Norsk Telefoningeniørmøte 1992 - Telenor

More documents

Recommendations

Info

34 Home GSM Visiting GSM Figur 7 Pakketrafikk i GSM - Basic Packet - Dedicated Packet ISDN, men det er ikke mulig å kjøre pakketrafikk på signaleringskanalen. Ved Basic Packet vil abonnenten høre geografisk til en gitt PH (home PH). Dette er nødvendig for å kunne rute innkommende anrop fra pakkenettet til GSM-abonnenten. I tillegg kan brukeren ha lagret spesielle data i PH ved behov. Abonnenten kan kople seg til PH med både Case A og Case B prosedyre. Ved bruk av Case A vil abonnenten signalere circuit mode og angi adressen til PH selv. Ved bruk av Case B vil abonnenten signalere packet mode og IWF vil inkludere adressen til geografisk nærmeste PH. Hvis abonnenten er ute og roamer, slik at IWF legger inn en annen PH-adresse enn til sin Home PH, kalles dette Dedicated Packet. Denne tjenesten muliggjør at abonnenten kan kople seg til lokale PSPDN der han er, og ikke må rute seg inn i pakkenettet via Home PH. Hvis abonnenten han vil nå befinner seg lokalt, vil dette bety kortere oppkoplingsvei og lavere tariff. Det er også pekt på at pakketrafikk bør nå pakkenettet ved korteste vei, da pakketrafikk i sin natur er bedre tilpasset ett pakkenett enn det svitsjede 64 kbit nettet. Dedicated Packet har noen begrensninger. Brukeren vil få en standard profil, siden abonnenten ikke er registrert i PH. Dette antas å ikke ha noen større betydning i og med at de aller fleste brukere i dag kjører lik profil. Det er allikevel under diskusjon å innføre kortkoder for å angi profil, på lik linje som for PAD. Abonnenten kan selvsagt også benytte Basic PAD for å nå sin Home PH ved å angi adressen til PH. Dedicated Packet vil kun fungere for mobiloriginerte anrop. Alle innkommende anrop vil gå via Home PH. Det Home PH PHI X.75 Home PH PHI X.75 antas at antall mobilterminerte anrop fra lokal PSPDN til en abonnent som roamer er neglisjerbar. 8 Trafikk til ISDN Asynkron og synkron lavhastighetstrafikk kan overføres ved bruk av V.110 i ISDN i dag. Ved samtrafikk med ISDN vil IWF-en synkronisere seg både mot V.110 i BSC og mot V.110-terminalen i ISDN. IWF kan ikke starte aktiviteter mot det faste nettet før radioen er ferdig oppkoplet. V.110 må termineres i IWF siden det er forskjell på GSM V.110 og ISDN V.110. Network Independent Clock blir duplisert i GSM for redundans. Dette er nødvendig da det er så høy feilrate på radiogrensesnittet. I ISDN består denne funksjonen kun av én bit. Hvis biten er endret betyr det at klokken driver, og det resulterer i at datainnholdet i rammen skal leses annerledes. 9 Forkortelser PSPDN PSPDN X.75 CSPDN Circuit Switched Public Data Network BSC Base Station Controller GSM Global System Mobile IWF Interworking Function MSC Mobile Switching Centre MT Mobile Terminal NIC Network Independent Clock PH Packet Handler PHI Packet Handler Interface PSPDN Packet Switched Public Data Network PSTN Public Switched Telephony Network
Sikkerhetskrav og realisering av disse i mobile nettverk RUNE HAGEN Denne artikkelen er en del av et samarbeid der også Alcatel-enheter i andre land har deltatt. Den er derfor på engelsk. 1 Introduction Mobility of users and their equipment will imply new security requirements in addition to the ones existing for ordinary network services. The users must be protected against each other and against illegal operations of the network. Experience also shows that mobile equipment is exposed to theft. The network operators and service providers will like to ensure that only legitimate customers get access to their services, and that the right person is billed for use of the services. This causes an obvious need for authentication of users and their terminals that want to access the network. The users and the network must exchange security related information when a network connection is established. This requires in turn that there must exist a way to personalise user equipment with e.g. a smart card, and to distribute and maintain security parameters in the network. Reliable operation of mobile networks will require a certain level of security management to control and distribute security parameters. This security management must support rules for operation and storage of secret keys and algorithms. 2 Security Considerations This paper will only discuss mobile services where users and terminals move around and not look at services with mobile users accessing terminals at fixed locations (7). The terminals in a mobile network may be able to prove the identity of the user. As seen from the network different levels of binding between user and terminal can be thought of: - The user is to be authenticated; the terminal-id entity unknown to the network - The terminal is authenticated; a user-id is assumed implicitly from terminal id - The terminal and the user are two independent entities, both to be authenticated by the network. The European GSM network is an example of a mobile network where the user terminal must use radio transmission to reach an entry point to the network, the Base Transceiver Station. It is assumed that the network will need to authenticate the users and not really be concerned with terminal identities. Several references have given a systematic listing of the threats to a communication network (8, 6). Examples of generic threats are: - masquerading entities - illegitimate access to information - disclosure of data - modification of information - denial of service, etc. The generic threats also apply to mobile networks. The nature of mobile networks will in fact make some of these threats particularly relevant. User needs for security can relate to keeping privacy or to protecting against illegitimate use of their resources. Illegitimate use includes protection against impersonation of a user and against utilisation of stolen equipment. Security services and mechanisms will be added to the network to fulfil user needs and