The International Telecommunication Union (ITU) organized a workshop on
“Improving the security of signalling protocols”
, which took place fully virtually on 29 November 2021 from13h00-17h00 CET, Geneva time. This event will be followed by the ITU-T Study Group 11 meeting also taking place virtually from 1-10 December 2021.
This was the third workshop dedicated to security of protocols organised by ITU within last five years. The outcomes of the previous events are available on the respective event websites below:
Over the last decade, the rampant dissemination of the Internet across various sectors of the global economy, has resulted in a strengthened bond between the traditional telecommunication networks and its infrastructure, with different industries.
The existing ICT infrastructure designed without taking into account the potential influence of the Internet, now faces unexpected attacks. Amongst the well-known attacks include, telephone spam, spoofing numbers, location tracking, subscriber fraud, intercept calls and messages, DoS, infiltration attacks, routing attacks, etc.
Also, as of today, most of the financial institutions are widely using the existing ICT infrastructure and over-the-top applications to give their customers more effective tools to control and manage their finances. Moreover, the new digital ledger technologies (DLT) has sufficiently increased the usage of ICT services for financial transactions. However, the rapid transformation of the financial services to the digital world triggers the rapid increase of the risk of illegal usage of customers’ applications, resulting in the unlawful take-over of their assets.
These attacks have become a major priority for different stakeholders, in particular the financial institutions and operators.
To cope with such vulnerabilities, some security measures on the existing and future protocols need to be put in place. The ITU-T SG11 has been developing a set of standards on this matter. ITU-T SG11 revised Recommendations ITU-T Q.731.3, Q.731.4, Q.731.5 and Q.731.6, in order to specify an exceptional procedure for transit exchange connected to CPE (Customer Premises Equipment) with the purpose of providing predefined calling party number by the originating operator. For the time being, the implementation of such change is in the hands of states and their legislation. Also, SG11 developed new Recommendation ITU T Q.3057, which defines the signalling architecture and requirements for interconnection between trustable network entities in support of existing and emerging networks. This approach may help financial institutions to build trustable connection with their customers.
SG11 continues its standardization focused on improving protocols and signalling messages exchange that may mitigate telephone fraud and spoofing.
Additionally, the ongoing work of SG11 focuses on extension of the Recommendation ITU-T Q.3057 by defining algorithms for checking certificates for different protocols using Signalling Security Gateway (SSGW), which validates the signatures of other operator's certificates and allowing or blocking the signalling packets.
The requirements for Trusted Signalling Certification Authority (TSCA) and the framework on issuing and distribution of certificates among different operators need to be standardized. In this regard, ITU-T SG11 collaborates with ITU-T SG2, SG17 and other SDOs on this subject matter.Objectives
The workshop aimed to exchange views on different measures to cope with the vulnerabilities of existing networks, services and protocols.
The brainstorming session was focused on the potential way forward to enhance the security mechanisms for different protocols. It also discussed the need to standardize the identity verification process of a party requesting a certificate, its issuance process by the Trusted Signalling Certification Authority (TSCA) and the distribution of the issued certificate to the operators. Last but not the least, the brainstorming session also discussed the possibility to use the existing Global Title (GT) issuance process for this purpose.
Participation in the workshop was open to ITU Member States, Sector Members, Associates and Academic Institutions and to any individual from a country that is a member of ITU, who wishes to contribute to the work. This included individuals who are also members of international, regional and national organizations, interested stakeholders, including telecom operators, regulators, SDOs and financial institutes. Participation in the workshop was free of charge and no fellowships were granted.
The workshop was held fully virtually and in English only.Watch recording here