Telecommunications Industry Association TIAs Role in Homeland Security, Network Security, Critical I - PowerPoint PPT Presentation


PPT – Telecommunications Industry Association TIAs Role in Homeland Security, Network Security, Critical I PowerPoint presentation | free to view - id: 177f14-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Telecommunications Industry Association TIAs Role in Homeland Security, Network Security, Critical I


NSTAC had previously proposed the creation of an Information Security Standards Board (ISSB) ... TIA was appointed to the advisory committee of the National ... – PowerPoint PPT presentation

Number of Views:193
Avg rating:3.0/5.0
Slides: 78
Provided by: mco69


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Telecommunications Industry Association TIAs Role in Homeland Security, Network Security, Critical I

Telecommunications Industry Association TIAs
Role in Homeland Security, Network Security,
Critical Infrastructure Protection, National
Security/Emergency Preparedness, Emergency
Services, and the Needs of First RespondersTIA
ContactsDan Bart David
Presentation Overview
  • TIA Overview
  • Trade Association, Standards Developer,
    Secretariat Services
  • TIA Standards Development Overview
  • TIA Security/HS/CIP-related Activities
  • TIA Engineering Committee (TR) Activities
  • Detailed Supplemental material Compendium of
    Emergency Communications and Communications
    Network Security-related Work Activities within
    the TIA
  • URL http//

TIA Overview
  • Our Mission
  • TIA represents providers of communications and
    information technology products and services for
    the global marketplace through its core
    competencies in standards development, domestic
    and international advocacy, as well as market
    development and trade promotion programs.
  • Facilitates the convergence of new
    communications networks while working for a
    competitive and innovative market environment.
  • Strives to further members' business
    opportunities, economic growth and the betterment
    of humanity through improved communications.

TIA Overview
  • TIA Website
  • Full-service trade association serving the
    communications and information technology
  • TIA facilitates business development and a
    competitive market environment for its 700 member
    companies through
  • Domestic and international advocacy
  • Market development and marketing data
  • Trade Shows (domestic and international)
  • Standards Development and Secretariat Services

TIA Overview
  • TIA is an American National Standards Institute
    (ANSI)-accredited Standards Development
    Organization (SDO)
  • 5th largest ASDO measured by number of ANSs
  • TIA is ITU-T Approved and Qualified
  • Rec. A.5 (referencing documents of other
    organizations in ITU-T Recommendations)
  • Rec. A.6 (Cooperation and exchange of information
    between ITU-T and other SDOs)
  • Reference to TIA documents in ITU-R
  • TIA is Sector Member of ITU-D

  • TIA Standards Development Overview

TIA SDO Overview
  • Standards development dates back to 1920s
  • As an ANSI-accredited SDO, TIA develops
    consensus-based, voluntary industry standards for
    a wide variety of telecom products and systems
  • TR-8 is the oldest engineering committee and has
    provided standards for private radio systems such
    as those used by public safety since 1944
  • Its predecessor on the standards side, EIA,
    started as the Radio Manufacturers Association
    (RMA) in 1924
  • 8 product-oriented Engineering Committees (TR/FO)
  • Over 70 subcommittees and working groups
  • Over 1,300 individuals from nearly 20 countries
    work in these formulating groups
  • Representatives from academia, manufacturers,
    service providers, and end-users, including the

TIA SDO Overview
  • Standards projects and technical documents
  • Formulated according to guidelines established in
    the Association's ANSI-approved Engineering
  • Potential projects initiated by a technical
    contribution to a TR/FO or subcommittee
  • Request creation of a new standard or technical
    document in a particular area of technology
  • TIA has more than 1,000 standards/specifications
  • TIA and other sectors of EIA together are the 2nd
    largest SDO after ASTM (measured by ANSs)

TIA SDO Overview
  • TIA represents U.S. interests in the
    international standards arena
  • Active in ITU, IEC, ISO, JTC 1, CITEL, GSC, etc.
  • Secretariat Services to
  • Several Technical Advisory Groups
  • Working Advisory Groups
  • International Technical Groups
  • Partnership Projects
  • 3GPP2 - Third Generation Wireless cdma2000
    technology Organizational Partner (OP) and 3GPP2
  • OP w/ ETSI in Project MESA (Mobile Broadband
    Specs for Public Safety Users) Mobility for
    Emergency and Safety Applications
  • Participates in U.S. Department of State
    International Telecommunication Advisory
    Committee (ITAC) and CITEL PCCI and II Prep

  • TIAs Role in Homeland Security, Network
    Security, Critical Infrastructure Protection
    (CIP) , National Security/Emergency Preparedness
    (NSEP), Emergency Services, and the Needs of
    First Responders

TIA Security/HS/CIP-related Activities
  • TIA and TIA members have been involved for over
    20 years in the activities of the Presidents
    National Security Telecommunications Advisory
    Committee (NSTAC)
  • TIA attends NSTAC Business Meetings
  • Monitors activities of the Industry Executive
    Subcommittee (IES)
  • Participates in the work of NSTAC Task Forces
    such as Wireless Task Force on Security (WTF) and
    new TF focusing on Next Generation Networks (NGN)
    National Security/Emergency Preparedness (NS/EP)

