Child pages
  • 2020-08-06 OIMT Meeting notes
Skip to end of metadata
Go to start of metadata

Date

Attendees

Agenda

  • Administrative
  • Security Audit 
  • Optical Amplifier modeling 

Discussion items

Time

Item

Who

Notes

IM-D


AdministrativeAll


Security Audit

Jonathan 

Presentation from Jonathan (continued)

  • A bit more on Auditing
    • Auditing allows validation that intended behavior is occurring
    • Looking for unexpected characteristics ping, multiple failed login events etc. which may be attacks
    • Authentication causes system load, overload may be the intent → External policy execution to prevent the attack such as a fire wall
      • Service providers are now offering capabilities to push the block towards the source. Amplifying attacks where drones are caused to also attack aiming to saturate the comms benefits from this
    • Audit logs need to take care of time re-synchronization (especially where the log is on fine grained time)
    • Consistent logging of everything would benefit analysis
      • All information from all sources should be considered in the same way whereas we currently consider various sources as somehow special even in their fundamentals such as recording of time. Clearly an opportunity for further unification and alignment
      • Brief comment on syslog is a commonly used mechanism but that syslog has a rather weak set capabilities
    • Knowing where and when is very important when examining for fraud
    • Some auditing needs to be on-line real time
    • Audit data, as it has significant personal etc. information, needs to be secure
    • Event recording does not have to happen at the point of detection 
    • Use of sniffers etc. can make the detection independent of the mechanism conveying/analyzing
    • Non-repudiation is proving the messages are real - digital signatures. Asymmetric encryption. Entered into the log so that it cannot be forged. Encrypted hash is in the message. Public key can decrypted this. To prove it has not been deleted, there is some sequence number. Proof of receipt is achieved by a return signature giving full round trip.
    • There is a performance cost, there is ongoing work to continue improve this
    • Certified system with no attack points
    • There is some loss due to storage limitation
    • Repeated messages can be counted as opposed to repeated
    • Audit messages need to be conveyed over a secure channel and auditing behaviour can be audited
  • Brief coverage of OIMT need
  • RFC for syslog signing not included
OA modelingItalo

Optical Amplifier (OA) modeling

Using the peer LTP association for amplifiers was suggested. This was further developed.

There was some tentative agreement that the amplifier should be made from elements of a spec that causes augment where the augment can be for either the LTP or FC. 

The amplifier and its monitors should be spec building blocks (like LegoTM). The vendor is then able to construct from the building blocks what reflects their realization. 

New monitors may emerge that we will want to add to the building block opportunities.

Discussed Termination State.

Suggestion that documentation needs to be improved.

Next calls
  •  : 

Action items

  •