eTVRA, a Threat, Vulnerability and Risk Assessment Tool for eEurope
Securing the evolving telecommunications environment and establishing trust in its services and infrastructure is crucial for enabling the development of modern public services. The security of the underlying network and services environment for eBusiness is addressed as a crucial area in the eEurope action plan . In response to this Specialist Task Force (STF) 292 associated with the European Telecommunication Standardisation Institute (ETSI) TISPAN  under contract from eEurope, has developed a threat, vulnerability and risk assessment (eTVRA) method and tool for use in standardisation. Using the eTVRA method and tool, the threats to a next generation network (NGN) can be analyzed and a set of recommended countermeasures identified that when implemented will reduce the overall risk to users of NGNs. In this paper we present the eTVRA method and tool along with the results of using the eTVRA for an analysis of a Voice over IP (VoIP) scenario of the NGN.
KeywordsSession Initiation Protocol International Standard Organization Risk Assessment Tool Service Availability Communication Denial
Unable to display preview. Download preview PDF.
- 1.eEurope: Supporting the eEurope initiative (2005), http://portal.etsi.org/eeurope
- 2.Council of the European Union: Council Resolution on the implementation of the eEurope 2005 Action Plan (2003)Google Scholar
- 3.European Telecommunication Standardisation Institute: Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) (2006), http://portal.etsi.org/tispan/TISPAN_ToR.asp
- 4.International Standards Organization: ISO/IEC 15408, Information technology – Security techniques – Evaluation criteria for IT security (1999)Google Scholar
- 5.European Telecommunication Standardisation Institute: ETSI ETR 332, Security techniques advisory group (STAG)– Security Requirements Capture (1996)Google Scholar
- 6.Vraalsen, F., den Braber, I., Hogganvik, F., Stølen, K.: The CORAS tool-supported methodology for UML-based security analysis. Technical report STF90 A04015, SINTEF ICT (2004)Google Scholar
- 7.European Telecommunication Standardisation Institute: ETSI ES 202 382, Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Security Design Guide; Method and proforma for defining Protection Profiles (2005)Google Scholar
- 8.International Standards Organization: ISO/IEC 13335, Information technology – Security techniques – Guidelines for the management of IT security (2001)Google Scholar
- 9.Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session initiation protocol. RFC 3261 (2002)Google Scholar
- 10.Faltstrom, P., Mealling, M.: The E.164 to uniform resource identifiers (URI) dynamic delegation discovery system (DDDS) application (ENUM). RFC 3761 (2004)Google Scholar