The Presidents National SecurityTelecommunicatio
ns Advisory Committee(NSTAC)
  • Created by Presidential Executive Order in 1982
  • Typically composed of 30 Industry Chief
  • major communications and network providers
  • information technology
  • finance
  • aerospace
  • Works with National Communications System (NCS)
  • Generates technical reports and recommendations
    for the
  • President regarding National Security /
  • preparedness (NS/EP) telecommunications
  • Website (linked from TIA Web Site)

WTF Security Charge
  • The NSTAC Wireless Task Force (WTF) researched
    wireless security issues for NS/EP users, gaining
    a better understanding of unique NS/EP security
    requirements and determining where wireless
    vulnerabilities exist (e.g., customer devices,
    network interfaces, facilities)
  • The task force provided policy recommendations to
    ensure standards bodies and individual companies
    consider NS/EP requirements when developing
    wireless connectivity solutions
  • The task force provided policy recommendations
    for the NSTAC to consider providing to the
    President addressing how Government agencies
    should assess their vulnerabilities based on
    wireless technologies being deployed and specific
    agency requirements

WTF Results
  • Reports Include
  • Wireless Priority Service (WPS) Report
  • Wireless Security Report
  • Security of Internet-Enabled Wireless Devices
  • Recommendations were accepted by the NSTAC
    committee and included in NSTAC report to
  • REPORTS http//

  • New 2004 NSTAC IES TF
  • ONGOING Recent Task Force (TF) focus is on Next
    Generation Networks (NGN) NS/EP needs
  • NSTAC IES NGN TF, NGN Description Working Group
  • NSTAC IES NGN TF, NGN Scenarios and User
    Requirements Working Group
  • NSTAC IES NGN TF, NGN Near-Term Recommendations
    Working Group
  • Follow-on NSTAC TF NGN working groups may include
    Incident Management, End-to-End Services and
    Threat Modeling

TIA Security/HS/CIP-related Activities
  • Under Presidential Decision Directive 63 (PDD-63)
    TIA was chosen as one of the Sector Coordinators
    for the Information and Communications (I C)
    Sector by the Department of Commerce
  • TIA continues in this role for Telecom Sector
    (with CTIA and USTA) under Homeland Security
  • Directive 7 (HSPD-7)
  • TIA is a non-Resident member of the 24x7 National
    Coordinating Committee Telecommunications
    Information Sharing and Analysis Center (NCC
    Telecom ISAC)
  • Weekly NCC Telecom ISAC Staff meetings,
    coordination/outreach to non-ISAC industry
    members and other activities, as requested by
  • Includes national emergency alerting and member
    availability to assist T-ISAC efforts as
  • TIA is part of the Executive Notification System
    (ENS) of DHS Information Assurance Infrastructure
    Protection Directorate (DHS IAIP)

TIA Security/HS/CIP
  • As a Sector Coordinator and neutral Industry
    forum, TIA provided input to draft U.S. National
    Response Plan, Private Sector Support Annex
  • Via NCC T-ISAC and DHS Private Sector Office
  • National Strategy to Secure Cyberspace
  • The Strategy includes recognized critical
    private sector developed strategies to secure
    their infrastructures.
  • https//
  • TIA, as part of PCIS, contributed towards then
    Information Communications sector input of
    Strategy (2003)

TIA Security/HS/CIP
  • As a Sector Coordinator, TIA also holds a Board
    seat on the Partnership for Critical
    Infrastructure Security (PCIS)
  • PCIS addresses cross-sector and interdependency
    CIP issues
  • PCIS meets bi-monthly with the Department of
    Homeland Security (DHS) and other Sector Lead
    Agencies and the ISAC Council at GMU-hosted
    meetings, and separately the other month
  • TIA is part of the Emergency Alert system of DHS
    Information Assurance Infrastructure Protection
    Directorate (DHS IAIP)
  • TIA is active in ANSIs Homeland Security
    Standards Panel (HSSP), another cross-sector
    activity, but focusing only on standards and
    conformity assessment
  • TIA (Dan Bart) is the private sector Co-Chair of
    HSSP with NIST as public sector Co-Chair, and he
    also co-chairs its Steering Committee (SC)
  • ANSI HSSP SC also functions as a TAG for the US
  • Expert to the ISO Advisory Group on Security

TIA Security/HS/CIP
  • TIA and TIA members have been involved in the
    activities of President Bushs National
    Infrastructure Advisory Committee (NIAC)
  • Recent activity includes Prioritization of Cyber
    Vulnerabilities Working Group
  • TIA and its members have participated on the
    FCC's Network Reliability Council (NRC) and
    Network Reliability and Interoperability Council
  • The purpose is to assist with analysis of issues
    that can affect reliability, security and other
    FCC-specified analysis areas and to determine
    best practices to recover from natural or
    man-made outages, including those that might be
    caused by a computer hacker or terrorist, and
    create Best Practices
  • NRIC VII (2004) Focus Groups involve Enhanced
    9-1-1, Homeland Security, Network Best Practices
    and Broadband

