Telecommunication Standardization

Sector of the International

Telecommunications Union

ITU-T Recommendation
X.805 Security Architecture for
Systems Providing End-to-End
Communications

Internet Engineering Task Zachary Zeltsan,

Bell Laboratories,
Force Lucent Technologies
Rapporteur of Question 5 SG 17
IETF 63 meeting
Outline
 Origin of the ITU-T Recommendation X.805 - Security
Architecture for Systems Providing End-to-End
Communications
 Three main issues that X.805 addresses
 Security Dimensions
 Security Layers
 Security Planes
 ITU-T X.805 Security Architecture
 ITU-T Recommendation X.805 as a base for security work in
FGNGN Security Capability WG

2
Origin of the ITU-T Recommendation
X.805
ITU-T Recommendation X.805 Security architecture for
systems providing end‑to‑end communications had been
developed by ITU-T SG 17 (ITU-T Lead Study Group on
Telecommunication Security) and was published in October
2003.
The group has developed a set of the well-recognized
Recommendations on security. Among them are X.800 Series
of Recommendations on security and X.509 - Public-key and
Attribute Certificate Frameworks.

3
Three main issues that X.805
addresses
The security architecture addresses three essential issues:
1. What kind of protection is needed and against what threats?
2. What are the distinct types of network equipment and facility
groupings that need to be protected?
3. What are the distinct types of network activities that need to
be protected?

4
ITU-T X.800 Threat Model
(simplified)

X
1 - Destruction (an attack on availability):
 Destruction of information and/or network
resources

2 - Corruption (an attack on integrity):

 Unauthorized tampering with an asset

3 - Removal (an attack on availability):

 Theft, removal or loss of information and/or
other resources

4 - Disclosure (an attack on confidentiality):

 Unauthorized access to an asset

5 - Interruption (an attack on availability):

 Interruption of services. Network becomes
unavailable or unusable
X
5
Eight Security Dimensions Address the
Breadth of Network Vulnerabilities
• Limit & control access to
network elements, services & Access Control
• Provide Proof of Identity
applications
• Examples: shared secret,
• Examples: password, ACL,
firewall
Authentication PKI, digital signature, digital
certificate
• Prevent ability to deny that an
activity on the network Non-repudiation • Ensure confidentiality of data
occurred • Example: encryption
• Examples: system logs,
Data Confidentiality
digital signatures
• Ensure data is received as
• Ensure information only flows Communication Security sent or retrieved as stored
from source to destination • Examples: MD5, digital
• Examples: VPN, MPLS, signature, anti-virus software
L2TP Data Integrity

Availability
• Ensure network elements, • Ensure identification and
services and application network use is kept private
available to legitimate users Privacy • Examples: NAT, encryption
• Examples: IDS/IPS, network
redundancy, BC/DR

Eight Security Dimensions applied to each Security Perspective (layer and

6
How the Security Dimensions Map to the Security Threats
X.800 Security Threats

Security
Destruction Corruption Removal Disclosure Interruption
Dimension

Access Control    

Authentication  

Non-Repudiation     

Data Confidentiality  

Communication Security  

Data Integrity  

Availability  

Privacy 
7
Security Layers

Concept of Security Layers represents hierarchical approach

to securing a network
Mapping of the network equipment and facility groupings to
Security Layers could be instrumental for determining how
the network elements in upper layers can rely on protection
that the lower layers provide.

