ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)

1
ITU-T Perspectives on the Standards-Based
Security Landscape (SG 17 Main Focus)
www.oasis-open.org
Abbie Barbir, Ph.D. abbieb_at_nortel.com ITU-T
Q6/17 Cybersecurity Question Rapporteour OASIS
IDTrust MS Steering Committe OASIS Telecom MS
Co-chair OASIS TAB ISO JTC1 CAC SC6
Vice-Chair Senior Advisor CEA, SOA, Web
Services, IdM, Security Strategic Standards Nortel
2
www.oasis-open.org
Outline

• Introduction to ITU
• Security work at ITU Study Groups
• SG 17 Security work
• Higlight of Current Activities
• Challenges

3
What is International Telecommunication Union
(ITU) ?

• Headquartered in Geneva, is the UN specialized
  agency for telecom

• SG 17, Security, Languages and Telecommunication
  Software
• Lead Study Group on Telecommunication Security
• SG 2, Operational Aspects of Service Provision,
  Networks and Performance
• SG 4, Telecommunication Management
• SG 5, Protection Against Electromagnetic
  Environment Effects
• SG 9, Integrated Broadband Cable Networks and
  Television and Sound Transmission
• SG 11, Signalling Requirements and Protocols
• SG 13, Next Generation Networks
• SG 15, Optical and Other Transport Network
  Infrastructures
• SG 16, Multimedia Terminals, Systems and
  Applications
• SG 19, Mobile Telecommunication Networks

4
Strategic Direction

• Cybersecurity one of the top priorities of the
  ITU
• ITUs role in implementing the outcomes of the
  World Summit on the Information Society (WSIS)
  Plenipotentiary Resolution 140 (2006)
• Study of definitions and terminology relating to
  building confidence and security in the use of
  information and communication technologies
  Plenipotentiary Resolution 149 (2006)
• WTSA-04 Resolution 50, Cybersecurity Instructs
  the Director of TSB to develop a plan to
  undertake evaluations of ITU-T existing and
  evolving Recommendations, and especially
  signalling and communications protocol
  Recommendations with respect to their robustness
  of design and potential for exploitation by
  malicious parties to interfere destructively with
  their deployment
• WTSA-04 Resolution 52, Countering spam by
  technical means Instructs relevant study groups
  to develop, as a matter of urgency, technical
  Recommendations, including required definitions,
  on countering spam

5
Highlights of current activities (1)

• ITU Global Cybersecurity Agenda (GCA)
• A Framework for international cooperation in
  cybersecurity
• Five key work areas Legal, Technical,
  Organisational, Capacity Building, International
  Cooperation
• High-Level Experts (HLEG) working on global
  strategies
• GCA/HLEG met 26 June 2008 to agree upon a set of
  recommendations on all five work areas for
  presentation to ITU Secretary-General
• ISO/IEC/ITU-T Strategic Advisory Group on
  Security
• Coordinates security work and identifies areas
  where new standardization initiatives may be
  warranted. Portal established. Workshops
  conducted.
• Identity Management
• Effort jump started by IdM Focus Group which
  produced 6 substantial reports (265 pages) in 9
  months
• JCA IdM and IdM-GSI established main work is
  in SGs 17 and 13

6
Highlights of current activities (2)

• Core security (SG 17)
• Covering frameworks, cybersecurity, countering
  spam, home networks, mobile, web services, secure
  applications, telebiometrics, etc.
• Work underway on additional topics including
  IPTV, multicast, security risk management and
  incident management traceback, Bots, Privacy,
• Questionnaire issued to developing countries to
  ascertain their security needs
• Updated security roadmap/database, compendia,
  manual strengthened coordination
• Security for NGN (SG 13)
• Y.2701 Security Requirements for NGN Release 1
• Y.2702 NGN Authentication and Authorization
  Requirements
• Y.NGN SecMechanisms NGN Security Mechanisms and
  Procedures
• Y.NGN Certificate NGN Certificate Management
• Y.AAA Application of AAA for Network Access
  Control in UNI and ANI over NGN

7
IdentityConnecting users with services and with
others (Federation)
People have multiple identities, each within a
specific context or domain Work
me_at_company.com Family me_at_smith.family Hobby
me_at_icedevils.team Volunteer me_at_association.org
Collaboration
PC
Video
Voice Telephony
Smart Phone
Whatever youre doing (applications)
Whatever youre using (devices)
Web Apps
ERP
Wherever you are (across various access types)

• Network Identity is essential
• Need end-to-end trust model

8
Challenges

• Addressing security to enhance trust and
  confidence of users in networks, applications and
  services
• With global cyberspace, what are the security
  priorities for the ITU with its government /
  private sector partnership?
• Need for top-down strategic direction to
  complement bottom-up, contribution-driven process
• Balance between centralized and distributed
  efforts on security standards
• Legal and regulatory aspects of cybersecurity,
  spam, identity/privacy
• Address full cycle vulnerabilities, threats and
  risk analysis prevention detection response
  and mitigation forensics learning
• Marketplace acceptance of Information Security
  Management System (ISMS) standards (ISO/IEC
  27000-series and ITU-T X.1051) the security
  equivalent to ISO 9000-series
• Effective cooperation and collaboration across
  the many bodies doing cybersecurity work
• Informal security experts network needs
  commitment
• There is no silver bullet for Cybersecurity

9
Some useful web resources

• ITU-T Home page http//www.itu.int/ITU-T/
• Security Roadmap http//www.itu.int/ITU-T/studygr
  oups/com17/ict/index.html
• Security Manual http//www.itu.int/publ/T-HDB-SEC.
  03-2006/en
• Cybersecurity Portal http//www.itu.int/cybersecur
  ity/
• Cybersecurity Gateway http//www.itu.int/cybersecu
  rity/gateway/index.html
• Recommendations http//www.itu.int/ITU-T/publicat
  ions/recs.html
• ITU-T Lighthouse http//www.itu.int/ITU-T/lighth
  ouse/index.phtml
• ITU-T Workshops http//www.itu.int/ITU-T/worksem/
  index.html
• LSG on Security http//www.itu.int/ITU-T/studygr
  oups/com17/tel-security.html

10
www.oasis-open.org
Backup
11
NGN architecture overview (Y.2012)
Applications
ANI
Application Support Functions Service Support
Functions
Service Control Functions
Service stratum
Management Functions
End-User Functions
Resource and Admission Control Functions
Other Networks
Transport Control Functions
Transport Functions
UNI
NNI
Transport stratum
Control
Media
12
NGN architecture overview (Y.2012)

• Packet-based network with QoS support and
  Security
• Separation between Services and Transport
• Access can be provided using many underlying
  technologies
• Should be reflected in policy
• Decoupling of service provision from network

• Support wide range of services/applications
• Converged services between Fixed/Mobile
• Broadband capabilities with end-to-end QoS
• Compliant with regulatory requirements
• Emergency communications, security, privacy,
  lawful interception
• ENUM Resources, Domain Names/ Internet Addresses

13
NGN Security Trust Model
14
NGN Peering Trust Model