Improving Vehicle Cybersecurity: ICT Industry Experience and Perspectives
This whitepaper addresses how the Information and Communication Technology (ICT) industry can share lessons learned to assist the vehicle Original Equipment Manufacturers (OEMs) with improving vehicle cyber security, and how the ICT industry and vehicle OEMs can benefit from working together.
Signature-Based Handling of Asserted Information Using toKENs (SHAKEN): Governance Model and Certificate Management
Signature-based Handling of Asserted information using toKENs (SHAKEN) is an industry framework for managing and deploying Secure Telephone Identity (STI) technologies with the purpose of providing end-to-end cryptographic authentication and verification of the telephone identity and other information in an IP-based service provider voice network. This specification expands the SHAKEN framework, introducing a governance model and defining X.509 certificate management procedures. Certificate management provides mechanisms for validation of a certificate and verification of the associated digital signature, allowing for the identification of illegitimate use of national telecommunications infrastructure.
Cybersecurity Architectural Risk Analysis Process
ATIS members, who consist of leading service providers and vendors in the Information and Communications Technology (ICT) industry, have collaborated on a Cybersecurity Ad Hoc. Launched in July 2015, one of the group’s objectives is to create tools and practices to help organizations manage cybersecurity risk in the ICT industry. One outcome of the Cybersecurity Ad Hoc’s work has been to create a process for performing an Architectural Risk Analysis (ARA) on ICT solutions for the purpose of enabling the proactive development of cybersecurity risk management steps for these solutions. This process includes procedures to determine security goals, identify and assess potential risks, and develop proactive steps to mitigate identified risks. The ARA Process explained in this document relies upon industry cybersecurity best practices to support many of the details involved in executing the process. This document also includes an illustrative example of the use of the process for a hypothetical health monitoring device and associated services which are delivered in an ICT service provider-managed context. Finally, some potential areas for additional work are identified to broaden the scope of the ARA Process and to further simplify its application.
Securing Internet of Things (IoT) Services Involving Network Operators
The adoption of Internet of Things (IoT) services is rapidly growing. IoT services can provide significant advantages to consumers, enterprises, and government institutions. It is important that as IoT services are designed and delivered, full account is taken of the security considerations both to protect the IoT service itself and to prevent IoT equipment becoming a source of attacks against other service users.
In some cases, the network operator’s role in delivering IoT services is simply to provide connectivity and there is no direct technical or business partnering between the operator and the IoT service provider. In other cases, the network operator may take a more active role where the IoT service includes technical and business aspects under the control of the network operator. In this report, several different scenarios are introduced that characterize different relationships and levels of partnering that may exist between a network operator and an IoT service provider. In these scenarios, shared responsibility for securing the service may exist and consequences of security failures may be felt by both the network operator and the IoT service provider. The security implications of the various scenarios are discussed and practices that can be used to proactively address security in these scenarios are provided.
No part of this document should be taken as normative. Its purpose is to document practices that may be helpful to the development of good solution security. As each situation is different, it is necessary for the security approach to be chosen by the parties involved appropriately for their service, priorities, and circumstances.
Smart Cities Technology Roadmap
Cities and communities are deeply immersed in the
assessment and planning of Smart Cities projects, as
transformative applications and solutions are impacting the
market. The pathway from powerful Smart Cities projects to
comprehensive Smart Cities plans is a significant leap, given
the diverse set of needs, applications, and solutions that are
shaping each city’s vision. The ATIS Technology Roadmap is
focused on the key technological developments that will
enhance the long-term planning for Smart Cities. It is
targeted to the Smart Cities’ planners, technology advisors,
and key decision-makers who are faced with developing
comprehensive long-term visions for their municipalities and
Evolution to Content Optimized Networks
The ongoing research, development, and standardization of named content networking solutions will offer network operators, and the larger content ecosystem, an opportunity to fundamentally change the current paradigm for how content is discovered, delivered, and consumed by devices, people, and things. Over the last few decades, IP networks have leveraged a broad range of IP point solutions and overlays to meet the growing demands of mobility, content delivery, and new applications. From a practical standpoint, the evolution to Content Optimized Networks (eCON) could be achieved through a number of different deployment paths, timelines, architectural approaches, and technology choices. This report summarizes a technology assessment undertaken by the Alliance for Telecommunications Industry Solutions (ATIS) and provides a basis for understanding the current network challenges, drivers for evolution, architectural alternatives, and target opportunities for early deployment.
5G Reimagined: A North American Perspective (Issue 2)
The purpose of this white paper is to understand, define, and advance North American requirements for 5G. Deployment scenarios and use cases for 5G networks are analyzed from a North American perspective. These use cases include both traditional and more disruptive service scenarios. The scope of the use cases is not limited to narrowly defined mobile network, and includes interactions with other components.