8
Three Security Layers
Applications Security
3 - Applications Security Layer:
THREATS
• Network-based applications accessed by
Services Security
Destruction end-users
Corruption
VULNERABILITIES
Removal
• Examples:
Disclosure – Web browsing
Vulnerabilities Can Exist
In Each Layer Infrastructure Security
Interruption – Directory assistance
ATTACKS – Email
– E-commerce

1 - Infrastructure Security Layer: 2 - Services Security Layer:

• Fundamental building blocks of networks • Services Provided to End-Users
services and applications • Examples:
• Examples: – Frame Relay, ATM, IP
– Individual routers, switches, servers – Cellular, Wi-Fi,
– Point-to-point WAN links – VoIP, QoS, Location services
– Ethernet links – Toll free call services

• Each Security Layer has unique vulnerabilities, threats

• Infrastructure security enables services security enables applications security

9
Example: Applying Security Layers to IP
Networks
Applying Security Layers to IP Networks
Infrastructure Security Layer
– Individual routers, servers
– Communication links
Services Security Layer
– Basic IP transport
– IP support services (e.g., AAA, DNS, DHCP)
– Value-added services: (e.g., VPN, VoIP, QoS)
Applications Security Layer
– Basic applications (e.g. FTP, web access)
– Fundamental applications (e.g., email)
– High-end applications (e.g., e-commerce, e-training)

10
Security Planes

Concept of Security Planes could be instrumental for

ensuring that essential network activities are protected
independently (e.g. compromise of security at the End-user
Security Plane does not affect functions associated with the
Management Security Plane).
Concept of Security Planes allows to identify potential
network vulnerabilities that may occur when distinct network
activities depend on the same security measures for
protection.

11
Three Security Planes
Security Layers
Applications Security
THREATS 1 - End-User Security Plane:
Destruction
• Access and use of the network by the
Services Security Corruption customers for various purposes:
VULNERABILITIES
Removal – Basic connectivity/transport
Disclosure
– Value-added services (VPN, VoIP, etc.)
Vulnerabilities Can Exist Interruption
In Each Layer and Plane Infrastructure Security – Access to network-based applications
ATTACKS (e.g., email)
End User Security

Security Planes Control/Signaling Security

Management Security

3 - Management Security Plane: 2 - Control/Signaling Security Plane:

• The management and provisioning of • Activities that enable efficient functioning of
network elements, services and the network
applications • Machine-to-machine communications
• Support of the FCAPS functions

• Security Planes represent the types of activities that occur on a network.

• Each Security Plane is applied to every Security Layer to yield nine security
Perspectives (3 x 3)
• Each security perspective has unique vulnerabilities and threats
12
Example: Applying Security Planes to Network Protocols

End User Security Plane

Activities Protocols
• End-user data transfer • HTTP, RTP, POP, IMAP
• End-user – application • TCP, UDP, FTP
interactions • IPsec, TLS

Control/Signaling Security Plane

Activities Protocols
• Update of routing/switching tables • BGP, OSPF, IS-IS, RIP,
• Service initiation, control, and PIM
teardown • SIP, RSVP, H.323, SS7.
• Application control • IKE, ICMP
• PKI, DNS, DHCP, SMTP

Management Security Plane

Activities Protocols
• Operations • SNMP
• Administration • Telnet
• Management • FTP
• Provisioning • HTTP

13
ITU-T X.805: Security Architecture for Systems
Providing End-to-End Communications
Security Layers
Applications Security
THREATS

Communication Security
Access Management

Data Confidentiality

Integrity
Destruction

Non-repudiation
Authentication

Availability
Control
Corruption

Integrity

Privacy
VULNERABILITIES
Services Security
Removal

Data
Vulnerabilities Disclosure
Can Exist
In Each Interruption
Layer, Infrastructure Security
Plane ATTACKS

End User Security

Security Planes Control/Signaling Security 8 Security Dimensions

Management Security

14
Modular Form of X.805
Infrastructur Applications
Services Layer
e Layer Layer
Management
Plane Module one Module four Module seven

Control/Signaling
Module two Module five Module eight
Plane
User Plane
Module three Module six Module Nine

Access Control Communication Security

– Management Network: top row Authentication Data Integrity

– Network Services: middle column
– Security Module: Layer & Plane Non-repudiation Availability
Intersection
Data Confidentiality Privacy

The eight Security Dimensions Are

Applied to Each Security Module

Provides a systematic, organized way for performing network security

assessments and planning
15
Module 3 – Infrastructure Layer – End-
User Plane
Security
Security Objectives
Dimension
Ensure that only authorised personnel or devices are allowed access to end-user data that is transiting a
Access Control network element or communications link or is resident in an offline storage device.

