Security

Introduction

 

 Standards for reliable and secure communications

A secure digital life for users, businesses and societies

Information Security standards are essential to ensure interoperability among systems and networks, compliance with legislation and adequate levels of security. These standards provide the means for protecting the user, creating a more secure and profitable environment for the industrial sector, from SMEs to large global companies, and providing benefits for a diverse range of interest groups that include government organizations, research bodies and universities.

The main areas of ETSI's work related to security cover Mobile/Wireless Communications, Cyber Security, Emergency Telecommunications, Information Technology Infrastructure, Lawful  Interception and Data Retention, Electronic Signatures, Smart Cards, Fixed Communications and Security Algorithms.

The Security Cluster is a horizontal cluster with the mission to work with all ETSI Technical Committees, other Standards Development Organizations and relevant fora on the co-ordination and dissemination of security aspects.

Groups

The ETSI Security cluster encompasses the activities of several ETSI Technical Committees and Industry Specification Groups:

  • 3GPP (Third Generation Partnership Project)
  • ATTM (Access, Terminals, Transmission and Multiplexing)
  • BROADCAST (Joint TC on broadcasting matters)
  • CYBER (Cyber Security)
  • DECT (Digital Enhanced Cordless Telecommunications)
  • EMTEL (Emergency Telecommunications)
  • ERM (Electromagnetic Compatibility and Radio Spectrum Matters)
  • ERM TGAERO (Aeronautics)
  • ESI (Electronic Signatures and Infrastructures)
  • ITS (Intelligent Transport Systems)
  • LI (Lawful Interception)
  • MSG (Mobile Standards Group)
  • MTS (Methods for Testing and Specification)
  • NTECH (Networks)
  • QKD (Quantum Key Distribution)
  • QSC (Quantum-Safe Cryptography)
  • RRS (Reconfigurable Radio Systems)
  • RT (Railways Telecommunications)
  • SAGE (Security Algorithms Group of Experts)
  • SCP (Smart Card Platform)
  • SES (Satellite Earth Stations and Systems)
  • TCCE (TETRA and Critical Communications Evolution)

Other contributors include Global Platform, ENISA, CCSA, OMA, GSMA, NFC Forum, IEC, NSA, TIA, ISO, OASIS, CAB Forum, UPnP Forum, UPU, ITU-T, ERCIM, JRC.

Activities

Standards to support the use of electronic signatures and public key certificates are a key driver in enabling the successful evolution of electronic commerce. TC ESI is responsible for standardization in the areas of electronic signatures and Public Key Infrastructure (PKI) to support electronic commerce in open environments.

Smart cards are an important enabler in applications where a user's credentials are used for authentication and secure communication. TC SCP standardized the Subscriber Identity Module (SIM) card for GSM, which is one of the most widely deployed smart cards ever.
TC SCP maintains and expands the specifications of a smart card platform, the Universal Integrated Circuit Card (UICC), for mobile communication systems upon which other committees and organizations can base their system-specific applications.

Cyber Security is vital for the deployment of security technologies and security management to deliver and maintain effective Critical Infrastructures that are reliant on ICT technology. ETSI's TC CYBER is responsible for the standardization of Cyber Security and for providing a centre of relevant expertise for other ETSI committees.

Next Generation Networks (NGN) and Future Networks security aspects are addressed by TC NTECH. 

Quantum Key Distribution (QKD) is the essential credential in order to use quantum cryptography on a broad basis. ISG QKD develops ETSI Group Specifications that describe quantum cryptography for ICT networks.

ETSI's ISG on Quantum-Safe Cryptography (QSC) works to make an assessment and provide recommendations on the various proposals from industry and academia for real-world deployment of algorithms safe to quantum attacks and to standardize their relevant parts when needed.

Radio Frequency Identification (RFID) is a method of storing and remotely retrieving data. RFID can be used as a technology to achieve authentication and access.
As the technology can be used in company access badges and passports, for toll payments and other systems, it is potentially vulnerable to fraudulent or terrorist attack. Security aspects for the RFID technology are developed by ERM TG34.

ETSI produces and maintains a suite of standards for Lawful Interception and Retained Data within the TC LI. This work is crucial to preserve national security, to combat terrorism and in the investigation of serious criminal activities. The TC LI work focuses on the technical aspects related to the Handover Interface for the delivery of intercepted communications in transit through networks and stored within the network.

ETSI is a global leader in the provision and maintenance of security algorithms. ETSI's Security Algorithms Group of Experts (SAGE) provides ETSI's standards makers with cryptographic algorithms and protocols specific to fraud prevention, unauthorized access to public and private telecommunications networks and user data privacy.

Authentication and encryption mechanisms are developed by ETSI for various technologies. These include GSM/UMTS, LTE (through 3GPP), TETRA, DECT and RFID.

Emergency Telecommunications and Public Safety are areas requiring considerable standardization activity in order to support emergency scenarios in the most efficient way. EMTEL is the focal point in ETSI for the co-ordination and collection of European requirements for emergency service communications, and for the creation of the necessary related standards.

TC SES produces standards for satellite communication services and applications (including mobile and broadcasting), for earth stations and earth station equipment. TC SES looks after the network security aspects for broadband satellite multimedia services.

TC ITS produces standards to support the development and implementation of communications and services for intelligent transport systems across the network, for transport networks, vehicles and transport users. Security aspects relate to securing vehicular communications, such as to prevent eavesdropping and malware, covering vehicle-to-vehicle and vehicle-to-infrastructure communications.

Broadcasting technologies deliver radio, television and data services. ETSI performs security work in this area - including encryption techniques to protect the broadcasting content - in JTC Broadcast, which brings the Institute together with the European Broadcasting Union (EBU) and the European Committee for Electrotechnical Standardization (CENELEC).

TC RRS focuses its work on the user requirements and the system design and architecture of reconfigurable radio systems in the public safety and defence domains.

TC AERO (now closed) had the primary responsibility to develop European standards under European Commission Mandates on aeronautical communications and related interoperability and safety matters. Work has been transferred to ERM TGAERO.

IPv6 is regarded as the main protocol for the next generation internet, and due to the complexity of its implementation, effective testing of IPv6 products is one of the key factors to ensure successful deployment, interoperability, reliability and security of the IPv6 infrastructure. IPv6 testing standardization is carried out by TC MTS.

IPCablecom is a technology which provides high quality, secure communications using IP over cable television networks and is the responsibility of TC ATTM. Security is a key issue for IPCablecom since it is a shared network providing valuable content.