The International Telecommunication Union (ITU) organized a webinar on
“Enhancing signalling security and privacy using globally interoperable digital signatures”, that took place virtually on 16 June 2022 from 1500-1700 hours CEST, Geneva time.
Signalling protocols play a cornerstone role in providing different ICT services, from simple audio/video sessions to complex applications such as digital financial services widely used over the globe.
These protocols and telecommunication networks were designed without consideration for security and privacy. It enables attacks on ICT infrastructure including exploiting signalling protocols used for different ICT services.
Amongst the solutions currently under standardization in ITU, is the use of digital signatures to be incorporated into signalling exchange. This approach may significantly increase the security of protocols and build interoperable/trustable ICT solutions to be used in different domains (e.g., ICT, DFS, etc.).
The webinar explored the legacy and existing signalling systems and their successors. This consisted of information on signalling architectures of telecommunication networks, overview of the key signalling exchange procedures (call/SMS/USSD flows) and an outline of the vulnerabilities of existing signalling protocols. The webinar also provided a summary of ongoing ITU standardization on securing protocols to cope with potential signalling attacks on telecom operators, which expose subscribers to fraud. The implementations of relevant ITU-T Recommendations were also highlighted at the webinar.
More details about signalling security related issues and events are available at: https://itu.int/go/SIG-SECURITY
Programme
The webinar programme included the following:
- Overview of the SS7 signalling network and main use cases (signalling architecture, call/SMS/USSD flows).
- Current security issues in signalling protocols (SS7, Diameter, GTP and forward looking into IMT-2020).
- Current solutions (signalling firewalls) and their limitations.
- Applying globally interoperable digital signatures signalling messages: ITU-T Q.3057 and draft Q.Pro-Trust.
- Use cases for application of Recommendations for improving signalling security: CID (over interconnect) and Roaming.
Objectives
The webinar was dedicated to providing an overview of existing signalling architectures and protocols, indicate their key vulnerabilities and highlight solution standardized by ITU which aim is to cope with such vulnerabilities. The implementations of relevant ITU-T Recommendations were also highlighted at the end of the webinar.
Target Audience
Participation in the webinar was free of charge and open to ITU Member States, Sector Members, Associates and Academic Institutions and to any individual from a country that is a member of ITU, who wishes to contribute to the work. This includes individuals who are also members of international, regional and national organizations, interested stakeholders, including telecom operators, regulators, SDOs and financial institutes.
Watch recording here
Resources:
