The telecommunications environment is evolving into next generation networks (NGN). On an NGN, telecommunications services are recreated on IP networks, this creates a demand on standardization bodies to adapt and meet the needs of these emerging networks. Securing the service environment for eBusiness and the underlying network are crucial areas cited in the eEurope action plan. Standardization provides an important means for securing the NGN and establishing trust in its services and infrastructure in order to enable the development of modern public services. In response to this, we have developed a threat, vulnerability and risk assessment (eTVRA) method and tool for use in standardisation. Using the eTVRA method and tool, the threats to NGNs can be analyzed and a set of recommended countermeasures identified that when implemented will reduce the overall risk to users of NGNs. In this paper we present the eTVRA method and tool along with the results of its application to the use of enhanced number (ENUM) (Eastlake, 1999) and SIP (Rosenberg et al., 2002) in the NGN
[1]
Patrik Fältström,et al.
The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)
,
2004,
RFC.
[2]
Voon Chin Phua,et al.
Wireless lan medium access control (mac) and physical layer (phy) specifications
,
1999
.
[3]
Scott Cadzow,et al.
eTVRA, a Threat, Vulnerability and Risk Assessment Tool for eEurope
,
2006,
iTrust.
[4]
Donald E. Eastlake,et al.
Domain Name System Security Extensions
,
1997,
RFC.
[5]
Mark Handley,et al.
SIP: Session Initiation Protocol
,
1999,
RFC.
[6]
A. M. Abdullah,et al.
Wireless lan medium access control (mac) and physical layer (phy) specifications
,
1997
.
[7]
Ketil Stølen,et al.
The CORAS Tool-Supported M ethodology for UM L-Based Security Analysis
,
2004
.