The white paper identifies unique characteristics of the North American network and regulatory requirements. Although the focus is on the North American market, it is considered in a global context to leverage synergies wherever possible, and to only identify new requirements where necessary.
Signature-Based Handling of Asserted Information Using toKENs (SHAKEN)
Signature-based Handling of Asserted information using toKENs (SHAKEN) is an industry framework for managing the deployment of Secure Telephone Identity (STI) technologies withthe purpose of providing end-to-end cryptographic authentication and verification of the telephone identity and other information in an Internet Protocol (IP)-based service provider voice network. This specification defines the framework for telephone service providers to create signatures in Session Initiation Protocol (SIP) and validate initiators of signatures. It defines the various classes of signers and how the verification of a signature can be used toward the mitigation and identification of illegitimate use of national telecommunications infrastructure and to protect its users.
Interoperability Standards Between Next Generation Networks (NGN) for Signature-Based Handling of Asserted information Using Tokens (SHAKEN)
This document is intended to provide Next Generation Network (NGN) telephone service providers (SPs) with a framework and guidance for interoperability as calls process through their networks implementing Signature-Based Handling of Asserted Information Using Tokens (SHAKEN) technologies to ensure the validation as well as the completion of legitimate calls and the mitigation of illegitimate spoofing of telephone identities.
Cloud Services Impacts on Lawful Interception Study
The purpose of this study is to identify and analyze:
- The challenges, impacts, and obstacles of meeting LI requirements for cloud services.
- The extent to which existing ATIS LI standards meet these requirements.
- The deltas that may exist between existing and needed LI capabilities.
- What new work may be required to achieve a fuller set of LI capabilities.
Intelligent Programmatic Peering Summary Report
The TOPS Council’s Intelligent Programmatic Peering Landscape Team (IPLT) completed an assessment of several possible near-term mechanisms that would enable automated service provider coordination across peering interfaces to quickly mitigate the impact of Distributed Denial of Service (DDoS) attacks. Possible operational limitations were discussed, and potential protocol work identified.
Neutral Host Solutions for Multi-Operator
Wireless Coverage in Managed Spaces
The concept of a neutral host is considered a potentially interesting approach to improving wireless coverage in environments
such as shared offices, sports venues, and shopping malls. In the neutral host concept, a shared wireless infrastructure is
created which is used to provide services to end-users with subscriptions to several different hosted operators. This landscape
assessment defines the neutral host concept and provides an overview of the existing technical solutions to support neutral
Developing Calling Party Spoofing Mitigation Techniques: ATIS’ Role
ATIS is central to much of the coordinated industry work on solutions to prevent and reduce the impact of Caller ID spoofing and related robocalling. Illegitimate Caller ID spoofing increases the impact of fraudulent robocalls and undermines techniques to prevent unwanted calls. This report highlights the practical mitigation techniques the industry is developing to provide the consumer with useful tools to reduce unwanted robocalls, and concludes that a layered approach, similar to that used in cybersecurity efforts, provides the flexibility to respond to these evolving threats.
Calling Party Spoofing Mechanisms and Mitigation Techniques
The impact of illegitimate uses of Caller ID Spoofing and robocalling presents unique challenges for the industry in addressing consumer concerns with unwanted and fraudulent calls. This paper outlines practical mitigation techniques being developed, and emphasizes Caller ID spoofing is not a static problem that can be solved with a single solution. Rather, a flexible, layered approach (similar to addressing cybersecurity risks) is needed to respond to these evolving threats.
ATIS—A Critical Force in Shaping 5G to Meet Service Providers’ Market Needs
From the development of an overarching vision to the delivery of specific requirements, ATIS plays a pivotal role in the communications industry’s advancement of the concept, objectives and capabilities for 5G systems. In 2015, ATIS produced the white paper "5G Reimagined: A North American Perspective," which defines a vision of 5G incorporating both incremental and innovative aspects of the 5G network—how 5G will evolve from the current network and what its potential will be. Both incremental and innovative perspectives are crucially important in terms of positioning network operators to leverage 5G to advance their business models. In 2016, ATIS is fast-tracking its work to develop detailed 5G specifications. ATIS is defining the industry requirements that will direct 5G's eventual technical capabilities and provide the basis for all subsequent 5G standardization. How will the new 5G radio access technologies work? How will the 5G transition take place? What will Quality of Experience mean in a future in which communications technology is even more deeply embedded into the social fabric than it is today? This briefing provides insight into these questions, and covers some of the areas in which ATIS is working to ensure 5G’s success.
Feasibility Study for WEA Cell Broadcast Geo-Targeting
The scope of this document is a feasibility study of the geo-targeting of Wireless Emergency (WEA) Messages to address recommendations from the Federal Communications Commission (FCC) Communications Security, Reliability & Interoperability Council (CSRIC).
