ITU-T Study Groups - PowerPoint PPT Presentation

Loading...

PPT – ITU-T Study Groups PowerPoint presentation | free to download - id: 6a197a-NDEzO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

ITU-T Study Groups

Description:

... Overview of the entity authentication assurance framework Level ... Basic template for achieving SSO ... sensor networks (X.1311) Ubiquitous sensor network ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Date added: 31 May 2020
Slides: 77
Provided by: sebek
Learn more at: http://www.itu.int
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: ITU-T Study Groups


1
ITU-T Study GroupsSecurity Achievementsand
Security Activities

11 November 2013
2
ITU-T Study Groups
TSAG
Review Committee
Performance, QoS,QoE
SG 12
SG 3
Tariffs, Policy
Future Networks,Cloud Computing
SG 13
3
ITU-T SG2Security Recommendations
  • TMN security
  • Security for the management plane (M.3016.x)
  • IMT-2000 security management (M.3210.1)

M.3210.1 - Fraud Management for Wireless Services
4
ITU-T SG9Security Recommendations
  • Cable Modem security (J.112)
  • IPCablecom security
  • IPCablecom security (J.170)
  • IPCablecom2 Access Security (J.366.7)
  • IPCablecom2 IP Multimedia Subsystem (IMS)
    Generic authentication architecture specification
    (J.366.9)
  • Renewable conditional access system (J.1002)

J.170 - IPCablecom component reference model
5
ITU-T SG13Security Recommendations
  • Next Generation Network security
  • NGN security (Y.2701, Y.2702, Y.2703, Y.2704)
  • Secure mobile financial transactions in next
    generation networks (Y.2740, Y.2741)
  • Mobility security framework in NGN (Y.2760)
  • Requirements for deep packet inspection in next
    generation networks (Y.2770)

6
ITU-T SG13 (cntd)Security Recommendations
  • NGN Identity management (Y.2720, Y.2721, Y.2722).
  • Support for OAuth in NGN (draft Y.2723,
    Y.NGN-OAuth)
  • Framework for NGN support and use of OpenID and
    Oauth (Draft Y.2724, Y.NGN-OOF)
  • Emergency Telecommunications Service security
    requirements (Y.2705)

7
ITU-T SG15Security Recommendations
  • Optical safety procedures requirements for
    optical transport systems (ITU-T G.664)
  • Generic protection switching Linear trail and
    subnetwork protection, ring protection, Shared
    mesh protection (G.808.1, G.808.2, G.808.3)
  • SDH network protection architectures (G.841,
    G.842
  • Linear, ring protection in Optical Transport
    Network (OTN) (G.873.1, G.873.2)
  • Ethernet linear, ring protection switching
    (G.8031/Y.1342, G.8032/Y.1344)
  • MPLS-TP linear protection (G.8131/ Y.1382)

8
ITU-T SG16Security Recommendations
  • Security capabilities for use with Group 3
    facsimile terminals (T.36)
  • Confidentiality and key management for ISDN audio
    visual (H.233, H.234)
  • Security for H.323 (H.235.x)
  • Network Address Translation for H.323 (H.460.18,
    H.460.19)
  • Secure JPEG 2000 (T.807)

NAT/FW traversal in ITU-T H.460.18 architecture
9
ITU-T SG16 (cntd)Security Recommendations
Security in ITU-T H.323 as provided by ITU-T H.235
10
SG17 mandate established by World
Telecommunication Standardization Assembly
(WTSA-12)
  • WTSA-12 decided the following for Study Group 17
  • Title Security
  • Responsible for building confidence and security
    in the use of information and communication
    technologies (ICTs). This includes studies
    relating to cybersecurity, security management,
    countering spam and identity management. It also
    includes security architecture and framework,
    protection of personally identifiable
    information, and security of applications and
    services for the Internet of things, smart grid,
    smartphone, IPTV, web services, social network,
    cloud computing, mobile financial system and
    telebiometrics. Also responsible for the
    application of open system communications
    including directory and object identifiers, and
    for technical languages, the method for their
    usage and other issues related to the software
    aspects of telecommunication systems, and for
    conformance testing to improve quality of
    Recommendations.
  • Lead Study Group for
  • Security
  • Identity management
  • Languages and description techniques
  • Responsible for specific E, F, X and Z series
    Recommendations
  • Responsible for 12 Questions