TIA Security/HS/CIP
  • TIA closely monitored the work of the Presidents
    Commission on Critical Infrastructure Protection
  • PCCIP Commissioner presentations at SUPERCOMM 97
    and other TIA-hosted events
  • TIA participated in and was on the Steering
    Committee of the Information Security Exploratory
    Committee (ISEC) 1999
  • NSTAC had previously proposed the creation of an
    Information Security Standards Board (ISSB)
  • Involving standards needs and conformity
  • Industry formed ISEC to evaluate ISSB Proposal
  • ISEC advice included need for more education
    outreach efforts about potential infrastructure
    threats, and current security products, systems
    and groups
  • No case for ISSB at that time

TIA Security/HS/CIP
  • TIA participates in NTIAs Economic Security
    Working Group (EconSec WG) meetings and
    participates in its subgroups such as the
    International Outreach and RD subgroups as
  • For example, bi-lateral meetings and
    multi-lateral meetings on CIP including
    government/industry delegations
  • Examples Italy, Canada, Australia, India, Japan
  • Private meetings with other SDOs or
    multi-national companies
  • TIA is on the National Cyber Security Partnership
    (NCSP) Steering Committee
  • TIA shares information with other SDOs and
    international groups like the ITU and Global
    Standards Collaboration (GSC) in these
    security-focused High Interest Subject areas

TIA Security/HS/CIP-related Activities
  • Global Standards Collaboration (http//www.gsc.ets
  • TIA is active in the GSC
  • GSC-9 meeting in Seoul in May 2004
    (http// adopted
    several Resolutions with a focus on Security
  • Emergency Communications Resolution GSC-9/2
  • Next Generation Networks Resolution GSC-9/3
  • Cybersecurity Resolution GSC-9/4
  • Public Protection and Disaster Relief (PPDR)
    Resolution GSC-9/9

TIA Security/HS/CIP-related Activities
  • TIA Addresses needs of First Responders and Law
  • TIA (and it predecessors) have been addressing
    the needs of private radio users like Public
    Safety users since 1944 in TR-8 (See MESA,
    Project 25 and TR-8 on TIA web site)
  • Cooperation agreement with APCO/NASTD/Federal
    agencies since 1992 on Project 25
  • Established APCO Project 25 Interface Committee
    (APIC) under our Private Radio Section of
    Wireless Communications Division
  • TIA participated on the FCCs National
    Coordinating Committee (NCC) for public safety,
    developed standards at request of NCC
  • TIA was appointed to the advisory committee of
    the National Public Safety Telecommunications
    Council (NPSTC)
  • TIA was appointed to the advisory committee for
  • TIA is the Lead SDO on Lawfully Authorized
    Electronic Surveillance (LAES) standardization
    for CALEA
  • TIA appropriately contributes presents works at

TIA Security/HS/CIP-related Activities
  • TIA Addresses needs of First Responders and Law
  • Active public policy programs for urging spectrum
    for Public Safety and Funding for Public Safety
  • Participated at DHS/NIST Public Safety
    Interoperability Workshop
  • Meetings with DHS SAFECOM Office
  • TIA moderated a Panel on Public Safety needs at
    SUPERCOMM 2003
  • Briefings on MESA and other Public
    Safety-oriented programs at ITU (PPDR/TDR) and
  • Briefings on TIA Public Safety-oriented
    activities like MESA to CDG Board (Dec 03), CIAJ
    (Jan 04, Jun 04)
  • Moderated Congressional Research Service (CRS)
    Panel on Public Safety needs (Nov 03)
  • Supported Global Disaster Information Network
  • (GDIN) event (March 2004)

TIA Security/HS/CIP-related Activities
  • Other TIA Connections with Security/CIP
  • The Internet Security Alliance (ISA) is a member
    of the Electronic Industries Alliance (EIA) along
    with TIA, and ISA Executive Director is a Special
    Advisor to ANSI HSSP
  • TIA was part of ANSI/ESO (European Standards
    Organizations - CEN/CENELEC/ETSI) meetings in
    France 2004 and security standards were a topic
    on that agenda
  • Security and Privacy of Communications and
    Location information is an emerging topic for ISO
    TC 204 WG 16 Intelligent Transportation Systems
    (ITS) and TIA is a voting member of the US TAG to
    TC 204 and WAG Admin for WG-16
  • 3GPP2 develops specifications that ensure
    security within cdma2000 systems

  • TIA Engineering Committee (TR) Activities

TIA Engineering Committee TR-8
Mobile and Personal Private Radio
Standards Chair John Oblak, E.F. Johnson
TIA Committee TR-8
  • TR-8 develops and maintains standards for private
    radio communications systems and equipment
  • Critical communications systems for public safety
    and emergency services
  • Analog and digital
  • For both voice and data applications addressing
    all technical matters for systems and services,
    including definitions, interoperability,
    compatibility and compliance requirements
  • Over 50 years of standards formulation history

