International Telecommunication Union   ITU
عربي  |  中文  |  Español  |  Français  |  Русский
 
 Advanced Search Advanced Search Site Map Contact us Print Version
 
Home : ITU-T Home
   
ITU-T Study Group 16 (Study Period 2005-2008)
Question 25/16 - Multimedia Security in Next-Generation Networks
(Continuation of Question G/16)
  1. Motivation

    Advanced multimedia (MM) applications like telephony over packet-based networks, Voice-over-IP, interactive (video) conferencing and collaboration; MM messaging, Audio/Video streaming and others are subject to a variety of crucial security threats in heterogeneous environments. Misuse, malicious tampering, eavesdropping, and denial-of-service attacks are just a few of the potential and critical security risks; especially on IP-based networks. It is recognized that those MM applications have common security needs that could be satisfied by generic security measures; e.g. by network security or network-wide authentication. Yet, MM applications typically are subject to application-specific security needs that could best be fulfilled by security measures at the application layer. Question G focuses on the application-security issues of MM applications in next generation networks (NGN-MM-SEC) and takes complementary network security means into account as appropriate. Question 25(G) is committed to producing security Recommendations that address the market needs in this regard.

    ITU-T SG 16 has been developing several multimedia security Recommendations: Recommendations H.233 and H.234 for securing circuit-switched multimedia data, H.235 and related Annexes for securing packet-switched multimedia data, and H.530 for securing packet-switched multimedia data in mobile environments.

    ITU-T Recommendation H.235 is the security framework for H.323-based multimedia systems. H.235 covers various security measures for the H.323-protocol suite (including H.225.0, H.245, H.460, H.350 and others). The tool of security profiles within H.235 Annexes addresses scenario specific security solutions.

    With the ongoing and sustained revision of the H.320-series protocol suite with new features and facilities being added to extend it towards the vision of NGN, there is equally a need to enhance H.235 accordingly or to develop new H.235 Annexes or even to create new H-Series security Recommendations. A need is also recognized to enhance and extend H.235 security mechanisms in order to yield better scalability; for example, in large(r) inter-enterprise environments.


  2. Study Items

    • Understand the principles, scenarios and security architectures of federated trust domains and how such concepts of trust federations could best be applicable to NGN MM-applications.
    • Identify the common and specific security requirements of next-generation MM applications & MM services such as video conferencing, collaboration etc.
    • Security support for billing assertions and security for multimedia charging/billing/accounting.
    • Security for the Direct-call model or security for the non-GK-routed model (see H.235 Annex I).
    • Security aspects of H.323/H.246 systems interworking, H.323-SIP security interworking, H.323 – H.323 secure domain interworking through firewall proxies.
    • Clarify NGN and NGN security, address Next Generation Network Security in the context of multimedia.
    • MM security for home networking and broadband networks.
    • Maintain or further develop Recommendation H.235 and its new Annexes and H.530.
    • Investigate confidentiality of all signalling, provide security and privacy for call signalling, privacy for RAS channel, study how the idea of “light-weight SSL/TLS” could be deployed using only some security functions from the transport layer and leave other key-management security tasks to the H.323 application (see also H.235 Annex H Authentication framework using weak shared secrets).
    • Identify the needs for a centralized key management versus end-to-end /Peer-to-Peer key management.
    • Address security multimedia environments with mobility constraints, further develop H.530 in distributed secured, multimedia networks; clarify security aspects of “multimedia over wireless”.
    • Address the security issues for multimedia presence applications such as for example privacy, authentication and authorization.
    • Use secure RTP (SRTP) from H.323 using H.235 either with MIKEY key management (H.235 Annex G), or with SRTP key distribution in the clear or enhance H.235 key management for that purpose.
    • Provide multimedia security support for Telecommunications for Disaster Relief (TDR)/emergency services IEPS, F.IEMS.
    • Optimize security profiles, define interoperable security profiles, progress the hybrid security profile with PKI usage.
    • Security for Modem-over-IP transmission.
    • Robust and reliable key management; e.g., acknowledged key update.
    • Work on Megaco/H.248 security; IPSEC and enhance H.248 towards better NAT/FW traversal and more convenient security protection.


  3. Tasks

    Tasks include, but are not limited to: Development of:
    • H.235 enhancements with new functionalities (2004-2007).
    • H.235 Annex G - MIKEY usage for SRTP (2004).
    • H.235 Annex H - Authentication framework using weak secrets (2004).
    • H.235 Annex I - Direct routed security (2004).
    • (Security) requirements study with scenarios and architecture(s) for MM applications and MM services benefiting from concepts of Trust Federations (2005-2007).

    An up-to-date status of work under this Question is contained in the SG 16 Work Programme.


  4. Relationships

    Recommendations:
    • H.225.0, H.245, H.248, H.323, H.324, H.350.x, H.460.x, H.501, H.510, F.700 series, X.509, X.800 series

    Questions:
    • 22(C), 23(E), 24(F), 27(I), 28(J), 29(K), 1, 2, 3, 4, 5/16

    Study Groups:
    • SG 17 on security;
    • SG 9 on MM security for IPCablecom, CableHome systems and on home networking security;
    • SG 13 on the NGN Project with security aspects;
    • SG 4 on Management security;
    • SG 19 on security aspects of mobile communications and lawful intercept.

    Other bodies:
    • ETSI TC TISPAN: NGN security architecture and NGN security measures, threat analysis, security profiles, authentication for ETS, OSP;
    • ETSI TC SEC: security for ETSI, SAGE;
    • H.323 Forum/IMTC security subgroup: Security compliance criteria and test cases for H.323 products, profiles, industry promotion of security;
    • “ATM/MPLS/FR Forum” Security Subgroup: Elliptic Curves, ATM Security, Next Generation Network & Access Security;
    • IETF: Transport/network security (TLS; IPSEC), SIP/SIPPING and SDP security, secure RTP (AVT/MMUSIC WGs), MIKEY and other group-based key management protocols and multicast security, PKIX, AAA, EAP, KERBEROS, KINK, MIDCOM, PANA, SACRED, IEPREP, and several other working groups that address security, security in general, etc;
    • ISO/IEC JTC1 SC29 MPEG: content and copy protection, watermarking, IPMP, secure JPEG2000, etc;
    • ISO/IEC JTC 1/ SC 27: digital signature, key management, non-repudiation, TTP, EC, cert policies, etc;
    • NIST: AES and other crypto algorithms, FIPS security documents, security guidelines, etc.;
    • MSF: NGN security;
    • ATIS: T1M1sec management plane security, T1S1sec signalling security incl. SS7 security;
    • 3GPP: IMS MM security;
    • IEEE: 802.x WLAN & Link Layer security, P1363 PKI;
    • W3C: XML signature, XML encryption, XACL;
    • OASIS: Web services security, SAML, XTASS, XACML;
    • Liberty Alliance Project: ID-FF Identity Federations, Identity Management, SSO, network wide authentication;
    • WSI: WS-Federation.

» List of Questions «

 

Top - Feedback - Contact Us -  Copyright © ITU 2008 All Rights Reserved
Contact for this page : TSB EDH
Updated : 2008-11-03