1 / 12

ETSI Security Standards and Product Proofing Activities by Chairman Brookson

Explore ETSI's pioneering role in setting security standards, from GSM to modern mobile services. Learn about product proofing methods, challenges like denial of service, and the evolution of IMEI security.

kennedy-little
Download Presentation

ETSI Security Standards and Product Proofing Activities by Chairman Brookson

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ETSI Security activitiesin product proofing Charles Brookson Chairman ETSI OCG Security

  2. ETSI Security activities • ETSI has since inception has been in the lead of setting security standards. • From GSM, which included authentication, anonymity and customer privacy, many other standards have built on this expertise. • Work has included DECT, Video standards, Multimedia IP such as TIPHON, and subsequent mobile and fixed services.

  3. Other activities • Lawful interception TC LI • Algorithms SAGE • Smart cards platform group • Electronic signatures

  4. Product proofing • Protection methods • Examples • TETRA, terminal can be disabled • GSM, 3G Terminal Identity • Product marking (Paint microdots etc) • Challenges • Denial of Service • Commercial security only possible

  5. Example of IMEI SIM ME MS Mobile Phone + = IMSI MSISDN IMEI *#06# Global IMEI Strategy Forum 3G will use it

  6. A very short history • 1992 IMEI security • 1995 Changes proposed, rejected • 1999 3GPP/ GSMA change, June 2002 deadline • Industry has standardised IMEI • Rolled out to Satellite • 3G in 3GPP, USA and Japan • ITU taking up as a recommendation

  7. Changing the IMEI? • Clips • Software • Chips (internal) http://www.hackgsm.net/body.htm

  8. Equipment Identity Register EIR COUNTRY A CEIR and SEIR in Dublin COUNTRY B -White list (all mobiles) -Black list (barred mobiles) -Grey list (local to operator) CEIR Central EIR SEIR Shared (by country) EIR for each operator

  9. CEIR and SEIR • CEIR in Dublin • Not used by many operators since 1992 (20 out of 530) • September 1997 date for all…….. • SEIR • New system to support legislation • Anti theft, street crime • But is this true? Insurance fraud?

  10. Result of change of use • Legislation • UK Mobile Telephones (Re-programming) Bill • creates a number of offences relating to the electronic identifiers of mobile wireless communications devices. • In particular it will be an offence to re-programme the unique International Mobile Equipment Identity (IMEI) number which identifies a mobile telephone handset. • It is also possible to interfere with the operation of the IMEI by the addition of a small electronic chip to the handset and this too will be made illegal.

  11. How can we make it better? • By standardised testing? • Because there is no one method • If we have one method, then break one, and break them all • Technology and methods will change with time • Being discussed in • 3GPP SA3 Security Group, • Manufacturers, • GSM Association

  12. Issues for discussion • Not an easy balance • Is it commercially viable? • Is it technically feasible? • What are we trying to protect? • Are we using the right solution? • What is the business model? • Require clear objectives

More Related