TIA Committee TR-8
  • Activities include
  • Project 25
  • Committee for selecting voluntary common system
    standards for digital public safety radio
    communications (voice and data)
  • Incl. APCO, NASTD, NCS, selected North American
    Federal Agencies
  • Primary public service function of P25-compliant
    equipment and systems is emergency voice
    communications between line officers (i.e.,
    police, firefighters) in the field and their
    dispatch points. Also limited bursty data
  • TIA TR-8 facilitates such work through its role
    as the ANSI-accredited SDO
  • TIA TR-8 102-series Family of Standards

TIA Committee TR-8
  • Activities include
  • Project 25 Public Safety objectives
  • 1) a spectrum efficient solution that satisfies
    the spectrum regulators requirements for
  • 2) a digital solution that offers the public
    safety community more services (such as short
    messages, caller ID, etc.) as well as better
    system command and control (an administrator can
    set up talk groups for the police in one
    jurisdiction, the police captains over the entire
    metro community, etc.),
  • 3) a backward compatible solution to FM analog
    land mobile radios and to legacy systems for
    interoperability and to allow a migration path
    from analog to digital technologies, and
  • 4) a solution that allows the public safety
    agencies to select among multiple vendors
    offering multiple options and features such that
    the agencies can select the radio systems
    characteristics based upon their needs and
    funding requirements.

TIA Committee TR-8
Project 25 System Interfaces
TIA Committee TR-8
  • Activities include
  • Project 25
  • A searchable listing of published TIA 102-Series
    documents can be viewed and ordered by pointing
    browser to http//
  • search with keyword project 25
  • P25 Public Safety Communications Interoperability
  • URL http//
  • TIA P25 Webpage http//

TIA Committee TR-8
  • Activities include
  • Wideband Data Standards Project
  • U.S., regulatory decisions and plans helped to
    spur development of LMR wideband standards,
    including the dedication, by the FCC, of spectrum
    in the 700 MHz frequency band for wideband data
  • Channels are at 50 kHz, and can be aggregated to
    150 kHz, allowing users data rates as high as 700
  • i.e., video, picture ID, and fingerprinting
  • The TIA-902 and 905 series of standards for this
    technology have been completed and can enable
    system deployment
  • Mainly handles data however voice traffic is
    also supported
  • Interoperability primarily involves the over the
    air interface

TIA Committee TR-8
  • Activities include
  • Wideband Data Standards Project
  • Currently, in the U.S., only spectrum in the 700
    MHz band has been allocated to implement standard
    wideband systems (and P25 for interoperability),
    where incumbent broadcast TV stations currently
    inhibit use
  • Systems cannot be deployed until the TV stations
    vacate from this band. Issue in deliberation
    including Congressional activity to expedite
  • Wideband standards complement existing P25
    standards (e.g., voice and low/medium data
    rates), operating at different frequencies and
    bandwidths and providing a different set of
    optimized capabilities for high speed data

TIA Committee TR-8
  • Project MESA (Public Safety Partnership)
  • Mobility for Emergency and Safety Applications
  • NGN mobile broadband communications capabilities
  • Due to commonalities, the European
    Telecommunications Standards Institute (ETSI) and
    TIA agreed to work collaboratively for the
    production of mobile broadband specifications for
    public safety as initiated by ETSI Project TETRA
    (under the name of DAWS -- Digital Advanced
    Wireless Services) and by TIA and APCO under
    APCO's Project 34
  • MESA involves all platforms and technologies that
    meet defined requirements (MESA SoR)incl.
    private, commercial public systems
  • Capable of extremely high levels of security, yet
    contain standardized interfaces to public and
    private networks
  • Open to participation from all regions of the
  • Currently has public safety and industry
    participants and observers from North America,
    Europe (East and Western) and Asia (including
  • Please refer to the Website
    for further information

TIA Committee TR-8
  • Project MESA (Public Safety Partnership)
  • In the U.S., the FCC allocated 50 MHz of spectrum
    in 4.9 GHz band for public safety broadband
  • TIA has since established a broadband data
    standards subcommittee, TR-8.8, which is
    developing standards for public safety
    communications in this band
  • TIA, as an Organizational Partner SDO, will
    regionally (N. America) transpose and publish
    MESA output
  • Ongoing contributions initiated through TIA to
    future broadband standards process are expected
    to continue as technology, environment, and
    public safety needs evolve
  • Note that similar to the wideband standards, the
    broadband standards will complement existing P25

TIA Engineering Committee TR-30 Multi-Media
Access, Related Protocols and Interfaces
Chair Fred Lucas, FAL Associates
TIA Committee TR-30
  • This Engineering Subcommittee is responsible for
    Data Circuit Terminating Equipment (DCE) and the
    interfaces between DCE's and Data Terminal
    Equipment (DTE), together with the transmission
    media to which they are connected (e.g., the
    Public Switched Telephone Network)
  • Standards include functional, electrical, and
    mechanical characteristics involving such
    devices as modems, standard and IP facsimile and
  • Related to this compendium, activities presently
    being explored involve such topics as Internet/IP
    facsimile security and emergency accessibility
    service capabilities for textphones over IP and
    PSTN networks, involving national and
    international standards activity
  • The work done in this committee has emergency
    telecommunications service implications and
    aspects, including Enhanced Priority Treatment,
    Network Security, International Connectivity and
    Quality of Service

