Internet DRAFT - draft-zhuang-sacm-telereq

draft-zhuang-sacm-telereq



SACM Working Group                                                   X. Zhuang
Internet Draft                                                           M. Qi
Intended status: Informational                                          J. Zhu
Expires: September 20, 2014                                       China Mobile
                                                                March 20, 2014

						Telecommunication Requirement                      
                        draft-zhuang-sacm-telereq-01

Abstract   
   This memo documents describes an additional use case based on 
   telecommunication scenario which is also fit for common enterprise scenario
   
Status of this Memo
   This Internet-Draft is submitted in full conformance with the provisions of 
   BCP 78 and BCP 79.
   
   Internet-Drafts are working documents of the Internet Engineering Task 
   Force (IETF), its areas, and its working groups.  Note that other groups 
   may also distribute working documents as Internet-Drafts.
   
   Internet-Drafts are draft documents valid for a maximum of six months and 
   may be updated, replaced, or obsoleted by other documents at any time.  It 
   is inappropriate to use Internet-Drafts as reference material or to cite 
   them other than as "work in progress."
   
   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt
   
   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html
   
   This Internet-Draft will expire on August 8, 2014.
   
Copyright Notice
   Copyright (c) 2013 IETF Trust and the persons identified as the document 
   authors. All rights reserved.  
   
   This document is subject to BCP 78 and the IETF Trust's Legal Provisions
   Relating to IETF Documents (http://trustee.ietf.org/license-info)
   
Zhuang                Expires Auguet 8, 2014                     [Page 1]

Internet-Draft     Telecommunication Requirement                 Feb 2014

   in effect on the date of publication of this document.  Please review these
   documents carefully, as they describe your rights and restrictions with 
   respect to this document.
   
Table of Contents
   1. Introduction .....................................................2
   2. Conventions used in this document ................................2
   3. Problem Statement ................................................2
   3.1 Background of telecommunication device use cases ................2
   3.2 problem statement ...............................................3
   4. New use cases for telecommunication equipment ....................4
   4.1. security policy Guidance setting ...............................4
   5. Security Considerations ..........................................4
   6. IANA Considerations ..............................................5
   7. Conclusions ......................................................5
   8. References .......................................................6
   8.1. Normative References ...........................................6
   8.2. Informative References .........................................6

1. Introduction
   SACM will create a protocol for security assessment about network devices 
   in enterprise scenario. Under telecommunication use scenario research, 
   According to the telecommunication operator's operation experience, it 
   proposes a new security use case to cover telecommunication devices. This 
   use case can also fit for other the enterprise's scenario.
     
2. Conventions used in this document
   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
   document are to be interpreted as described in RFC-2119 [RFC2119]. 
         
   In this document, these words will appear with that interpretation only 
   when in ALL CAPS. Lower case uses of these words are not to be interpreted 
   as carrying RFC-2119 significance.

3. Problem Statement
3.1 Background of telecommunication device use cases
   Operator network can also be regarded as a kind of enterprise network.Due 
   to the large number of telecommunications equipment, it will bring a lot of

Zhuang                 Expires Auguet 8, 2014                   [Page 2]

Internet-Draft     Telecommunication Requirement                Feb 2014
   
   work to check compliance of the equipment during the operation and 
   maintenance phase. what's more, negligent operation and maintenance 
   personnel may lead to wrong configuration, causing some bad consequences,
   such as device system paralysis, abnormal operation of the network and so 
   on. Therefore, implementation of telecommunication equipments also needs an
   automated check.
   
3.2 problem statement
   Although the use cases of SACM are only for enterprise in the endpoint.The 
   use cases of SACM focus on enterprise scenario in the endpoint. The 
   operator network can also be regarded as a kind of enterprise network. The 
   current use case can also be used in the operator network.However, when we 
   want to take analysis on telecommunication network under current scenario, 
   some gaps are existed.

   Lack of security posture assessment Guidance setting for requirements 
   combined with common requirement part and alternative requirement part. In 
   telecommunication network, due to same kind of network equipment could be 
   numerous and distributed deployed, a issue will be raised that this kind of
   devices could be bought from different manufacturers. These manufactures 
   have different development processes and technical system. So they could 
   use different mechanisms and different parameters to fulfill the same main 
   requirement of device. In order to ensure the correctness implementation, 
   it is necessary to make different alternative detailed safety requirements 
   for different implementations.
 
   For example, a device needs to ensure the secure communications with 
   others, so a main requirement is defined as "using the safe channel to 
   transmit data". The manufacturers could use TLS and IPsec to achieve the 
   goals when they build up their devices. So some alternative detailed 
   definitions should be attached after the main requirements: When the device
   uses TLS based mechanism to meet such requirement, the certificates should 
   be used as the credential in TLS handshake. When the device uses IPsec 
   instead, the pre-shared key should be used as the credential in IKEv2.
   
   So a requirement Guidance can be expressed in this way: The devices should  
    use the safe channel to transmit data. When the device uses TLS, the 
    certificates should be used as the credential of the qualification process
    of the TLS handshake. And when the device uses IPsec, the pre-shared key 
  
Zhuang                 Expires Auguet 8, 2014                   [Page 3]

Internet-Draft     Telecommunication Requirement                Feb 2014

    should be used as the credential of negotiation process of IKEv2. In the 
    current use case draft, it couldn't be found about the description for 
    this kind of Guidance. This problem mainly caused by using different ways 
    to meet the same main requirement. It means this kind of Guidance 
    requirement is also fit for other enterprise that owns the large and 
    distributed enterprise networks.

4 New use cases for telecommunication equipment
4.1 security policy Guidance setting
   This use case describes the process of setting security policy Guidance
   of the telecommunication equipment. 
   The building blocks of this use case are:
   
    o General Security policy Guidance setting: based on security policy
      Guidance input and their own business experience, operators set a
      common security policy Guidance, including the administrator's
      password length, the effective time and so on.
    o Specific security policy Guidance setting: Operators set security
      policy Guidance for devices according to the specific features and
      deployment environment.
	  
5. Security Considerations
   TBD




   

   
   
   
   







Zhuang                 Expires Auguet 8, 2014                   [Page 4]

Internet-Draft     Telecommunication Requirement                Feb 2014

6. IANA Considerations
   There are no IANA considerations associated to this memo.
















   
   
   
   
   
   
   
   
   
   





   
   
   




Zhuang                Expires Auguet 8, 2014                   [Page 5]

Internet-Draft     Telecommunication Requirement                Feb 2014

7. Conclusions
   TBD






































Zhuang                Expires Auguet 8, 2014                   [Page 6]

Internet-Draft     Telecommunication Requirement                Feb 2014

8. References
8.1. Normative References
8.2. Informative References

Authors' Addresses
   Xiaojun Zhuang
   China Mobile
   Unit 2, 32 Xuanwumenxi Ave,
   Xicheng District,
   Beijing 100053, China
   Email: zhuangxiaojun@chinamobile.com

   Minpeng Qi
   China Mobile
   Unit 2, 32 Xuanwumenxi Ave,
   Xicheng District,
   Beijing 100053, China
   Email: qiminpeng@chinamobile.com

   Judy Zhu
   China Mobile
   Unit 2, 32 Xuanwumenxi Ave,
   Xicheng District,
   Beijing 100053, China
   Email: Zhuhongru@chinamobile.com















Zhuang                Expires Auguet 8, 2014                   [Page 7]