11
SG17 Management Team
Chairman Arkadiy KREMER Russian Federation
Vice-Chairmen Khalid BELHOUL United Arab Emirates
Vice-Chairmen Mohamed M.K. ELHAJ Sudan
Vice-Chairmen Antonio GUIMARAES Brazil
Vice-Chairmen George LIN P.R. China
Vice-Chairmen Patrick MWESIGWA Uganda
Vice-Chairmen Koji NAKAO Japan
Vice-Chairmen Mario FROMOW RANGEL Mexico
Vice-Chairmen Sacid SARIKAYA Turkey
Vice-Chairmen Heung Youl YOUM Korea (Republic of)
12
Study Group 17 Overview
  • Primary focus is to build confidence and security
    in the use of Information and Communication
    Technologies (ICTs)
  • Meets twice a year. Last meeting had 131
    participants from 22 Member States, 12 Sector
    Members and 5 Associates.
  • As of 14 October 2013, SG17 is responsible for
    330 approved Recommendations, 18 approved
    Supplements and 3 approved Implementers Guides
    in the E, F, X and Z series.
  • Large program of work
  • 12 new work items added to work program in 2013
  • September 2013 meeting approved 1
    Recommendations, and 1 Amendment 6
    Recommendations and one Corrigendum in TAP
  • 89 new or revised Recommendations and other texts
    are under development for approval in January
    2014 or later
  • Work organized into 5 Working Parties with 12
    Questions
  • 7 Correspondence groups operating,
  • See SG17 web page for more informationhttp//itu.
    int/ITU-T/studygroups/com17

13
SG17, Security
Study Group 17
WP 1/17 Fundamental security
WP 2/17 Network and information security
WP 3/17 IdM Cloud Computing Security
WP 4/17 Application security
WP 5/17 Formal languages
Q6/17 Ubiquitousservices
Q1/17 Telecom./ICT security coordination
Q4/17 Cybersecurity
Q8/17 Cloud Computing Security
Q11/17 Directory, PKI, PMI, ODP, ASN.1,
OID, OSI
Q7/17 Applications
Q12/17 Languages Testing
Q2/17 Security architecture and framework
Q5/17 Countering spam
Q10/17 IdM
Q9/17 Telebiometrics
Q3/17 ISM
14
SG17, Working Party Structure
  • WP 1 Fundamental security
    Chairman Koji NAKAO
  • Q1/17 Telecommunication/ICT security coordination
  • Q2/17 Security architecture and framework
  • Q3/17 Telecommunication information security
    management
  • WP 2 Network and information security
    Chairman Sacid
    SARIKAYA
  • Q4/17 Cybersecurity
  • Q5/17 Countering spam by technical means
  • WP 3 Identity management and cloud computing
    security Chairman Heung Youl YOUM
  • Q10/17 Identity management architecture and
    mechanisms
  • Q8/17 Cloud computing security
  • WP 4 Application security
    Chairman Antonio GUIMARAES
  • Q6/17 Security aspects of ubiquitous
    telecommunication services
  • Q7/17 Secure application services
  • Q9/17 Telebiometrics
  • WP 5 Formal languages
    Chairman George LIN

15
Study Group 17 is the Lead Study Group on?
Security? Identity management (IdM)? Languages
and description techniques
  • A study group may be designated by WTSA or TSAG
    as the lead study group for ITU-T studies forming
    a defined programme of work involving a number of
    study groups.
  • This lead study group is responsible for the
    study of the appropriate core Questions.
  • In addition, in consultation with the relevant
    study groups and in collaboration, where
    appropriate, with other standards bodies, the
    lead study group has the responsibility to define
    and maintain the overall framework and to
    coordinate, assign (recognizing the mandates of
    the study groups) and prioritize the studies to
    be carried out by the study groups, and to ensure
    the preparation of consistent, complete and
    timely Recommendations.
  • Extracted from WTSA-12 Resolution 1