counter security threats. The brief list below shows possible use of the security services in ISO’s reference model (8). The security services are generic by nature and can implement user requirements for security as well as securing management and operation of the network. Authentication: The user terminal must prove its identity when it will access the network. In addition there can also exist methods implemented locally in the terminal equipment that prevent use of the terminal by unauthorised persons. Authentication is an essential requirement for protection against fraudulent use and to ensure correct billing. The authentication procedure can be either one-way or two-way where the user terminal also verifies the authenticity of the network. Peer-entity authentication is in many cases also a fundamental requirement for management of a network. The network element that is to be managed, may need to verify that the access request originates from a valid operations system. Access control: The user should at subscription time get access to a set of actions and services. The network must ensure that the subscriber gets access to what he is entitled to, while attempts of unauthorised actions must be rejected. The network can also provide incoming access control; protecting users from getting unwanted calls. Data confidentiality: Relevant aspects of confidentiality are: a Confidentiality of a user’s subscription data and service profile b Confidentiality of a user’s actual physical location c Confidentiality of user information sent over open radio links d Confidentiality of security parameters transferred over the management network. Data integrity: Data integrity services can be applied to management data, signalling information and to user data to prevent, detect or take recovery from unauthorised or unintended modification. Non-repudiation: Non-repudiation services can be useful for billing purposes and for resolving disputes between subscribers, service providers and network operators. Pervasive mechanisms: In addition to these services the network will need to operate pervasive mechanisms for event handling and logging. Examples are: a A way to handle security relevant events in the network and possibly take immediate actions against subscribers, service providers or network operators. b Provision of a security audit trail for storage of event records defined as security relevant. Network providers and subscribers are likely to stress different service requirements. A good security system should cater for the needs of both groups. In addition to these service related requirements, the security solution of a mobile network shall also fulfil the following generic properties: a It should as far as possible be based upon international standards and drafts for security. Use of standard mechanisms and methods open for competition between vendors. A practical concern here, however, is that many of the most well-known algorithms are covered by patents or export regulations. 35
Page 2 and 3: Innhold Norsk Telefoningeniørmøte
Page 4 and 5: 4 Program Torsdag 21 mai Registreri
Page 7 and 8: Det er en stor ære for meg å stå
Page 9 and 10: 2 Det første 10-året: 1952 - 1962
Page 11 and 12: kommer også emner som har med drif
Page 13 and 14: 80 %. Sterk satsing fra driftsmilj
Page 15 and 16: Mkr 18 000 16 000 14 000 12 000 10
Page 17 and 18: Products and services for the inter
Page 19 and 20: have all heard the expression: “I
Page 21 and 22: Teleindustrien i forandring KARI BR
Page 23 and 24: og væremåte, er det mange mulighe
Page 25 and 26: 140 34 2 Figur 3 Integrasjon av PDH
Page 27 and 28: slik at investeringene i PDH-nettet
Page 29 and 30: Kommunikasjonsløsninger i 90-åren
Page 31 and 32: Datatjenester i GSM SIRI EGGESBØ 1
Page 33: Oktett 0 1 2 3 4 5 6 7 8 9 Bit numm
Page 37 and 38: decision will be enforced by an acc
Page 39 and 40: 4.2 Security Management Functions S
Page 41 and 42: Bedriftsintern trådløs kommunikas
Page 43 and 44: Base-station → Handset 1 2 3 4 5
Page 45 and 46: antall basestasjoner som kan tilkny
Page 47 and 48: Introduksjon av IN (Intelligent Net
Page 49 and 50: Nødvendige ressurser for tjenesteb
Page 51 and 52: (dialogene) som er nødvendige for
Page 53 and 54: Lokal infrastruktur Privat nettverk
Page 55 and 56: tar tidspunkt for introduksjon med
Page 57 and 58: - Flere virtuelle forbindelser kan
Page 59 and 60: funksjonalitet for abonnenters egne
Page 61 and 62: Nytteverdi * NMT, GSM, DCS 1800 Dat
Page 63 and 64: Testsvitsj for bredbånds ISDN TRON
Page 65 and 66: ATM-cellens hode samt en lokal adre
Page 67 and 68: nye teletjenester er i ferd med å
Page 69 and 70: hverandre så tidlig som i 70-åren
Page 71 and 72: LOS - Lange Optiske Sjøkabelsystem
Page 73 and 74: Bedriftsintern kommunikasjon - sams
Page 75 and 76: sentral-leverandør må implementer
Page 77 and 78: VPN - Bedriftskommunikasjon FRODE S
Page 79 and 80: S Ekspedient ISDN felles aksess mot
Page 81 and 82: Fjernarbeid - en teleteknisk utford
Page 83 and 84: arbeidsgiverorganisasjoner er aktø
Page 85 and 86:
Mobilitet - nye utfordringer og mul
Page 87 and 88:
Norge - en god plattform for ekspor
Page 89 and 90:
Satellittkommunikasjon er for tiden
Page 91 and 92:
utviklingskontrakt for sitt eget te
Page 93 and 94:
Key trends in telecommunications Al
Page 95 and 96:
its initial configuration, the A157
Page 97 and 98:
a willingness to support large infr
Page 99 and 100:
Televerket som en av flere operatø
Page 101 and 102:
- Bedre koordinering av ressursene
Page 103 and 104:
Rammebetingelser for teleoperatøre
Page 105 and 106:
Utfordringer i VØT-markedet KNUT O
Page 107 and 108:
Innenfor datamarkedet er VØT det h
Page 109 and 110:
Televerkets internasjonale satellit
Page 111 and 112:
Ågesta, utenfor Stockholm. Den uun
Page 113:
Ingen kommentarer til Birkelands fo
show all

Norsk Telefoningeniørmøte 1992 - Telenor

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?