|
Work item:
|
Q.TSCA
|
|
Subject/title:
|
Requirements for issuing digital certificates for signalling security
|
|
Status:
|
Under study
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2024-06 (Medium priority)
|
|
Liaison:
|
SG2, SG17
|
|
Supporting members:
|
Vaulto (Israel), China Telecom, Russian Federation, MIIT China, Brazil, India, Ghana, Sri Lanka, Svyazcom LLC, A1 Telekom Austria
|
|
Summary:
|
Signalling protocols play a cornerstone role in providing different ICT services from the simple audio/video sessions to the complex digital financial services widely used over the globe. These protocols and telecommunication networks were designed without consideration for security and privacy. It enables attacks on ICT infrastructure including exploiting signalling protocols used for different ICT services.
While many different domains are using the Internet to build trustable connection among their customers. For instance, most of the financial institutions are widely using the Internet to give their customers more effective tools to control and manage their finances. The lack of security and privacy in existing ICT infrastructure does not enable such trustable connections. Furthermore, in developing countries, where access to financial services is limited only to legacy ICT infrastructure via over-the-top (OTT) applications we see an ever-growing increase of illegal usage of customers’ applications, thus resulting in the unlawful take-over of their assets.
Additionally, many people all over the globe experience the annoying phone calls or calls from parties pretending to be legitimate business ventures (e.g., representatives of banks, health insurance companies, etc.). Technically, these calling parties use the so-called spoofing number – which in essence is the way the calling party number can be replaced with the number of an official enterprise or anyone of trust. As a result, the spoofing numbers as well as robocalls, along with other similar attacks make lives of the customers uncomfortable and unsecure to say the least.
In summary, the signalling exchange level of security and privacy must match the level provided by the Internet to mitigate attacks on ICT infrastructure which breaks signalling protocols used for establishing different ICT services. Amongst the well-known attacks are telephone spam, spoofing numbers, location tracking, subscriber fraud, intercept calls and messages, DoS, infiltration attacks, routing attacks, etc. These attacks have become a major priority for different stakeholders, in particular the financial institutions and telecom operators. To implement security for signalling messages and for calling line identifiers ITU-T SG11 developed recommendations ITU T Q.3057 (2020), ITU-T Q.3062 (2022) and ITU-T Q.3063 (2022). All of which rely on ITU-T X.509 digital certificates for proof of identity. These recommendations raised a for need a trusted authority and root certification authority which will issue and sign digital public key certificates on the global level to national or reginal certification authorities to create a global registration authority to be recognized by all parties.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-05-31 19:19:34
|
|
Last update:
2024-04-23 16:13:50
|
|