16
SG17 is Parent for Joint Coordination
Activities (JCAs) on? Identity management?
Child online protection
  • A joint coordination activity (JCA) is a tool for
    management of the work programme of ITU-T when
    there is a need to address a broad subject
    covering the area of competence of more than one
    study group. A JCA may help to coordinate the
    planned work effort in terms of subject matter,
    time-frames for meetings, collocated meetings
    where necessary and publication goals including,
    where appropriate, release planning of the
    resulting Recommendations.
  • The establishment of a JCA aims mainly at
    improving coordination and planning. The work
    itself will continue to be conducted by the
    relevant study groups and the results are subject
    to the normal approval processes within each
    study group. A JCA may identify technical and
    strategic issues within the scope of its
    coordination role, but will not perform technical
    studies nor write Recommendations. A JCA may also
    address coordination of activities with
    recognized standards development organizations
    (SDOs) and forums, including periodic discussion
    of work plans and schedules of deliverables. The
    study groups take JCA suggestions into
    consideration as they carry out their work.
  • Extracted from Recommendation ITU-T A.1

17
ITU-T Joint Coordination Activity on Identity
Management (JCA-IdM)
  • Coordinates of the ITU-T identity management
    (IdM) work.
  • Ensures that the ITU-T IdM work is progressed in
    a well-coordinated way between study groups, in
    particular with SG2, SG13 and SG17.
  • Analyzes IdM standardization items and
    coordinates an associated roadmap with ITU-T
    Q10/17.
  • Acts as a point of contact within ITU-T and with
    other SDOs/Fora on IdM in order to avoid
    duplication of work and assist in implementing
    the IdM tasks assigned by WTSA-12 Resolution 2
    and in implementing GSC-16 Resolution 4 on
    identity management.
  • In carrying out the JCA-IdMs external
    collaboration role, representatives from other
    relevant recognized SDOs/Fora and
    regional/national organizations may be invited to
    join the JCA-IdM.
  • Maintains IdM roadmap and landscape
    document/WIKI.
  • JCA-COP co-chairmen
  • Mr. Jon Shamah, United Kingdom,
  • Mr. Hiroshi Takechi, LAC Co., Ltd, Japan.

18
ITU-T Joint Coordination Activity on Child Online
Protection (JCA-COP)
  • Purpose and objectives
  • co-ordinates activity on COP across ITU-T study
    groups, in particular Study Groups 2, 9, 13, 15,
    16 and 17, and coordinates with ITU-R, ITU-D and
    the Council Working Group on Child Online
    Protection
  • provides a visible contact point for COP in
    ITU-T.
  • cooperates with external bodies working in the
    field of COP, and enables effective two-way
    communication with these bodies
  • Tasks
  • Maintain a list of representatives for COP in
    each study group
  • Exchange information relevant to COP between all
    stakeholders.
  • Promote a coordinated approach towards any
    identified and necessary areas of standardization
  • Address coordination of activity with relevant
    SDOs and forums, including periodic discussion of
    work plans and schedules of deliverables on COP
    (if any)
  • JCA-COP co-chairmen
  • Ms Ashley Heineman, United States,
  • Mr Philip Rushton, United Kingdom.

19
SG 17 Lead Study Group roles - Coordination
Collaboration
  • 3 Lead Study Group responsibilities
  • Security,
  • Identity management, and
  • Languages and description techniques
  • Joint Coordination Activity on Identity
    Management (JCA-IdM)
  • Joint Coordination Activity on Child Online
    Protection (JCA-COP)
  • The two JCAs will run in conjunction with ITU-T
    SG17 meeting(15 24 January 2014)

20
ITU-T SG17Security Recommendations
  • Security architecture
  • OSI security architecture (X.800)
  • OSI security models (X.802, X.803, X.830, X.831,
    X.832, X.833, X.834, X.835)
  • OSI security frameworks for open systems (X.810,
    X.811, X.812, X.813, X.814, X.815, X.816, X.841)
  • Security architecture for systems providing
    end-to-end communications (X.805)
  • Security architecture aspects (X.1031, X.1032)
  • IP-based telecommunication network security
    system (TNSS) (X.1032)
  • Security architectural elements in Recommendation
    ITU-T X.805

21
ITU-T SG17 (cntd)Security Recommendations
  • Fast infoset security (X.893)
  • Public Key Infrastructure and Trusted Third Party
    Services
  • Public-key and attribute certificate frameworks
    (X.509)
  • Guidelines for the use of Trusted Third Party
    services (X.842)
  • Specification of TTP services to support the
    application of digital signatures (X.843)

