ETSI TR 101 510-1 V1.1.1 (2000-01)

SLOVENSKI STANDARD
SIST-TP ETSI/TR 101 510-1 V1.1.1:2005
01-januar-2005
Inteligentno omrežje (IN) – Varnostni vidiki funkcije krmiljenja storitev (SCF) –
Funkcija komutacije storitve (SSF) medsebojnega povezovanja omrežij – 1. del:
Operacije na podlagi prvega nabora zmožnosti (CS1)
Intelligent Network (IN); Security aspects of Switching Control Function (SCF) - Service
Switching Function (SSF) interconnection between networks; Part 1: Capability Set 1
(CS1) based operations
Ta slovenski standard je istoveten z: TR 101 510-1 Version 1.1.1
ICS:
33.040.35 Telefonska omrežja Telephone networks
SIST-TP ETSI/TR 101 510-1 V1.1.1:2005 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TP ETSI/TR 101 510-1 V1.1.1:2005

---------------------- Page: 2 ----------------------

SIST-TP ETSI/TR 101 510-1 V1.1.1:2005
ETSI TR 101 510-1 V1.1.1 (2000-01)
Technical Report
Intelligent Network (IN);
Security aspects of Switching Control Function (SCF) -
Service Switching Function (SSF)
interconnection between networks;
Part 1: Capability Set 1 (CS1) based operations

---------------------- Page: 3 ----------------------

SIST-TP ETSI/TR 101 510-1 V1.1.1:2005
2 ETSI TR 101 510-1 V1.1.1 (2000-01)
Reference
DTR/SPAN-061208-1
Keywords
CS1,IN, interworking, security
ETSI
Postal address
F-06921 Sophia Antipolis Cedex - FRANCE
Office address
650 Route des Lucioles - Sophia Antipolis
Valbonne - FRANCE
Tel.:+33492944200 Fax:+33493654716
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Internet
secretariat@etsi.fr
Individual copies of this ETSI deliverable
can be downloaded from
http://www.etsi.org
If you find errors in the present document, send your
comment to: editor@etsi.fr
Important notice
This ETSI deliverable may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network
drive within ETSI Secretariat.
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2000.
All rights reserved.
ETSI

---------------------- Page: 4 ----------------------

SIST-TP ETSI/TR 101 510-1 V1.1.1:2005
3 ETSI TR 101 510-1 V1.1.1 (2000-01)
Contents
Intellectual Property Rights.4
Foreword .4
Introduction .4
1 Scope.5
2 References.5
3 Definitions and abbreviations .5
3.1 Definitions.5
3.2 Abbreviations .6
4 Functionality .6
4.1 SSF .6
4.2 SCF.6
4.3 SSF-SCF Interconnection.7
5 Security considerations of operations .8
5.1 initialDP .8
5.2 connect .8
5.3 releaseCall .8
5.4 eventReportBCSM .8
5.5 requestReportBCSMEvent .8
5.6 continue .9
5.7 activityTest .9
6 Security countermeasures.9
6.1 Topology .9
6.2 Authentication .9
6.3 Access control .9
6.4 Integrity .10
6.5 Confidentiality.10
6.6 Non Repudiation.10
6.7 Accountability and auditing.10
6.8 Network security management .10
6.9 Testing and operation maintenance .10
Bibliography.11
History.12
ETSI

---------------------- Page: 5 ----------------------

SIST-TP ETSI/TR 101 510-1 V1.1.1:2005
4 ETSI TR 101 510-1 V1.1.1 (2000-01)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect
of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server
(http://www.etsi.org/ipr).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in SR 000 314 (or the updates on the ETSI Web server)
which are, or may be, or may become, essential to the present document.
Foreword
This Technical Report (TR) has been produced by ETSI Technical Committee Services and Protocols for Advanced
Networks (SPAN).
The present document is part 1 of a multi-part TR covering the Intelligent Network (IN); Security aspects of Switching
Control Function (SCF) - Service Switching Function (SSF) interconnection between networks, as identified below:
Part 1: "Capability Set 1 (CS1) based operations".
Part 2: "Capability Set 2 (CS2) based operations".
Introduction
Under IN CS1 & CS2, the IN SCP to SSP relationship, or Service Control to Switch, is confined to a single network operator's
domain and may actually be physically co-located as an SSCP. To optimize performance, the switch requires little security,
particularly if implemented within a `single unit` or SSCP. By not using the local processor for security, switch performance
may be optimized toward call processing with security and network protection measures provided at the Service Control Point.
In the case of inter-connected networks, direct implementation of the Inter-network Control to Switch relationship would require
appropriate security and authentication measures to be provided and managed at each SSF.
Within a single network, potential conflict between multiple SCFs is avoided by their management within a common domain.
When two networks are interconnected two (or more) SCFs in different domains can potentially control the same resource
(SSF). Then some secure resource allocation and management procedure must be deployed. Suitable mechanisms have not yet
been standardized. Network operators may prefer the option of utilizing the established inter-network SCF to SCF security
procedures and route inter-network service switching signalling messages via each Network's Service Control Point. In this case
appropriate security and authentication measures would be provided and managed at each SCF.
ETSI

---------------------- Page: 6 ----------------------

SIST-TP ETSI/TR 101 510-1 V1.1.1:2005
5 ETSI TR 101 510-1 V1.1.1 (2000-01)
1 Scope
The present document describes security aspects in conjunction with the interconnection of two IN structured networks.
The present document concentrates on the SCF - SSF interconnection.
The purpose of the present document is to describe the security aspects of interconnection of SCF to SSF. The
operations considered in this interconnection are a subset of CS1. For the time being CAMEL is the only application of
SCF - SSF interconnection, therefore the present document considers only CAMEL phase 1 operations. A later edition
may also consider other CS1 operations.
Future parts of the present document will investigate the security aspects of operation sets that are a subset of CS2 and
CS3.
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
• References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• For a non-specific reference, the latest version applies.
• A non-specific reference to an ETS shall also be taken to refer to later versions published as an EN with the same
number.
[1] ITU-T Recommendation Q.1228 (1997): "CD-ROM - Interface Recommendation for intelligent
network Capability Set 2".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
masquerade ("spoofing"): pretence of an entity to be a different entity. This may be a basis for other threats like
unauthorized access or forgery.
unauthorized access: entity attempts to access data in violation to the security policy in force.
eavesdropping: breach of confidentiality by monitoring communication.
loss or corruption of information: integrity of data (transferred) is compromised by unauthorized deletion, insertion,
modification, reordering, replay or delay.
replay of information: repetition of previously valid commands and responses with the intention of corrupting service
or causing an overload.
repudiation: denial by one of the entities involved in a communication of having participated in all or part of the
communication.
forgery: entity fabricates information and claims that such information was received from another entity or sent to
another entity.
denial of service: prevention of authorized access to resources or the delaying of time critical operations.
ETSI

---------------------- Page: 7 ----------------------

SIST-TP ETSI/TR 101 510-1 V1.1.1:2005
6 ETSI TR 101 510-1 V1.1.1 (2000-01)
unauthorized activity: attacker performs activities for which he has no pe
...