Verify the identity of the person or device attempting to access end-user data that is transiting a network
Authentication element of communications link or is resident in an offline storage device.
Authentication techniques may be required as part of Access Control.
Provide a record identifying each individual or device that accessed end-user data that is transiting a network
Non-Repudiation element or communications link, or is resident in offline devices and that the action was performed. The
record is to be used as proof of access to end-user data.
Protect end-user data that is transiting a network element or communications link, or is resident in an offline
Data Confidentiality storage device against unauthorised access or viewing. Techniques used to address access control may
contribute to providing data confidentiality for end-user data.

Communication Ensure that end-user data that is transiting a network element or communications link is not diverted or
Security intercepted as it flows between the end points (without an authorised access)
www.lucent.com/security

Protect end-user data that is transiting a network element or communications link or is resident in offline
Data Integrity storage devices against unauthorised modification, deletion, creation and replication.

Ensure that access to end-user data resident in in offline storage devices by authorised personnel and devices
Availability cannot be denied.

Ensure that network elements do not provide information pertaining to the end-users network activities (eg.
Privacy Users geographic location, websites visited, content etc.) to unauthorised personnel.

16
Summary: X.805 Provides a Holistic
Approach to Network Security
 Comprehensive, end-to-end network view of security

 Applies to any network technology

– Wireless, wireline, optical networks
– Voice, data, video, converged networks

 Applies to variety of networks

– Service provider networks
– Enterprise (service provider’s customer) networks
– Government networks
– Management/operations, administrative networks
– Data center networks

 Is aligned with other security ITU-T Recommendations and ISO standards

17
ITU-T Recommendation X.805 is a
Base for Security work in FGNGN
Security Capability WG

 Guidelines for NGN security and X.805

 NGN threat model (based on ITU-T X.800 and X.805
Recommendations)
 Security Dimensions and Mechanisms (based on ITU-T X.805)
 Access control  Communication security
 Authentication  Data integrity
 Non-repudiation  Availability
 Data confidentiality  Privacy

 NGN security requirements for Release 1 and X.805

 General considerations based on the concepts of X.805

18
Acronyms
AAA Authentication, Authorization, Accounting L2TP Layer Two Tunneling Protocol
ACL Access Control List MPLS Multi-Protocol Label Switching
ATM Asynchronous Transfer Mod NAT Network Address Translation
BC Business Continuity OSPF Open Shortest Path First
BGP Border Gateway Protocol PIM Protocol-Independent Multicast
DHCP Dynamic Host Configuration Protocol PKI Public Key Infrastructure
DNS Domain Name Service POP Post Office Protocol
DR Disaster Recovery QoS Quality of Service
FCAPS Fault-management, Configuration, RIP Routing Information Protocol
Accounting, Performance, and Security RSVP Resource Reservation Setup Protocol
FTP File Transfer Protocol
RTP Real-time Transport Protocol
HTTP Hyper Text Transfer Protocol SIP Session Initiation Protocol
ICMP Internet Control Message Protocol
SMTP Simple Mail Transfer Protocol
IDS Intrusion Detection System SNMP Simple Network Management Protocol
IKE Internet Key Exchange protocol SS7 Signaling System 7
IM Instant Messaging
TCP Transmission Control Protocol
IMAP Internet Message Access Protocol TLS Transport Layer Security protocol
IPS Intrusion Prevention System
UDP User Datagram Protocol
IPsec IP security (set of protocols) VoIP Voice over IP
IS-IS Intermediate System-to-Intermediate System
VPN Virtual Private Network
(routing protocol)

19
Thank you!

20