22
ITU-T SG17 (cntd)Security Recommendations
  • Security protocols
  • EAP guideline (X.1034)
  • Password authenticated key exchange protocol
    (X.1035)
  • Technical security guideline on deploying IPv6
    (X.1037)
  • Guideline on secure password-based authentication
    protocol with key exchange (X.1151)
  • Secure end-to-end data communication techniques
    using trusted third party services (X.1152)
  • Management framework of a one time password-based
    authentication service (X.1153)
  • General framework of combined authentication on
    multiple identity service provider environments
    (X.1154)
  • Non-repudiation framework based on a one time
    password (X.1156)
  • OSI Network transport layer security protocol
    (X.273, X.274)

23
ITU-T SG17 (cntd)Security Recommendations
  • Information Security Management
  • Information Security Management System (X.1051,
    X.1052)
  • Governance of information security (X.1054)
  • Risk management and risk profile guidelines
    (X.1055)
  • Security incident management guidelines (X.1056)
  • Asset management guidelines (X.1057)

X.1055 - Risk management process
  • X.1052 - Information Security Management

X.1057 - Asset management process
24
ITU-T SG17 (cntd)Security Recommendations
  • Incident organization and security incident
    handling Guidelines for telecommunication
    organizations (E.409)

X.1056 - Five high-level incident management
processes
E.409 - pyramid of events and incidents
25
ITU-T SG17 (cntd)Security Recommendations
  • Telebiometrics
  • e-Health generic telecommunication protocol
    (X.1081.1)
  • telebiometric multimodal framework model (X.1081)
  • BioAPI interworking protocol (X.1083)
  • General biometric authentication protocol
    (X.1084, X.1088)
  • Telebiometrics authentication infrastructure
    (X.1089)

Telebiometric authenticationof an end user
Biometric-key generation
26
ITU-T SG17 (cntd)Security Recommendations
  • Multicast security requirements (X.1101)
  • Home network security (X.1111, X.1112, X.1113,
    X.1114)

X.1113 - Authentication service flows for the
home network
27
ITU-T SG17 (cntd)Security Recommendations
  • Secure mobile systems (X.1121, X.1122, X.1123,
    X.1124, X.1125)

X.1121 - Threats in the mobile end-to-end
communications
28
ITU-T SG17 (cntd)Security Recommendations
  • Peer-to-peer security (X.1161, X.1162, X.1164)
  • IPTV security and content protection
    (X.1191-X.1198)

X.1191 - General security architecture for IPTV
29
ITU-T SG17 (cntd)Security Recommendations
  • Web Security
  • Security Assertion Markup Language (X.1141)
  • eXtensible Access Control Markup Language
    (X.1142, X.1144)
  • Security architecture for message security in
    mobile web services (X.1143)

X.1141 - Basic template for achieving SSO
30
ITU-T SG17 (cntd)Security Recommendations
  • Networked ID security
  • Threats and requirements for protection of
    personally identifiable information in
    applications using tag-based identification
    (X.1171)

X.1171 - PII infringement through information
leakage
X.1171 - General PII protection service (PPS)
service flow
31
ITU-T SG17 (cntd)Security Recommendations
  • Ubiquitous sensor network security
  • Information technology Security framework for
    ubiquitous sensor networks (X.1311)
  • Ubiquitous sensor network middleware security
    guidelines (X.1312)
  • Security requirements for wireless sensor network
    routing (X.1313)

X.1311 - Security model for USN
X.1312 - Security functionsfor USN middleware
32
ITU-T SG17 (cntd)Security Recommendations
  • Incident organization and security incident
    handling Guidelines for telecommunication
    organizations (E.409)
  • Cloud computing security
  • Security framework for cloud computing (draft
    X.1600 , X.ccsec)

E.409 - pyramid of events and incidents
33
ITU-T SG17 (cntd)Security Recommendations
  • CYBERSPACE SECURITY Cybersecurity
  • Overview of cybersecurity (X.1205)
  • A vendor-neutral framework for automatic
    notification of security related information and
    dissemination of updates (X.1206)
  • Guidelines for telecommunication service
    providers for addressing the risk of spyware and
    potentially unwanted software (X.1207)
  • A cybersecurity indicator of risk to enhance
    confidence and security in the use of
    telecommunication/information and communication
    technology (draft X.1208, X.csi)
  • Capabilities and their context scenarios for
    cybersecurity information sharing and exchange
    (X.1209)
  • Overview of source-based security troubleshooting
    mechanisms for Internet protocol-based networks
    (draft X.1210 , X.trm)
  • Emergency communications
  • Common alerting protocol (CAP 1.1) (X.1303)