TIA Engineering Committee TR-34 Satellite
Equipment and Systems Chair Jeffrey Binckes,
ICO-Teledesic Global, Ltd.
TIA Committee TR-34
  • TIA TR-34 Engineering Committee is an
    established, open and ANSI-accredited forum for
    satellite technology development
  • This TIA Engineering Committee recently reviewed
    the issue of Lawfully Authorized Electronic
    Surveillance (LAES) in support of Communications
    Assistance for Law Enforcement Act (CALEA) for
    satellite systems
  • Concluded that TR-34 could be an avenue
    (coordination, new work initiation) for
    applicable security and emergency
    service/accessibility related communications
    standards activity, if deemed by membership to be
    appropriate in the future.

TIA Engineering Committee TR-41 User Premises
Telecommunications Requirements Chair Steve
Whitesell, VTech
TIA Committee TR-41
  • Work relates to telecommunication terminal
    equipment, user telecommunication systems,
    private telecommunication networks, private
    network mobility, unlicensed wireless user
    premises equipment, and auxiliary equipment and
    devices, used for voice service and integrated
    voice-data service.
  • Infrastructure assurance, network security and
    enhanced emergency telecommunications services
    are aspects addressed within this committees
  • Work also includes regulatory, safety and
    environmental requirements, network security, QoS
    and applicable accounting and billing aspects.

TIA Committee TR-41
  • Recent security issues that are being worked in
    the TR-41 committee include IP Telephony, as an
    emerging technology involving the amalgamation of
    telephony operations on a Local Area Network/Wide
    Area Network/Metropolitan Area Network
    (LAN/WAN/MAN) infrastructure.
  • The threats from telephony can be overlayed with
    the threats native to the IP environment, both
    passive (i.e., copying information in
    transit/during storage) and active (modifying
    information in transit/during storage or
    disruption of normal operations).
  • In addition to threats against IP Telephony (IPT)
    infrastructure (i.e., routers, switches,
    authentication resources), greater exposure is
    also being directed towards threats against the
    IP Telephony application itself
  • Including toll fraud, unauthorized access to
    resources, unauthorized access to voice mail and
    other private user information.
  • Other threats involve IPT endpoints (i.e., IP
    phones, gateways, softphones), passive and
    active attacks on the signaling stream (including
    eavesdropping) and other issues that are of

TR-41 Standards for Support of Emergency Calling
Services and Network Security
  • TR-41.1
  • ANSI/TIA-464-C-2002, Requirements for Private
    Branch Exchange (PBX) Switching Equipment
  • Addresses enhanced or E9-1-1 requirements for
    Centralized Automatic Message Accounting (CAMA)
    trunks, establishes performance and technical
    criteria for interfacing and connecting with
    various elements of public/private
    telecommunications networks and helps to assure
  • ANSI/TIA-689-A-2003, Telecommunications -
    Multiline Terminal Equipment - PBX and KTS
    Support of Enhanced 9-1-1 Emergency Calling
  • Requirements and recommendations for emergency
    telecommunications support of E9-1-1 emergency
    calling service for PBX and key telephone
    systems, specifically dialing, routing, network
    interface technical specifications and local
  • May be used in design of multiline
    telecommunication systems (MLTS) that are
    installed in many businesses, hotels or campus
  • TIA-689-A, with referenced documents, will
    provide guidance to manufacturers to build
    multiline equipment that helps emergency
    responders to determine the location of 9-1-1
    calls placed by telephone stations connected to

TR-41 Standards for Support of Emergency Calling
Services and Network Security
  • TR-41.4
  • Reciprocal liaison between this Subcommittee and
    ETSI EMTEL regarding emergency services
  • The subcommittee is also tied in to the work of
    the National Emergency Numbering Association
    (NENA) through participation of individuals in
    both activities
  • PN-3-0061 (to be published as TSB-139), IP
    Telephony Security Framework
  • Examines Voice over IP (VoIP) telephone network
    security, IP network architectural security
    considerations, authentication, authorization,
    privacy, governmental requirements and the threat
    environment within the Customer Premises
    Equipment (CPE)/Enterprise space
  • Conveyed need for a security protocol suite
    tailored for devices with limited resources to
    the IETF

