ETSI TR 187 010 V2.1.1 (2008-07)

ETSI TR 187 010 V2.1.1 (2008-07)
Technical Report


Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
NGN Security;
Report on issues related to security in identity management
and their resolution in the NGN

---------------------- Page: 1 ----------------------
2 ETSI TR 187 010 V2.1.1 (2008-07)



Reference
DTR/TISPAN-07027-NGN-R2
Keywords
management, ID, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2008.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TR 187 010 V2.1.1 (2008-07)
Contents
Intellectual Property Rights.5
Foreword.5
1 Scope.6
2 References.6
2.1 Normative references.6
2.2 Informative references.6
3 Definitions, and abbreviations.8
3.1 Definitions.8
3.2 Abbreviations.9
4 Review of IdM .10
4.1 Overview.10
4.2 Characterization of theft potential of identity.11
4.3 Regulatory protection of Identity .11
4.4 Purpose of Identity and Identity Management in the NGN .12
4.5 Identity portability.12
4.6 Identity versus identifier.12
4.7 Principles for handling personal data in ICT networks .14
5 IdM themes in other standardization bodies.16
5.1 Overview.16
5.2 Common thematic model.16
5.3 Common functional themes.17
5.3.1 Authorization.17
5.3.2 Authentication.18
5.3.3 Contextual uniqueness.18
6 Identity in the NGN.18
6.1 Overview of the NGN .18
6.2 IdM models relevant to the NGN .19
6.2.1 The Subscriber Management model .19
6.2.2 The ECN&S Model .19
6.2.3 The UCI model.20
6.3 The NGN transport platform .20
6.4 Service platform.21
6.5 Identity crime in the NGN.21
6.5.1 Identity theft.21
6.5.2 Identity fraud.21
6.5.3 The NGN as a barrier to identity crime.21
6.6 NGN security objectives related to IdM.22
7 IdM Threat, Vulnerability and Risk Analysis (TVRA).22
7.1 TVRA overview and introduction.22
7.2 Unwanted incidents relating to Identity and IdM in the NGN .22
7.2.1 Unauthorized creation of identities.22
7.2.2 Unauthorized destruction of identities .23
7.2.3 Transfer of responsibility for identities and identifiers between CSPs .23
7.2.4 Masquerade.23
7.2.4.1 Self-revealing and non-self-revealing masquerade .23
7.2.5 Traffic analysis to obtain behavioural patterns .24
7.3 IdM assets.24
7.3.1 Mapping of IdM assets to NGN.26
7.4 Vulnerabilities in NGNs with relevance to IdM.26
7.5 IdM Risk assessment .26
7.5.1 Masquerade.26
7.5.1.1 By mimic of structure of NGN identifiers.26
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TR 187 010 V2.1.1 (2008-07)
7.5.1.2 By capture of NGN identifier on NGN interfaces (eavesdropping) .27
7.6 IdM risk classification.27
7.7 IdM countermeasure framework .27
7.7.1 Counter to masquerade.27
7.7.1.1 Policy measures.27
7.7.1.2 Service platform.27
7.7.2 Counter to eavesdropping .28
7.8 Functional security requirements.28
7.8.1 Modified IdM risk classification.29
Annex A: An analysis of IdM activities in non-ETSI bodies.30
A.1 ITU-T.30
A.1.1 Overview.30
A.1.2 ITU-T FG IdM .30
A.2 3GPP.32
A.2.1 Overview of activities .32
A.2.2 Current IdM work themes .32
A.2.3 The Generic Bootstrapping Architecture (GBA).32
A.3 Liberty Alliance Project (LAP) .34
A.3.1 Overview.34
A.3.2 Overview of activities .35
A.3.3 Current IdM work themes .35
A.3.4 Identities and identifiers used in LAP .36
A.4 OASIS.36
A.4.1 Overview.36
A.4.2 Identity Management based on WS-Trust and WS-Federation .37
A.5 OpenID.38
A.5.1 Overview of activities .38
A.5.2 Current IdM work themes .38
A.5.3 Identities or identifiers used in OpenID .38
A.5.4 Security of OpenID .39
History .40

