Title: ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
1ITU-T Perspectives on the Standards-Based
Security Landscape (SG 17 Main Focus)
www.oasis-open.org
Abbie Barbir, Ph.D. abbieb_at_nortel.com ITU-T
Q6/17 Cybersecurity Question Rapporteour OASIS
IDTrust MS Steering Committe OASIS Telecom MS
Co-chair OASIS TAB ISO JTC1 CAC SC6
Vice-Chair Senior Advisor CEA, SOA, Web
Services, IdM, Security Strategic Standards Nortel
2www.oasis-open.org
Outline
- Introduction to ITU
- Security work at ITU Study Groups
- SG 17 Security work
- Higlight of Current Activities
- Challenges
3What is International Telecommunication Union
(ITU) ?
- Headquartered in Geneva, is the UN specialized
agency for telecom
- SG 17, Security, Languages and Telecommunication
Software - Lead Study Group on Telecommunication Security
- SG 2, Operational Aspects of Service Provision,
Networks and Performance - SG 4, Telecommunication Management
- SG 5, Protection Against Electromagnetic
Environment Effects - SG 9, Integrated Broadband Cable Networks and
Television and Sound Transmission - SG 11, Signalling Requirements and Protocols
- SG 13, Next Generation Networks
- SG 15, Optical and Other Transport Network
Infrastructures - SG 16, Multimedia Terminals, Systems and
Applications - SG 19, Mobile Telecommunication Networks
4Strategic Direction
- Cybersecurity one of the top priorities of the
ITU - ITUs role in implementing the outcomes of the
World Summit on the Information Society (WSIS)
Plenipotentiary Resolution 140 (2006) - Study of definitions and terminology relating to
building confidence and security in the use of
information and communication technologies
Plenipotentiary Resolution 149 (2006) - WTSA-04 Resolution 50, Cybersecurity Instructs
the Director of TSB to develop a plan to
undertake evaluations of ITU-T existing and
evolving Recommendations, and especially
signalling and communications protocol
Recommendations with respect to their robustness
of design and potential for exploitation by
malicious parties to interfere destructively with
their deployment - WTSA-04 Resolution 52, Countering spam by
technical means Instructs relevant study groups
to develop, as a matter of urgency, technical
Recommendations, including required definitions,
on countering spam
5Highlights of current activities (1)
- ITU Global Cybersecurity Agenda (GCA)
- A Framework for international cooperation in
cybersecurity - Five key work areas Legal, Technical,
Organisational, Capacity Building, International
Cooperation - High-Level Experts (HLEG) working on global
strategies - GCA/HLEG met 26 June 2008 to agree upon a set of
recommendations on all five work areas for
presentation to ITU Secretary-General - ISO/IEC/ITU-T Strategic Advisory Group on
Security - Coordinates security work and identifies areas
where new standardization initiatives may be
warranted. Portal established. Workshops
conducted. - Identity Management
- Effort jump started by IdM Focus Group which
produced 6 substantial reports (265 pages) in 9
months - JCA IdM and IdM-GSI established main work is
in SGs 17 and 13
6Highlights of current activities (2)
- Core security (SG 17)
- Covering frameworks, cybersecurity, countering
spam, home networks, mobile, web services, secure
applications, telebiometrics, etc. - Work underway on additional topics including
IPTV, multicast, security risk management and
incident management traceback, Bots, Privacy, - Questionnaire issued to developing countries to
ascertain their security needs - Updated security roadmap/database, compendia,
manual strengthened coordination - Security for NGN (SG 13)
- Y.2701 Security Requirements for NGN Release 1
- Y.2702 NGN Authentication and Authorization
Requirements - Y.NGN SecMechanisms NGN Security Mechanisms and
Procedures - Y.NGN Certificate NGN Certificate Management
- Y.AAA Application of AAA for Network Access
Control in UNI and ANI over NGN
7IdentityConnecting users with services and with
others (Federation)
People have multiple identities, each within a
specific context or domain Work
me_at_company.com Family me_at_smith.family Hobby
me_at_icedevils.team Volunteer me_at_association.org
Collaboration
PC
Video
Voice Telephony
Smart Phone
Whatever youre doing (applications)
Whatever youre using (devices)
Web Apps
ERP
Wherever you are (across various access types)
- Network Identity is essential
- Need end-to-end trust model
8Challenges
- Addressing security to enhance trust and
confidence of users in networks, applications and
services - With global cyberspace, what are the security
priorities for the ITU with its government /
private sector partnership? - Need for top-down strategic direction to
complement bottom-up, contribution-driven process - Balance between centralized and distributed
efforts on security standards - Legal and regulatory aspects of cybersecurity,
spam, identity/privacy - Address full cycle vulnerabilities, threats and
risk analysis prevention detection response
and mitigation forensics learning - Marketplace acceptance of Information Security
Management System (ISMS) standards (ISO/IEC
27000-series and ITU-T X.1051) the security
equivalent to ISO 9000-series - Effective cooperation and collaboration across
the many bodies doing cybersecurity work - Informal security experts network needs
commitment - There is no silver bullet for Cybersecurity
9Some useful web resources
- ITU-T Home page http//www.itu.int/ITU-T/
- Security Roadmap http//www.itu.int/ITU-T/studygr
oups/com17/ict/index.html - Security Manual http//www.itu.int/publ/T-HDB-SEC.
03-2006/en - Cybersecurity Portal http//www.itu.int/cybersecur
ity/ - Cybersecurity Gateway http//www.itu.int/cybersecu
rity/gateway/index.html - Recommendations http//www.itu.int/ITU-T/publicat
ions/recs.html - ITU-T Lighthouse http//www.itu.int/ITU-T/lighth
ouse/index.phtml - ITU-T Workshops http//www.itu.int/ITU-T/worksem/
index.html - LSG on Security http//www.itu.int/ITU-T/studygr
oups/com17/tel-security.html
10www.oasis-open.org
Backup
11NGN architecture overview (Y.2012)
Applications
ANI
Application Support Functions Service Support
Functions
Service Control Functions
Service stratum
Management Functions
End-User Functions
Resource and Admission Control Functions
Other Networks
Transport Control Functions
Transport Functions
UNI
NNI
Transport stratum
Control
Media
12NGN architecture overview (Y.2012)
- Packet-based network with QoS support and
Security - Separation between Services and Transport
- Access can be provided using many underlying
technologies - Should be reflected in policy
- Decoupling of service provision from network
- Support wide range of services/applications
- Converged services between Fixed/Mobile
- Broadband capabilities with end-to-end QoS
- Compliant with regulatory requirements
- Emergency communications, security, privacy,
lawful interception - ENUM Resources, Domain Names/ Internet Addresses
13NGN Security Trust Model
14NGN Peering Trust Model