Safe and Secure Services Based on NGN

Tomoo FUKAZAWA  Takemi NISASE  Masahisa KAWASHIMA  Takeo HARIU  Yoshihito OSHIMA  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E91-D   No.5   pp.1226-1233
Publication Date: 2008/05/01
Online ISSN: 1745-1361
DOI: 10.1093/ietisy/e91-d.5.1226
Print ISSN: 0916-8532
Type of Manuscript: INVITED PAPER (Special Section on Information and Communication System Security)
Category: 
Keyword: 
NGN,  security,  authentication,  standard,  

Full Text: PDF>>
Buy this Article




Summary: 
Next Generation Network (NGN), which has been undergoing standardization as it has developed, is expected to create new services that converge the fixed and mobile networks. This paper introduces the basic requirements for NGN in terms of security and explains the standardization activities, in particular, the requirements for the security function described in Y.2701 discussed in ITU-T SG-13. In addition to the basic NGN security function, requirements for NGN authentication are also described from three aspects: security, deployability, and service. As examples of authentication implementation, three profiles--namely, fixed, nomadic, and mobile--are defined in this paper. That is, the "fixed profile" is typically for fixed-line subscribers, the "nomadic profile" basically utilizes WiFi access points, and the "mobile profile" provides ideal NGN mobility for mobile subscribers. All three of these profiles satisfy the requirements from security aspects. The three profiles are compared from the viewpoint of requirements for deployability and service. After showing that none of the three profiles can fulfill all of the requirements, we propose that multiple profiles should be used by NGN providers. As service and application examples, two promising NGN applications are proposed. The first is a strong authentication mechanism that makes Web applications more safe and secure even against password theft. It is based on NGN ID federation function. The second provides an easy peer-to-peer broadband virtual private network service aimed at safe and secure communication for personal/SOHO (small office, home office) users, based on NGN SIP (session initiation protocol) session control.