Feasibility Study for WEA Supplemental Text
This feasibility study performs a technical analysis on supplemental information for Wireless Emergency Alert (WEA) Messages. This feasibility study is in response to Recommendations 5.1 and 5.2 of the December 2014 Federal Communications Commission (FCC) Communications Security, Reliability & Interoperability Council (CSRIC) Working Group 2 Wireless Emergency Alerts final report of December 3, 2014.
5G Reimagined: A North American Perspective
The scope of this white paper is to understand, define, and advance North American requirements for 5G. It describes use cases which show, from a North American perspective, possible scenarios for 5G networks. These use cases include both commonly recognized baseline requirements and also more disruptive service examples representing a more challenging conception of aspects of 5G. The scope of the use cases is not limited to just the narrowly defined mobile network. Many of these cases include interactions with other elements, including some not normally standardized, such as content provider applications/ networks, operational systems within a carrier network and traffic scheduling and steering algorithms. Based on the documented use cases, the white paper identifies unique characteristics of the North American network and regulatory requirements. Although the focus is on North American requirements, these are considered in a global context to leverage synergies wherever possible, and to identify new requirements only where necessary.
Best Practices for Obtaining Mobile Device Identifiers for Mobile Device Theft Prevention (MDTP)
This specification defines best practices for obtaining the device identifiers (e.g., International Mobile Equipment Identity [IMEI]) from mobile devices even if the mobile device is locked or disabled. This best practices specification was developed in response to Recommendation 1.5 of the December 4, 2014 Federal Communications Commission (FCC) Technological Advisory Council (TAC) report on Mobile Device Theft Prevention (MDTP).
Feasibility Study for LTE WEA Message Length
This feasibility study performs a technical analysis of the proposed maximum length of displayable characters in a Long Term Evolution (LTE) Wireless Emergency Alert (WEA) message in response to Recommendation 2.1 of the December 2014 Federal Communications Commission (FCC) Communications Security, Reliability & Interoperability Council (CSRIC) Working Group 2 Wireless Emergency Alerts final report of December 3, 2014.
Testbeds Landscape Team Assessment and Next Steps, Version 2
This report is the result of a voluntary effort by ATIS member companies and reflects the consensus view
of those participating. The use case recommendations and testbed(s) specifications are not intended as
mandates; participation in this effort does not indicate any obligation or intention by specific members to
purchase or implement any capability or method described in this report. Decisions regarding the
implementation of, or compliance with, these specifications will appropriately be made by individual
companies. Finally, it should be noted that the recommendations and specifications are not intended for
use in certifying equipment and/or services.
Developing a Roadmap for the Migration of Public Safety Applications during the All IP Transition
This paper provides useful information regarding the roadmap of IP-enabled solutions that could support the transition of specific public safety applications to a wide range of IP media, products, and services. This assessment, conducted by the Alliance for Telecommunications Industry Solutions (ATIS), is based on a collection of public safety requirements by sector, an assessment of current and future solutions available across the industry, and a summary of findings. These findings include specific details of IP-based solutions, as well as new capabilities that could be provided to the public safety industry as the transition to all-IP takes place. Additional information is provided to allow emergency management agencies and others in the industry to obtain more detailed data regarding each solution, as well as to allow manufacturers and network operators to contribute new developments in the future regarding their products and services.
Feasibility Study for Earthquake Early Warning System
This feasibility study evaluates the feasibility of the commercial LTE cellular networks in supporting public earthquake notifications as part of the proposed California Earthquake Early Warning System (EEWS). Although this feasibility study is initially targeted to California, it is applicable to other earthquake warning systems that may be deployed anywhere in the United States and its territories.
Joint ATIS/SIP Forum Technical Report - IP NNI Profile
This document specifies an NNI profile applicable to
the interface between the home network of the originating
party and the home network of the terminating party; or
between the home network of either party, and a transit
network. The interface between the home and visited net
work of a roaming mobile user is out of scope.
Joint ATIS/SIP Forum Technical Report - IP Interconnection Routing
Technical Report on
IP Interconnection Routing
Alliance for Telecommunications Industry Solutions
Approved May, 2015
As Service Providers introduce and expand IP-based service
offerings, there is increasing interest in identifying
the opportunities for the industry to facilitate IP routing
of Voice over IP (VoIP) traffic using E.164 addresses. The
ATIS/SIP Forum IP-Network-to-Network (NNI) Task Force to
ok on the initiative to develop a Technical Document
and is publishing a report to describe the candidate proposa
ls for circulation and comment. Recognizing that IP
traffic exchange is developing as an overlay to existing
Time-Division Multiplexing (TDM) interconnection and will
be implemented by different service providers with varyi
ng timelines, the purpose of this draft report is to:
- Provide an overview of in-use and proposed architectu
res with the provisioning processes and calls flows to
facilitate the exchange of VoIP traffic associated with IP-based services using E.164 addresses.
