Telecommunications and Internet Converged Services and Protocols for Advanced Networking7

To provide countermeasure to assure that users of the NGN have protection from abuse of identity. This to cover Identity protection, authentication and integrity countermeasures and to define credential management. The document will extend from TR 187010 and will identify the functional objectives from ISO 15408-2 (particularly those in class Privacy and related to subject-user binding).

This work item aims to define a stage 2, NGN release 3 security architecture. This Work Item shall set forth the specific security architecture for NGN Release 3 using the Release 2 document as a baseline with additions to support the Release 3 functionality as described in the Release 3 definition.

The present document defines by means of an information model and functional entity behavioural model, the security countermeasures for the ICT in general and where examples are shown they are shown with respect to the NGN. The Unified Modelling Language (UML) is used to model the countermeasures as a semi-formal tool with verification and simulation capabilities deployed during development.

The work item shall report on the steps required to cover the requirements of the Data Retention (DR) directive for all of NGN-R2.

This WI shall set forth the TVRA for NGN Release 3 using the Release 2 document as the basis + the Release 3 functionality as defined in the Release 3 definition.

The objective of this WI is to analyse the security mechanisms that could be supported in the customer environment (Customer Network Gateway or Customer Devices) with reference to the overall end to end security architecture for the NGN defined by WG7.

To support the objectives of the European Commission to support the implementation of PKI solutions and the further deployment of IPv6 and IPSec.

To define both the method and proforma for security targets as defined in the Common Criteria. This to be the 3rd part of a 3-part document as outlined in 33wgTD054.

To specify the method and a proforma for definition of Protection Profiles in ETSI standards. This is derived in part from the work defined in 33wgTD054 and is directly related to the actual protection profile to be developed by the STF identified in 33wgTD042.

The present document gives guidance on the application of security countermeasures to service capabilities. It covers
the construction of services from service capabilities and how a security evaluation of a service capability should be
performed. The present document examines and gives guidance on the use of the Composition assurance class defined
by the Common Criteria working group in order to be able to answer the question: "if components A and B are
evaluated as having security ratings X and Y what is the security rating that can be assigned to the combination of A
and B?"
The present document builds on the guidance to the Common Criteria for Information Technology Security Evaluation
given in EG 202 387 [3] with a particular view to assessing the security of the NGN. In the NGN context, where
services are not explicitly defined but are made from combining service capabilities, the present document gives
guidance on the means to apply effective security to both service capabilities in isolation, and to service capabilities in
combination.
The guidance reviews the service capability model in clause 4 and examines the requirements for security arising from
the service capability requirements defined for NGN-R1 in clause 5. The analysed security requirements are presented
in the form of ISO/IEC 15408-2 [17] functional models. Clause 6 presents a review of the Common Criteria
Composition assurance class and describes its impact on the ETSI standardization process. Annex A reviews the use of
cryptographic techniques in the NGN.
A number of assumptions of the design of NGN for security analysis to take place are made on the NGN development
process. The assumption in the present document is that the NGN has been developed using top-down decomposition of
the specification, using techniques of planned validation of the specification, with careful recording of design decisions
and validation results.