34
ITU-T SG17 (cntd)Security Recommendations
  • CYBERSECURITY INFORMATION EXCHANGE (CYBEX)
  • Overview of cybersecurity information exchange
    (X.1500)
  • Procedures for the registration of arcs under the
    object identifier arc for cybersecurity
    information exchange (X.1500.1)
  • Common vulnerabilities and exposures (X.1520)

X.1500 - CYBEX model
35
ITU-T SG17 (cntd)Security Recommendations
  • CYBEX vulnerability/state exchange
  • Common vulnerability scoring system (X.1521)
  • Common weakness enumeration (X.1524)
  • Open vulnerability and assessment language
    (X.1526)
  • Common platform enumeration (X.1528.x)

X.1521 - CVSS metric groups
36
ITU-T SG17 (cntd)Security Recommendations
  • CYBEX event/incident/heuristics exchange
  • Incident object description exchange format
    (X.1541)
  • Common attack pattern enumeration and
    classification (X.1544)
  • Malware attribute enumeration and classification
    (X.1546 , X.maec)

37
ITU-T SG17 (cntd)Security Recommendations
  • CYBEX identification and discovery
  • Discovery mechanisms in the exchange of
    cybersecurity information (X.1570)

X.1570 - Cybersecurity operational information
ontology
38
ITU-T SG17 (cntd)Security Recommendations
  • CYBEX event/incident/heuristics exchange
  • Incident object description exchange format
    (X.1541)
  • Common attack pattern enumeration and
    classification (X.1544)
  • Malware attribute enumeration and classification
    (X.1546 , X.maec)
  • CYBEX identification and discovery
  • Discovery mechanisms in the exchange of
    cybersecurity information (X.1570)
  • CYBEX assured exchange
  • Real-time inter-network defence (X.1580)
  • Transport of real-time inter-network defence
    messages (X.1581)
  • Transport protocols supporting cybersecurity
    information exchange (Draft X.1582, X.cybex-tp)

39
ITU-T SG17 (cntd)Security Recommendations
  • Countering spam
  • Technical strategies for countering spam (X.1231)
  • Technologies involved in countering email spam
    (X.1240)
  • Technical framework for countering email spam
    (X.1241)
  • Short message service (SMS) spam filtering system
    based on user-specified rules (X.1242)
  • Interactive gateway system for countering spam
    (X.1243)
  • Overall aspects of countering spam in IP-based
    multimedia applications (X.1244)
  • Framework for countering spam in IP-based
    multimedia applications (X.1245)
  • Note These Recommendations do not address the
    content-related aspects of telecommunications
    (ref. ITR 2012).

40
ITU-T SG17 (cntd)Security Recommendations
X.1241 - General structure ofe-mail anti-spam
processing domain
X.1231 - General modelfor countering spam
X.1245 - Framework for countering IP media spam
41
ITU-T SG17 (cntd)Security Recommendations
  • Identity management (IdM)
  • Baseline capabilities for enhanced global
    identity management and interoperability (X.1250)
  • A framework for user control of digital identity
    (X.1251)
  • Baseline identity management terms and
    definitions (X.1252)
  • Security guidelines for identity management
    systems (X.1253)
  • Entity authentication assurance framework
    (X.1254)
  • Framework for discovery of identity management
    information (X.1255)
  • Guidelines on protection of personally
    identifiable information in the application of
    RFID technology (X.1275)

42
ITU-T SG17 (cntd)Security Recommendations
X.1254 - Overview of the entity authentication
assurance framework
Level Description
1 Low Little or no confidence in the claimed or asserted identity
2 Medium Some confidence in the claimed or asserted identity
3 High High confidence in the claimed or asserted identity
4 Very high Very high confidence in the claimed or asserted identity
X.1254 - Levels of assurance
43
Security Project
  • Security Coordination
  • Coordinate security matters within SG17, with
    ITU-T SGs, ITU-D and externally with other SDOs
  • Maintain reference information on LSG security
    webpage
  • ICT Security Standards Roadmap
  • Searchable database of approved ICT security
    standards from ITU-T, ISO/IEC, ETSI and others
  • Security Compendium
  • Catalogue of approved security-related
    Recommendations and security definitions
    extracted from approved Recommendations
  • ITU-T Security Manual
  • 5th edition published in 2013

