As media on differing networks are being converged, a challenge is presented in keeping a consistent security policy from one end to the other. For example, when signaling (SS7), PSTN, IP and wireless networks are converged to provide a bundle of services, there is no satisfactory way to enforce a consistent security policy.
Currently, there does not exist a systematic way to communicate a security policy from one network to another. This is largely caused by the fact that the security policies deployed on each network are often incompatible with each other. The result of such incompatibility is that security is available only in part of the converged, heterogeneous network. Thus, security holes are created in various end-to-end networking scenarios.
Further, the current approach is to hard-code one-to-one mapping between two networks with two different security policies. However, this approach is very effort-intensive and costly, and it is difficult to scale up to multiple networks.
A challenge of achieving end-to-end security policy is that a network can only speak and understand its own security policy and has little knowledge of the security policy of a connected network. As the number of interconnected networks increases, the level of difficulty in achieving an end-to-end, consistent security policy increases substantially, if not exponentially.
A further challenge of achieving end-to-end security policy is that network security policies are network specific and different from one another. For example, authentication or encryption at an IP network is quite different from the authentication or encryption of a UMTS or PSTN network. In addition, specific implementations within a security policy may be local to a particular network, and subsequently may not be directly transported to a different network. Additionally, the enforcement mechanism for one network often cannot be used at a different network. Yet another challenge exists in that there is a need to address security concerns at different network layers, such as at the signaling, transport and application level.