The EUREKA CELTIC telecommunications Cluster BUGYO project defined a framework to measure, evaluate and maintain security in open telecommunications service infrastructures. This success makes it possible to
ensure service providers and users have a high level of data protection for the distribution and purchase of an increasingly wide range of on-line services provided over telecommunications networks, including so-called ‘triple play’ phone, internet and television, and on-demand pay entertainment. Principal results include a dedicated methodology, a measurement framework and an easyto-
use graphical interface in the form of a security cockpit displaying real time security assurance information.

Studies show that 80% of security problems in data systems occur because of bad enforcement of security – leading to poor protection of services and failures in data
privacy. This can be a problem both from the service provider’s point of view, where the entertainment distributor for example wants to be certain that the consumer pays to download a film, to the user who wants to be sure that personal details are protected when using a credit card to buy on line.

Remembering to shut the door

“While it was good to have well-designed security in projects, it was difficult to manage the security in complex infrastructures. Most problems arise because people
forget to put the right rules on the firewall or to close access. The idea therefore was to develop a supervision tool that could check that security was properly deployed
and controlled.” explains BUGYO project leader Bertrand Marquet of Parisheadquartered telecommunications giant Alcatel-Lucent.

“We approached EUREKA as it is more focused on industrialisation than the EU Framework Programme. And we selected the EUREKA CELTIC Cluster as it is a framework that Alcatel-Lucent helped establish and is dedicated specifically to telecommunications research.” CELTIC provided assistance on various levels – from helping to replace partners that had to leave during the project, to providing guidelines for the project management.

“We defined an operational methodology that can be applied practically by telecommunications operators and service providers to gain confidence in the security deployed to protect their services and the associated business revenues,” says Marquet. “This methodology provides the foundation for the development and deployment of the security assurance framework.”

Taking a model approach

The result was a robust low complexity system that is able to observe the complex functioning of the service infrastructure itself – this was demonstrated on a voice
over Internet protocol (VoIP) infrastructure. The BUGYO system provided a real-time overview of the security assurance status of the network and could also provide
assistance in terms of alarms and compliance monitoring.
“The results of the BUGYO project will certainly be beneficial for end users even though they will not see the results directly,” adds Bertrand. “Consumers will have a
more secure service, well-secured infrastructures are essential when consulting a bank account or paying on line for example. The outcome is a means to ensure really
secured services.”

More information : Alcatel-Lucent Bell Labs, Route de Villejust, 91620 Nozay, France,
http://projects.celtic-initiative.org/bugyo/