The present document defines by means of an information model and functional entity behavioural model, the security countermeasures for the ICT in general and where examples are shown they are shown with respect to the NGN. Countermeasures are grouped by their key feature, i.e. Authentication, Integrity. The Unified Modelling Language (UML) is used to model the countermeasures as a semi-formal tool with verification and simulation capabilities deployed during development.
NOTE: This is in accordance with the goals of the eEurope project under objective Good practices (COM(2002) 263 page 18).
The countermeasures defined in the present document have been identified from an analysis of the NGN presented in TS 102 165-1 [10] and in TR 187 002 [9] as those most likely to be required for mitigation of risk in the NGN. The deployment of the countermeasures in the NGN is extrapolated from TR 187 002 [9] and defined in this document. The present document is intended for designers of security countermeasures.
NOTE: The definition of cryptographic algorithms is not provided by this document but the invocation of algorithms in protocol sequences is shown. The specific use of IPsec [11] in ESP mode [12], including IKEv2 [18] and is reviewed in annex B of this document as
a specific stage 3 implementation of the stage 1 and stage 2 capabilities. The authentication countermeasures outlined as
structural and behavioural patterns in the present document cover the following scenarios:
• Source authentication as defined for IPsec ESP.
• NASS-IMS bundled authentication including mechanisms for NASS authentication.
• Early IMS authentication (by reference to TR 133 978 [20]).