44
Question 1/17Telecommunication/ICT security
coordination
  • Security Coordination
  • Coordinate security matters within SG17, with
    ITU-T SGs, ITU-D, ITU-R and externally with other
    SDOs
  • Maintain reference information on LSG security
    webpage
  • ICT Security Standards Roadmap
  • Searchable database of approved ICT security
    standards from ITU-T, ISO/IEC, ETSI and others
  • Security Compendium
  • Catalogue of approved security-related
    Recommendations and security definitions
    extracted from approved Recommendations
  • ITU-T Security Manual
  • 5th edition was published in January 2013
  • Promotion (ITU-T security work and attract
    participation)
  • Security Workshops

45
Question 1/17 (cntd)Telecommunication/ICT
security coordination
  • SG17 Strategic Plan / Vision for SG17
  • Internal SG17 Coordination
  • SDN security
  • Future Network security
  • Verification process for cryptographic protocols
  • Terminology issues that impact users of
    Recommendations
  • References in Recommendations to withdrawn
    standards
  • Guidelines for correspondence groups
  • Regional and sub-regional coordinators for SG17
  • Actions/achievements in support of WTSA, PP, WTDC
    Resolutions
  • Bridging the standardization gap
  • Rapporteur Mohamed M.K. ELHAJ

46
Question 2/17Security Architecture and Framework
  • Responsible for general security architecture and
    framework for telecommunication systems
  • 2 Recommendations and 4 Supplements approved in
    last study period
  • 1 Recommendation approved in this study period
  • Recommendations currently under study include
  • X.gsiiso, Guidelines on security of the
    individual information service for
    operators
  • X.mgv6, Supplement to ITU-T X.1037 Supplement
    on security management guideline
    for implementation of IPv6 environment
    in telecommunications organizations
  • Relationships with ISO/IEC JTC 1 SCs 27 and 37,
    IEC TC 25, ISO TC 12, IETF, ATIS, ETSI, 3GPP,
    3GPP2
  • Rapporteur Patrick MWESIGWA

47
Question 3/17Telecommunication information
security management
  • Responsible for information security management -
    X.1051, etc.
  • 5 Recommendations approved in last study period
  • Developing specific guidelines including
  • X.1051rev, Information technology Security
    techniques Information
    security management guidelines for
    telecommunications
    organizations based on ISO/IEC 27002
  • X.gpim, Guideline for management of personally
    identifiable information for
    telecommunication organizations.
  • X.sgsm, Information security management
    guidelines for small and medium
    telecommunication organizations
  • X.sup1056, Supplement to ITU-T X.1056 Related
    Recommendations, International
    Standards and documents for
    security incident management
  • Close collaboration with ISO/IEC JTC 1/SC 27
  • Rapporteur Miho NAGANUMA

48
Question 4/17 Cybersecurity
  • Cybersecurity by design no longer possible a new
    paradigm
  • know your weaknesses ? minimize the
    vulnerabilities
  • know your attacks ? share the heuristics within
    trust communities
  • Current work program (17 Recommendations under
    development)
  • X.1500 suite Cybersecurity Information Exchange
    (CYBEX) non-prescriptive, extensible,
    complementary techniques for the new paradigm
  • Weakness, vulnerability and state
  • Event, incident, and heuristics
  • Information exchange policy
  • Identification, discovery, and query
  • Identity assurance
  • Exchange protocols
  • Non-CYBEX deliverables include compendiums and
    guidelines for
  • Abnormal traffic detection
  • Botnet mitigation
  • Attack source attribution (including traceback)
  • Extensive relationships with many external bodies
  • Rapporteur Youki KADOBAYASHI

49
Question 4/17 (cntd)Cybersecurity
  • 16 Recommendations and 3 Supplements approved in
    last study period
  • 2 Recommendations and 2 Supplements approved in
    this study period
  • Recommendations in TAP approval process
  • X.1208 (X.csi), A cybersecurity indicator of risk
    to enhance confidence and security in the use of
    telecommunication/information and communication
    technology
  • X.1210 ( X.trm), Overview of source-based
    security troubleshooting mechanisms for Internet
    protocol-based networks
  • X.1520rev, Common vulnerabilities and exposures
  • X.1526rev (X.oval), Open vulnerability and
    assessment language
  • X.1546 (X.maec), Malware attribute enumeration
    and characterization
  • X.1582 (X.cybex-tp), Transport protocols
    supporting cybersecurity information exchange

