Security

Introduction

 

 Standards for secure and reliable communications

A secure digital life for users, businesses and societies

Information security standards are essential to ensure interoperability among systems and networks, compliance with legislation and adequate levels of security. These standards provide the means for protecting the user, creating a more secure and profitable environment for the industrial sector, from SMEs to large global companies, and providing benefits for a diverse range of interest groups that include government organizations, research bodies and universities.

The main areas of ETSI's work related to security cover Mobile/Wireless Communications, Cyber Security, Emergency Telecommunications, Information Technology Infrastructure, Lawful  Interception and Data Retention, Electronic Signatures, Smart Cards, Fixed Communications and Security Algorithms.

Groups

The ETSI Security cluster encompasses the activities of several ETSI Technical Committees and Industry Specification Groups:

  • 3GPP (Third Generation Partnership Project)
  • ATTM (Access, Terminals, Transmission and Multiplexing)
  • BROADCAST (Joint TC on broadcasting matters)
  • CYBER (Cyber Security)
  • DECT (Digital Enhanced Cordless Telecommunications)
  • ECI (Embedded Common Interface for exchangable CA/DRM solutions)
  • EMTEL (Emergency Telecommunications)
  • ERM (Electromagnetic Compatibility and Radio Spectrum Matters)
  • ESI (Electronic Signatures and Infrastructures)
  • ISI (Information Security Indicators)
  • ITS (Intelligent Transport Systems)
  • LI (Lawful Interception)
  • MSG (Mobile Standards Group)
  • MTS (Methods for Testing and Specification)
  • NTECH (Networks)
  • oneM2M (M2M/IoT Partnership Project)
  • QKD (Quantum Key Distribution)
  • QSC (Quantum-Safe Cryptography)
  • RRS (Reconfigurable Radio Systems)
  • RT (Railways Telecommunications)
  • SAGE (Security Algorithms Group of Experts)
  • SCP (Smart Card Platform)
  • SES (Satellite Earth Stations and Systems)
  • TCCE (TETRA and Critical Communications Evolution)

Other contributors include Global Platform, ENISA, CCSA, OMA, GSMA, NFC Forum, IEC, NATO Standards OfficeTIA, ISO, OASIS, CAB ForumUPU, ITU-T, ERCIM, JRC.

Activities

Growing dependence on networked digital systems, products and services has brought with it an increase in both the variety and quantity of cyber-threats which now infiltrate the daily lives of individuals and threaten the stability of the economy.

Our Cyber Security committee (TC CYBER) is responsible for the standardization of Cyber Security and for providing a centre of relevant expertise for other ETSI committees. TC CYBER works on gateway cyber defence, on the impact of the anticipated emergence of the quantum computer, and on describing and exchanging cyber-threat information. We also expect work on the protection and retention of personally identifiable information (PII) as well as two related subjects: one on the technical means to enable the assurance of privacy and the verification of that assurance and the other on identity management and naming schema protection mechanisms, which will identify means to prevent identity theft and resultant crime.

We are working in co-operation with the European Committee for Standardization (CEN) and the European Committee for Electrotechnical Standardization (CENELEC) in response to European Commission (EC) Mandate M/530 on Privacy by Design, to develop a set of standards to manage privacy and personal data protection from the earliest stages in the design and development of security technologies and services, as well as during production and provision.

With the advent of the quantum computer, some of the most widely deployed public key cryptosystems in security products today will be broken, and previously secure encrypted information will become subject to discovery and misuse. New ‘quantum-safe’ techniques have emerged in recent years that do provide protection against quantum threats and our Industry Specification Group (ISG) on Quantum-Safe Cryptography (QSC) is developing specifications for the transition to quantum-safe ICT applications.

Quantum Key Distribution (QKD) enables digital keys to be shared privately without relying on computational complexity. Keys are shared over optical fibre or free space links encoded on single photons or weak pulses of light. Standards are now urgently needed to enable adoption of these new security technologies. Our ISG QKD addresses the characterization of optical components for QKD systems, protection against Trojan horse attacks and deployment parameters.

Standards to support the use of electronic signatures and public key certificates are a key driver in enabling the successful evolution of electronic commerce. Our Electronic Signatures and Infrastructures committee (TC ESI) is responsible for standardization in the areas of electronic signatures and Public Key Infrastructure (PKI). Our standards and specifications are harmonized with the new ‘eIDAS Regulation’ on electronic identification and trust services for electronic transactions in the internal market.

Smart Cards are an important enabler in applications where a user’s credentials are used for authentication and secure communication. TC SCP standardized the Subscriber Identity Module (SIM) card for GSM, which is one of the most widely deployed smart cards ever.
TC SCP develops and maintains the specifications of a smart card platform, the Universal Integrated Circuit Card (UICC), a specific type of secure element mainly targeted at telecoms and used in various environments to secure service-related credentials such as ticketing and payment services. Our main areas of work are the embedded UICC (eUICC) and the definition of test cases related to the support of multiple secure elements for mobile contactless communication over the Near Field Communication interface.

ETSI is a global leader in the provision and maintenance of security algorithms. ETSI’s Security Algorithms Group of Experts (SAGE) provides ETSI’s standards makers with cryptographic algorithms and protocols specific to fraud prevention, unauthorized access to public and private telecommunications networks and user data privacy.

Authentication and encryption mechanism are developed by ETSI for various technologies. These include GSM/UMTS, LTE (through 3GPP), TETRA, DECT and RFID. We are developing specifications for new algorithms for the General Packet Radio Service (GPRS): a new 128-bit encryption algorithm (GEA5) and new 128-bit integrity algorithms (GIA4 and GIA5). These are being developed primarily for EC-GSM-IoT, a radio interface solution being specified by 3GPP for use in the IoT.

Also for the IoT, our Partnership Project for M2M and IoT standards, oneM2M, has developed a set of security features as part of its service layer solution, features including provisioning, authentication, authorization and establishing secure communications.

ETSI’s ISG on Information Security Indicators publishes guidelines for testing the effectiveness of security risk detection capabilities. Together with the specifications those guidelines form a reference model for the measurement of information security risks and enable organizations to assess themselves and benchmark their level of assurance and the effectiveness of their security measures.

ETSI produces and maintains a suite of standards for Lawful Interception and Retained Data within the TC LI. This work is crucial to preserve national security, to combat terrorism and in the investigation of serious criminal activities. TC LI work focuses on the technical aspects related to the handover interface and service-specific details for Internet Protocol (IP) delivery.

TC ITS produces standards to support the development and implementation of communications and services for intelligent transport systems across the network, for transport networks, vehicles and transport users. These include covering security aspects related to securing vehicle-to-vehicle and vehicle-to-infrastructure communications, such as to prevent eavesdropping and malware.

Broadcasting technologies deliver radio, television and data services. ETSI performs security work in this area, including encryption techniques to protect the broadcasting content. This is performed in JTC Broadcast, which brings the Institute together with the European Broadcasting Union (EBU) and the European Committee for Electrotechnical Standardization (CENELEC), and in our ISG ECI, developing an embedded common interface for exchangeable CA/DRM solutions.