ETSI

---------------------- Page: 4 ----------------------
5 ETSI TR 187 010 V2.1.1 (2008-07)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Report (TR) has been produced by ETSI Technical Committee Telecommunications and Internet
converged Services and Protocols for Advanced Networking (TISPAN).
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TR 187 010 V2.1.1 (2008-07)
1 Scope
The present document summarizes the work that is ongoing in relation to management of trusted identifiers (often
referred to as the generic term Identity Management (IdM)) within a number of international standardization bodies and
industry fora. From this summary, it identifies common themes which are relevant to IdM within ETSI's NGN activities
and then presents the results of an IdM Threat Vulnerability and Risk Analysis (TVRA) based upon the method
described in TS 102 165-1 [i.1].
The present document derives and presents a set of objectives and requirements for providing security of Identity and
IdM in the NGN.
NOTE: The issues raised in the present document have been analysed with respect to the NGN but apply equally
to existing and alternative telecommunications networks.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably,
the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the
reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the
method of access to the referenced document and the full network address, with the same punctuation and use of upper
case and lower case letters.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
Not applicable.
2.2 Informative references
The following referenced documents are not essential to the use of the present document but they assist the user with
regard to a particular subject area. For non-specific references, the latest version of the referenced document (including
any amendments) applies.
[i.1] ETSI TS 102 165-1: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for
Threat, Risk, Vulnerability Analysis".
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TR 187 010 V2.1.1 (2008-07)
[i.2] ETSI EG 202 387: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Security Design Guide; Method for application of Common
Criteria to ETSI deliverables".
[i.3] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Functional Architecture".
[i.4] ETSI TS 184 002: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Identifiers (IDs) for NGN".
[i.5] ETSI TS 188 002-2: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Network and Service Management; Subscription Management;
Part 2: Information Model".
[i.6] ETSI TS 102 165-2 (V4.1.1): "Telecommunications and Internet Protocol Harmonization Over
Networks (TIPHON) Release 4; Protocol Framework Definition; Methods and Protocols for
Security; Part 2: Counter Measures".
[i.7] ETSI TS 133 203: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); 3G security; Access security for IP-based services
(3GPP TS 33.203)".
[i.8] ETSI TR 184 003: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Number Portability scenarios in Next Generation Networks
(NGNs)".
[i.9] ETSI EG 284 004: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Incorporating Universal Communications Identifier (UCI)
support into the specification of Next Generation Networks (NGN)".
[i.10] ETSI EG 201 940: "Human Factors (HF); User Identification solutions in converging networks".
[i.11] ETSI EG 202 067: "Universal Communications Identifier (UCI); System framework".
[i.12] ETSI ES 282 004: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Functional Architecture; Network Attachment
Sub-System (NASS)".
[i.13] Directive 2002/58/EC of the European Parliament and of the council of 12 July 2002 concerning
the processing of personal data and the protection of privacy in the electronic communications
sector (Directive on privacy and electronic communications).
[i.14] UK Home Office; R.V.Clark; "Hot Products: understanding, anticipating and reducing demand for
stolen goods", ISBN 1-84082-278-3.
[i.15] Recommendation of the OECD Council in 1980 concerning guidelines governing the protection of
privacy and transborder flows of personal data (the OECD guidelines for personal data protection.
[i.16] ITU-T Recommendation E.164 (02/2005): "The international public telecommunication
numbering plan".
[i.17] ISO/IEC 17799 2005: "Information technology - Security techniques - Code of practice for
information security management".
[i.18] ISO/IEC 13335: "Information technology - Security techniques - Guidelines for the management
of IT security".
NOTE: ISO/IEC 13335 is a multipart publication and the reference above is used to refer to the series.
[i.19] ISO/IEC 15408-1: "Information technology - Security techniques - Evaluation criteria for IT
security - Part 1: Introduction and general model".
[i.20] ISO/IEC 15408-2: "Information technology - Security techniques - Evaluation criteria for IT
security - Part 2: Security functional requirements".
[i.21] AS/NZS 4360: "Risk Management".
ETSI

---------------------- Page: 7 ----------------------
8 ETSI TR 187 010 V2.1.1 (2008-07)
[i.22] Directive 2002/21/EC of the European Parliament and of the council of 7 March 2002 on a
common regulatory framework for electronic communications networks and services (Framework
Directive).
[i.23] Directive 2002/22/EC of the European Parliament and of the Council of 7 March 2002 on
Universal service and users' rights relating to electronic communications networks and services
(Universal Service Directive - OJ L 108, 24.04.2002).
[i.24] Directive 1999/5/EC of the European Parliament and of the Council of 9 March 1999 on radio
equipment and telecommunications terminal equipment and the mutual recognition of their
conformity.
[i.25] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement
of such data. .
[i.26] ETSI TS 133 220: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); Generic Authentication Architecture (GAA); Generic
bootstrapping architecture (3GPP TS 33.220 version 7.11.0 Release 7)".
[i.27] IETF RFC 2104: "HMAC: Keyed-Hashing for Message Authentication".
[i.28] IETF RFC 2821: "Simple Mail Transfer Protocol (SMTP)".
[i.29] NIST, FIBS-PUB 180-2: "Secure Hash Standard".
3 Definitions, and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in EG 202 387 [i.2], ISO/IEC 17799 [i.i.17],
ISO/IEC 13335-1 [i.18] and the following apply:
asset: anything that has value to the organization, its business operations and its continuity
authentication: ensuring that the identity of a subject or resource is the one claimed
availability: property of being accessible and usable on demand by an authorized entity ISO/IEC 13335-1 [i.18]
confidentiality: ensuring that information is accessible only to those authorized to have access
Concealable, Removable, Available, Valuable, Enjoyable, and Disposable (CRAVED): acronym for a classification
scheme to determine the likelihood that a particular type of item will be the subject of theft [i.14]
Identifier: series of digits, characters and symbols used to identify uniquely subscriber, user, network element, function
or network entity providing services/applications
Identity: identifier allocated to a particular entity, e.g. a particular end-user, provides an Identity for that entity
(TS 184 002 [i.i.4])
identity crime: generic term for identity theft, creating a false identity or committing identity fraud
identity fraud (1): use of a false identity or legitimate identity to support unlawful activity
identity fraud (2): falsely claiming to be a victim of identity theft to avoid obligation or liability
identity theft: event that occurs when sufficient information about an identity is obtained to facilitate identity fraud
impact: result of an information security incident, caused by a threat, which affects assets
integrity: safeguarding the accuracy and completeness of information and processing methods
mitigation: limitation of the negative consequences of a particular event
ETSI

---------------------- Page: 8 ----------------------
9 ETSI TR 187 010 V2.1.1 (2008-07)
nonce: arbitrary number that is generated for security purposes (such as an initialization vector) that is used only one
time in any security session
non-repudiation: ability to prove an action or event has taken place, so that this event or action cannot be repudiated
later
spam: bulk unsolicited communication where the benefit favours the sender
residual risk: risk remaining after risk treatment
risk: potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the
organization
threat: potential cause of an incident that may result in harm to a system or organization
NOTE 1: A threat consists of an asset, a threat agent and an adverse action of that threat agent on that asset
(reference [i.19]).
NOTE 2: A Threat is enacted by a Threat Agent, and may lead to an Unwanted Incident breaking certain
pre-defined security objectives.
threat agent: an entity that can adversely act on an asset
unwanted incident: incident such as loss of confidentiality, integrity and/or availability (reference [i.21])
user: person or process using the system in order to gain access to some system resident or system accessible service
vulnerability: weakness of an asset or group of assets that can be exploited by one or more threats
NOTE: A Vulnerability, consistent with the definition given in ISO/IEC 13335 [i.18], is modelled as the
combination of a Weakness that can be exploited by one or more Threats.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AKA Authentication and Key Agreement
BSF Bootstrap Server Function
CLIP Calling Line Identity Presentation
COLP Called Line Identification Presentation
CPE Customer Premises Equipment
CRAVED Concealable, Removable, Available, Valuable, Enjoyable, and Disposable
CSP Communications Service Provider
ECN Electronic Communications Network
ECN&S Electronic Communications Networks & Services
ECS Electronic Communications Service
GAA Generic Authentication Architecture
GBA Genetic Bootstrap Architecture
HSS Home Subscriber Server
IdM Identity Management
IdP Identity Provider
IMEI International Mobile Equipment Identity
IMS Internet protocol Multimedia Subsystem
IMSI International Mobile Subscriber Identity
LAP Liberty Alliance Project
NAF Network Application Function
NAI Network Access Identifier
NASS Network Access SubSystem
NP Number Portability
NT Network Termination
OASIS Organization for the Advancement of Structured Information Standards
PDU Protocol Data Units
PES PSTN Emulation Subsystem
PIP Personal Identity Portability
ETSI

---------------------- Page: 9 ----------------------
10 ETSI TR 187 010 V2.1.1 (2008-07)
R&TTE Radio equipment & Telecommunications Terminal Equipment
RACS Resource and Admission Control Subsystem
RP Relying Party
SDO Standards Development Organization
SIM Subscriber Identity Module
SLF Subscriber Locator Function
SPIT SPam over Internet Telephony
SpoA Service point of Attachment
SuM Subscription Management
TpoA Transport point of Attachment
TVRA Threat Vulnerability and Risk Analysis
UCI Universal Communications Identifier
UE User Equipment
UPM User Profile Management
4 Review of IdM
4.1 Overview
The identity of a human individual is generally considered to be non-transferable and to have the same lifetime as the
individual. The unauthorized use of a person's identity by a third party can have considerable short term as well as long
term financial and societal consequences for the victi
...