TR-41 Standards for Support of Emergency Calling
Services and Network Security
  • TR-41.4
  • TIA/TSB-146-2003, Telecommunications - IP
    Telephony Infrastructures - IP Telephony Support
    for Emergency Calling Service
  • Describes network architecture elements and their
    functionality needed for providing E9-1-1 or ECS
    support over IP terminals in an
    Enterprise-non-enterprise environment Network.
  • Addresses ECS calls placed from fixed, mobile,
    remote dial-in or wireless access VoIP terminals.
    Does not address devices connected to VoIP
    networks through gateways
  • PN-3-4726-RV1 (to be published as TSB-146-A),
    Telecommunications - IP Telephony
    Infrastructures - IP Telephony Support for
    Emergency Calling Service
  • Being developed as TIA/TSB-146 revision and
    applicable to emergency telecommunications
  • Note that recently published European emergency
    call handling requirements (e.g., ETSI SR 002
    180) have been made available to project and are
    being taken into consideration (i.e.,
    coordination of E9-1-1/E1-1-2 and PSAP elements)
  • Coordination with TIA TR-45 is also being
    proposed with regard to E1-1-2 requirements for
    cdma2000 systems operating in Europe

TR-41 Standards for Support of Emergency Calling
Services and Network Security
  • TR-41.4
  • PN-3-0172, Enterprise Location Information
    Server Interfaces
  • This purpose of this project is to standardize
    the application protocol interfaces between the
    Location Information Server (LIS) application
    functions and other Enterprise emergency call
    service entities
  • PN-3-0185, Link Level Discovery Protocol (LLDP)
    Media Endpoint Discovery (MED)
  • This project provides extensions to the IEEE
    802.1AB base protocol, to allow for many
    advanced multi-vendor interoperation features in
    a VoIP network environment, including basic
    configuration, network policy configuration,
    Emergency Call Service/ E9-1-1 location support,
    inventory control, and more
  • TR-41.9
  • Work involves requirements for connection of
    terminal equipment to the telephone network
    (i.e., ANSI/TIA-968-A-2003)

Threats Against IP TelephonyA brief dissertation
  • by
  • Bob Bell, Cisco
  • Chair - TR-41.4
  • IP Telephony Infrastructure

  • IP Telephony is a new and emerging technology
  • Marriage of telephony operations on a LAN/WAN/MAN
  • Brings the threats from Telephony and overlays
    them with the threats native to the IP environment

Types of Threats
  • Internal vs. external
  • Passive vs. active
  • Threats against the application
  • Threats against the Infrastructure
  • Threats against the endpoints
  • Threats against the signaling streams
  • Threats against the media streams

Internal vs. External
  • Most widely published attacks are from the
  • Hacked Web Sites
  • Denial of Service to eCommerce
  • Internal attacks are not widely published
  • Snooping in company private information
  • Misuse of company resources
  • FBI states that 70-80 of attacks against
    enterprise IP systems are internal not external

Passive vs. Active
  • Passive threats involve copying information in
    transit or during storage
  • Copying email
  • Copying files from servers
  • Telephony Bugging/Illegal wiretaps
  • Active threats involve the modification of
    information in transit or during storage and the
    disruption of normal operations
  • Deleting critical company files/information
  • Modification of critical company information
  • DoS attacks against critical resources

Threats against the application
  • Threats directed against the IP Telephony
    application itself include
  • Toll Fraud
  • Unauthorized access to resources
  • Unauthorized access to Voice Mail and other user
    private information
  • Not new, but have greater exposure

Threats against IPT Infrastructure
  • Infrastructure elements include
  • Proxies/Call Agents
  • Routers and Switches
  • Authentication Resources
  • Centralized call related resources (e.g.,
    Conference Bridges)

Threats against the IPT endpoints
  • IP Telephony endpoints include
  • IP Phones
  • Gateways
  • SoftPhones
  • Limitations/Challenges
  • Special considerations

Threats against the Signaling Stream
  • Passive Threats
  • Monitoring signaling information to determine
    calling patterns
  • Extracting/recovering user identification
    information from signaling streams.
  • Active Threats
  • Instituting Man-in-the-Middle attacks
  • Modifying signaling to redirect/block calls
  • Enabling phones to act as bugging devices

Threats against the Media Stream
  • Passive threats include eavesdropping and
    recording of phone conversations
  • Active threats include the on-the-fly
    modification of phone conversations

  • Threats are not new
  • Threats are not unique to IP Telephony
  • Threats are addressable
  • It will take work
  • Come join us in our work
  • Coordinate efforts

TIAEngineering Committee TR-45Mobile and
Personal Communications Systems
  • Cheryl Blum
  • Chair TR-45 and TIA HOD 3GPP2
  • Lucent Technologies

TIA Committee TR-45
  • Develops performance, compatibility,
    interoperability and service standards for mobile
    and personal communications systems
  • Comprised of 6 Subcommittees and several ad-hoc
    groups, including
  • TR-45 Ad-Hoc Authentication Group (AHAG)
    Responsible for Security Assessment Issues
    including selection of cryptographic algorithms
    to support TR-45 security mechanisms
  • TR-45 Lawfully Authorized Electronic Surveillance
    (LAES) coordination - Responsible for standards
    development to support CALEA and related industry
  • TR-45.2 Ad-Hoc Emergency Services Group involving
    such issues as Enhanced 9-1-1 (E-911)

TIA Committee TR-45
  • Involved in the development of security features
    since the early 90s (i.e., Authentication,
    Signaling Message Encryption and Voice Privacy)
  • Joint Standards Development Work with ATIS to
    address legislated and mandated security services
  • Emergency Services (e.g., E-911 location)
  • Lawfully Authorized Electronic Surveillance
  • Developed a standards for Wireless Priority
    Service (WPS) for CDMA Systems in parallel with
    WPS Industry Requirements work
  • Developed a Priority Access and Channel
    Assignment (PACA) technique, a queued originate
    mechanism that may be used to support a priority
    access scheme in the event that either radio or
    network resource is congested.

