risk analysis and implement appropriate countermeasures to secure their network.
NOTE: After having read the TR 101 882 [17] we consider the present document as very useful. However, due to
the urging demand for a first edition of the threat analysis, it was decided to go on with the simplified
architecture model shown in the figure above.
8 Threat Analysis and possible Countermeasures
In this clause a description of common threats concerning the network and service architecture of TIPHON is given, in
order to evaluate risks. Sophisticated application services based on generic TIPHON services are not taken into account.
The likelihood of the threats is different and will be covered in clause 9. These major categories of threats are described
below:
• Denial of service.
• Eavesdropping.
• Masquerade.
• Unauthorized access.
ETSI
17 ETSI TR 101 771 V1.1.1 (2001-04)
• Loss of information.
• Corruption of information.
• Repudiation.
8.1 Denial of service
An entity fails to perform its function or prevents other entities from performing their functions. More comprehensive
descriptions and functions can be found in clause B.1.
8.1.1 Possible Attack Methods
• Flooding the target.
• Modifying stored information (e.g. user profile, routing information).
• Physical removing of resources (e.g. theft of equipment).
• Cutting off network connections.
8.1.2 Impact
• Inability to provide the service.
• Service failure.
• Degradation of service.
• Loss of revenue.
• Reduction of customer satisfaction (may lead to loss of customers).
8.1.3 Possible Countermeasures
• Authentication (see clause C.1).
• Access Control (see clause C.3).
• Secure Configuration of Operating Systems (see clause C.5).
• Physical Protection (see clause C.8).
8.2 Eavesdropping
A breach of confidentiality by unauthorized monitoring of communication, see clause B.2.
8.2.1 Possible Attack Methods
• Attaching a protocol analyser to any accessible link.
• Illegal use of lawful interception facilities.
• Illegal activation of optional features/tools (e.g. conference features).
ETSI
18 ETSI TR 101 771 V1.1.1 (2001-04)
8.2.2 Impact
• Loss of confidentiality of customer data.
• Loss of confidentiality of service information data.
• Loss of confidentiality of management information.
• Loss of confidentiality of charging information.
• Loss of confidentiality of authentication data.
8.2.3 Possible Countermeasures
• Virtual Private Network (see clause C.4).
• Access Control (see clause C.3).
• Secure Configuration of Operating Systems (see clause C.5).
• Secure Configuration of Network Elements (see clause C.6).
• Physical Protection (see clause C.8).
• Encryption (see clause C.9).
8.3 Masquerade
The pretence of an entity to be a different entity, see clause B.3. This may be the bases for other threats like
unauthorized access or forgery.
8.3.1 Possible Attack Methods
• Hijack attack on a link after authentication has been performed.
• Using authentication information which has been obtained by eavesdropping, e.g. replay attack.
8.3.2 Impact
• Illegal access to the service/network.
• Loss of revenue.
• Financial disadvantage for individual legal subscribers.
• Loss of confidentiality.
• Loss of confidence in the system.
8.3.3 Possible Countermeasures
• Authentication by strong methods like one-time password, challenge response (see clause C.1).
• Digital Signature (see clause C.2).
• Virtual Private Network (see clause C.4).
• Access Control (see clause C.3).
• Physical Protection (see clause C.8).
ETSI
19 ETSI TR 101 771 V1.1.1 (2001-04)
• Encryption (see clause C.9).
8.4 Unauthorized access
An attacker gains access to a system or application without permission, see clause B.5.
8.4.1 Possible Attack Methods
• Exploiting system weaknesses.
• Masquerading as an entity with higher access permission.
8.4.2 Impact
• Loss of revenue.
• Illegal use of service.
• Loss of confidentiality.
• Loss or corruption of information.
• Forgery.
• Denial of service.
8.4.3 Possible Countermeasures
• Authentication (see clause C.1).
• Access Control (see clause C.3).
• Secure Configuration of Operating Systems (see clause C.5).
• Secure Configuration of Network Elements (see clause C.6).
• Virtual Private Network (see clause C.4).
• Digital Signature (s
...