- Present comparative characteristics that
may be useful in understanding the approaches.
- Consider how such in-use and proposed solution(s)
may be adopted and/or coexist, and evolve for transition
to a future integrated registry envisioned at the FCC Numbering Testbed Workshop.
NFV Forum Use Cases
Network Functions Virtualization (NFV) and Software Defined Networking (SDN) are part of a sweeping
evolution that is moving the ICT industry from integrated, hardware
centric solutions to modular,
agnostic frameworks by abstracting the hardw
are resources into a consistent operating
environment for the software.
This Document defines priority use cases, such as
virtual network operator, that emphasize the benefits
of NFV in a multi
administrative domain environment and requ
ire improved service integration and
portability between network operators,
web scale companies, and enterprises.
The Interoperability Enabler for the Entire M2M and IoT Ecosystem
Market projections for the growth of Machine-to-Machine (M2M) communications and the Internet of Things (IoT) are unrealistic without the emergence of a global standardised platform. This industry will not take off without significant consolidation and the economies of scale that standardisation can bring. Rationalisation needs to occur although disparity will continue on the device and connectivity level.
oneM2M is a set of specifications that will enable users to build platforms, regardless of existing sector or industry solutions. The intention is not to discard or ignore existing industry-specific standards but to work with them to provide value by extending their reach.
Emerging Opportunities for Leveraging Network Intelligence
Service provider networks possess a wealth of information (network intelligence) relative to subscribers, applications and network state. Attempts to leverage this intelligence have, in the past, fallen short. The potential gain associated with network intelligence is significant. Additionally, new network technologies such as NFV and SDN, provide new possibilities for network and application optimization.
This focus group report has taken a “use case” approach in analyzing how network intelligence can be better leveraged in the network. Eleven different use cases have been analyzed. For each use case, both the network data inputs as well as potential outputs/network actions were considered to better leverage network intelligence.
IP Services Interconnect Technical Report: Assessment of Requirements and Specifications
The objective of the focus group is to define a strategy for developing an IP services interconnect specification suitable for all service provider types (wireless, wireline, and cable), encompassing basic, advanced, and future services. The scope includes forward-looking services such as HD Voice, Video, Messaging, and Data. Requirements are identified for a set of interconnection profiles built on existing standards to enable these services and to deliver a consistent user experience across all types of networks (e.g., Wireless, Fixed, and Cable). This analysis is complementary to a joint effort with the SIP Forum (the ATIS/SIP Forum IP-NNI Task Force) to develop a fully specified IP-NNI for voice services.
An Analysis of the SPDY Protocol and the SPDY Proxy
In a bid to enhance the speed and security of the web, browser and application developers are implementing new protocols and using end-to-end encryption. Google’s SPDY, described as “an experimental protocol for a faster web”, is one of the new protocols being introduced. To accelerate adoption of the protocol, SPDY proxy services offer some of the benefits of SPDY even when downloading content from web servers that have not yet implemented the SPDY protocol. However, by bundling and encrypting all web traffic for a user inside a single connection, the SPDY proxy hides the true source of the content and breaks content distribution and network management.
Operational Opportunities and Challenges of SDN/NFV Programmable Infrastructure
This document identifies operational issues and opportunities associated with increasing programmability of the infrastructure. For example, this includes OSS/BSS impacts, reliability/fault detection, and administration, as well as maintenance issues over the network element, and service life cycles of IP-infrastructure-based network elements. The FG will also identify likely changes in operational procedures and staffing skill sets required to support increasing programmability.
Big Data Analytics Focus Group: BDA Data Value
Chain Reference Model & Use Cases
This document defines such a model to both enable network operators to monetize customer data through big data analytics and share data with third parties. Each data sharing partner, in the data value chain, provides additional value by combining related data from third parties and monetizing the results for consumption by other third party partners throughout the data value chain.
Trust and Identity (T&I) Focus Group White Paper
This whitepaper identifies functions that meet all three criteria, and recommends next steps. It is not this Focus Group’s intent to redesign mature architectures such as IMS, but rather to identify existing assets that ATIS member companies can leverage, as well as areas where ATIS is positioned to help address identified business requirements.
PSTN Transition Focus Group Assessment and Recommendations
The infrastructure of the Public Switched Telecommunications Network (PSTN) is transitioning from TDM (time division multiplex) technology to IP (Internet Protocol). The TDM single-purpose voice connection to the consumer, is being replaced by a multi-purpose broadband IP connection. It is important for the industry to evaluate the impact of this transition on processes and regulation, and make changes and recommendations where necessary. This document assesses the impact on services, access, transport, and numbering, providing conclusions and recommendations for each topic.