TR-45 Security Features
  • Authentication, Signaling Message Encryption,
    Privacy are supported in TIA/EIA-41 Networks and
    their radio technologies TDMA, CDMA, AMPS-based
  • Authentication
  • Verification of the identity of the mobile
  • Performed on every service request
  • Concept based on an authentication challenge
  • Signaling Message Encryption
  • Ensures privacy over signaling channels by
    encryption of signaling information
  • Privacy
  • Encryption keys used to ensure privacy over
    traffic channels
  • In the ongoing interest of security, enhancements
    to these basic security features have been
    adopted by TR-45 to support Enhanced Subscriber
    Authentication (ESA) and Enhanced Subscriber
    Privacy (ESP) mechanisms for 3G Systems

TR-45.2 Ad-Hoc Emergency Services GroupChair
Larry A. Young Sprint
  • 1996
  • FCC Released Enhanced 9-1-1 (E-911) Requirements
  • 1997
  • Joint Standards Work with TIA and Committee T1
    resulted in publication of J-STD-034, Enhanced
    Emergency Services Phase 1
  • 2000
  • In August, Joint Standard document, J-STD-036,
    Enhanced Wireless 9-1-1 Phase 2 was published.
    Standard supports both network-based and
    handset-based solutions.
  • 2002
  • In July, Joint Standard, J-STD-036-A was
    published with enhancements to original version
  • 2003
  • In March, addendum J-STD-036-A-1 was published
    including Interim Position and enhancements to
    Non-dialable Callback Numbers.
  • 2004
  • Joint Standard, J-STD-036-B is scheduled to be
    published 4Q with MEID and Interim Position for

TR-45 Standards for Support of Emergency Services
and Position Determination
  • TR-45.1
  • TIA/EIA/TSB-119, Enhanced System Access
    Procedures for E911 Calls for Analog Cellular
  • TIA/EIA/IS-817, Position Determination Service
    Standard for Analog Systems
  • TR-45.2
  • TIA-881 TIA/EIA-41-D Location Services
    Enhancements published March 2004
  • TIA-843 Wireless Intelligent Network Support for
    Location Based Services published August 2004
  • PN-3-0054 (scheduled to be published October 2004
    as TIA-917), TIA/EIA-41 Support for Wireless
    Priority Service (WPS)
  • TR-45.3
  • ANSI/TIA/EIA-136 Series, TDMA 3G Wireless
    Support for Emergency Calls, Emergency
    Information Broadcast, and for System Assisted
    Mobile Positioning through Satellite (SAMPS)
  • TR-45.4
  • TIA-2001-C (IOS v4.3), Interoperability
    Specification (IOS) for cdma2000(r) Access
    Network Interfaces - Support for Emergency Calls
    and Position Determination
  • PN expected 2004 to address WPS for CDMA
  • TR-45.5
  • TIA-2000-D, cdma2000 Spread Spectrum Systems
    Support for Emergency Calls
  • TIA-801-A, Position Determination Service
    Standard for Dual Mode Spread Spectrum Systems
  • TIA-916, Minimum Performance Specification for
    TIA/EIA/IS-801 Mobile Stations

TR-45 LAES Ad-Hoc GroupChair Terri Brooks
  • 1994
  • CALEA Legislation introduced to Subcommittee
    TR-45.2 by Law Enforcement
  • 1997
  • Joint Standards Work with TIA and Committee T1
    resulted in publication of TIA/T1 J-STD-025 as
    safe harbor standard for CALEA. Standard
    challenged at FCC over nine features not included
    and two that were.
  • 1999
  • FCC released the Third Report and Order
    validating six of the nine punch list items and
    indicating that further work needed to be done on
    the packet data solution in the standard. FCC
    supported level of location information provided.
  • 2000
  • J-STD-025-A published in April containing six
    punch list items.
  • 2000
  • Industry held two Joint Experts Meetings during
    2H/2000 to explore packet data solutions

TR-45 LAES Ad-Hoc Group
  • 2000
  • J-STD-025 and J-STD-025-A sent for ANSI ballot.
    Ballots resolved in LAES Ad-Hoc meeting in July
  • 2000
  • In August, US Court of Appeals vacates four of
    the six punch list items. ANSI/J-STD-025
    published as ANSI document. J-STD-025-A
    suspended pending further information from the
    FCC on the punch list items
  • 2002
  • In April, FCC issues Order on Remand reinstating
    the four vacated punch list items
  • 2002
  • In November, J-STD-025-A is re-balloted as an
    ANSI document
  • 2003
  • The Jointly developed ANS was published as
    ANSI-J-STD-025-A-2003, Lawfully Authorized
    Electronic Surveillance
  • 2004
  • The joint TIA/ATIS developed J-STD-025-B to
    address refining of packet data solutions is
    currently in the ANSI balloting process,
    undergoing a second default ballot round.
    Anticipate publication no later than 2005.
  • Non-ANS version of 025-B published in 2004

Future TR-45 LAES Work
  • 2004 (September)
  • Going forward The LAES work, undertaken within
    TIA as Lead SDO, has been reorganized and divided
    as appropriate among the TR-45 LAES Ad Hoc, the
    TR-45.2 (LAES for IMS) and the TR-45.6 (LAES for
    packet data system) subcommittees
  • Project Numbers and capabilities documentation
    will be available in near future

Wireless Priority Servicefor CDMA Systems
  • WPS is a voluntary service based on FCC RO
    00-242 (WT Docket No. 96-86)
  • WPS is provided to National Security/Emergency
    Preparedness (NS/EP) Personnel and supports 5
    levels of priority assigned by National
    Communications System personnel.
  • WPS is primarily for voice and circuit-switched
    data calls and requires no modifications to
    existing handsets
  • WPS invoked on a per-call basis by dialing the
    star digit code (272) DN
  • WPS User MS validated by Wireless Priority
    Service Center
  • WPS call request is given priority treatment
    (e.g., queued) when no radio channels are
    available in the originating or terminating
    wireless network
  • Call is completed (based on priority level) when
  • radio traffic channel becomes available

Wireless Priority Servicefor CDMA Systems
  • Standards Development work being done in TR-45.2
    to address WPS for CDMA systems
  • Project Number PN-3-0054 initiated 2001
  • Document balloted in February 2003
  • HLR validation of WPS user added and document
    issued for 2nd ballot in August 2004
  • Approved for Publication as TIA-917 (September
  • Editor Atul Thaper, Verizon Wireless
  • Standards Development work beginning in TR-45.4
    to address WPS for CDMA interfaces
  • Project Number request anticipated in September,

Wireless Priority Servicefor CDMA Systems
  • Industry Requirements (IR) work was done in
    parallel with the standards work
  • WPS Initial Operating Capability (IOC) IRs for
    CDMA and GSM Systems Developed in February 2002.
    Focused on originating radio network priority
  • WPS Final Operating Capability (FOC) IRs. Focused
    on priority in the radio network (originating and
    terminating) and the landline network
  • GSM Completed September 2002
  • CDMA Completed June 2004
  • CDMA WPS IR and standards project PN-3-0054,
    which supports both IOC and FOC, are closely
  • Development of WPS IR requirements for packet
    currently in progress

TIA TR-45 Ad hoc Authentication Group(AHAG)
  • Chair Frank Quick, QUALCOMM Inc.

3rd Generation (3G) cdma2000 Security
  • 3GPP AKA protocol (Global Roaming)
  • Mutual authentication between Mobile and Network
  • 128-bit root secret K
  • Entity Authentication (SHA-1 Algorithm)
  • 128-bit key for Message Auth (EHMAC)
  • 128-bit key for AES Encryption (Rijndael
  • Backwards compatibility
  • R-UIM support
  • Air interface and Network algorithm negotiation
  • Mobile IP, Radius/Diameter, CHAP authentication

2G and 3G Security Standards
  • Common Cryptographic Algorithms (CCA)
  • Developed in 1992, latest revision D.1 Sept. 2000
  • Security limited by ITAR (US Export Regulations)
  • CDMA 40-bit private long code mask (voice not
  • TDMA 520-bit fixed voice privacy mask
  • 64-bit authentication and signaling encryption
  • Enhanced Cryptographic Algorithms (TIA-946)
  • Published June 2003
  • No longer subject to strength limitations
  • But encryption technology is still export
  • 128-bit keys for Authentication and Encryption
  • Strong Public Algorithms (SHA-1, HMAC/ENMAC, AES)

cdma2000 1x (3G)
2G TR-45 2G GSM Security A5.1, 2 Encryption
2G Security, R-UIM
cdma2000 Release A
cdma2000 Release B
2G Authentication AES Encryption
cdma2000 Release C, D
Authentication RADIUS/DIAMETER, IPsec, SIP IMS
End-to-End Security (PGP, CONDOR)
Transport Layer Security (WAP, TLS , SRTP)
MIP, IPsec
TR-45 Privacy and Authentication
Data Link
TR-45 Contacts
  • TR-45 Chair/HOD to 3GPP2 Cheryl Blum
  • Technical Manager
  • Lucent Technologies, Inc.
  • TR-45 AHAG Chair Frank Quick
  • Sr. VP, Corporate RDQUALCOMM Incorporated
  • TIA Contact Dan Bart
  • Senior Vice President, Standards and Special

Thank you for your time
  • Other sources of related information
  • TIA HS/CIP Activities http//
  • TIA Standards http//