For approval
For approval
For approval
For approval
For approval
For approval
50
Question 4/17 (cntd)Cybersecurity
  • Recommendations on CYBEX currently under study
    include
  • X.1500 Amd.5, Overview of cybersecurity
    information exchange
    Amendment 5 - Revised structured cybersecurity
    information exchange
    techniques
  • X.cee, Common event expression
  • X.cee.1, CEE overview
  • X.cee.2, CEE profile
  • X.cee.3, CEE common log syntax (CLS)
  • X.cee.4, CEE common log transport (CLT)
    requirements
  • X.csmc, An iterative model for cybersecurity
    operation using CYBEX techniques
  • X.cwss, Common weakness scoring system
  • X.cybex-beep, Use of BEEP for cybersecurity
    information exchange
  • Recommendations (non-CYBEX) currently under study
    include
  • X.cap, Common alerting protocol (CAP 1.2)
  • X.eipwa, Guideline on techniques for preventing
    web-based attacks

For agreement
For determ.
For consent
For determ
51
Question 5/17Countering spam by technical means
  • Lead group in ITU-T on countering spam by
    technical means in support of WTSA-12 Resolution
    52 (Countering and combating spam)
  • 3 Recommendations and 4 Supplements approved in
    last study period
  • Recommendations currently under study
    include(see structure in next slide)
  • X.1243 Cor.1, Corrigendum 1 to Recommendation
    ITU-T X.1243
  • X.tfcmm, Technical framework for countering
    mobile messaging spam
  • X.ticvs, Technologies involved in countering
    voice spam in telecommunication
    organizations
  • Effective cooperation with ITU-D, IETF, ISO/IEC
    JTC 1, 3GPP, OECD, MAAWG, ENISA and other
    organizations
  • Rapporteur Hongwei LUO

For approval
52
Question 5/17 (cntd)Countering spam by
technical means

Technical strategies on countering spam(X.1231)
Technologies involved in countering email
spam(X.1240)
Overall aspects of countering spam in IP-based
multimedia applications(X.1244)
Overall aspects of countering mobile messaging
spam(X-series Supplement 12 to ITU-T X.1240)
Technical framework for countering email
spam(X.1241)
Framework for countering IP multimedia
spam(X.1245) Framework based on real-time
blocking list (RBL) for countering VoIP
spam(X-series Supplement 11 to Recommendation
ITU-T X.1245)
Short message service (SMS) spam filtering system
based on user-specified rules(X.1242) Technical
framework for countering mobile messaging
spam(X.tfcmm)
Interactive gateway system for countering
spam(X.1243) A practical reference model for
countering email spam using botnet
information(X-series Supplement 14 to ITU-T
X.1243) Technologies involved in countering voice
spam in telecommunication organizations(X.ticvs)
Supplement on countering spam and associated
threats(X-series Supplement 6 to ITU-T X.1240
series)
53
Question 8/17Cloud computing security
  • Recommendations currently under study include
  • Security aspects of cloud computing
  • X.1600 (X.ccsec), Security framework for cloud
    computing
  • X.cc-control, Information technology Security
    techniques Code of
    practice for information security controls for
    cloud computing services
    based on ISO/IEC 27002
  • X.goscc, Guidelines of operational security for
    cloud computing
  • Security aspects of service oriented architecture
  • X.fsspvn, Framework of the secure service
    platform for virtual network
  • X.sfcsc, Security functional requirements for
    Software as a Service (SaaS)
    application environment
  • Working closely with ITU-T SG 13, JCA-Cloud,
    ISO/IEC JTC 1/SCs 27 and 38, and Cloud Security
    Alliance on cloud computing
  • Rapporteur Liang WEI

For approval
54
Question 10/17Identity Management (IdM)
  • Identity Management (IdM)
  • IdM is a security enabler by providing trust in
    the identity of both parties to an e-transaction
  • IdM also provides network operators an
    opportunity to increase revenues by offering
    advanced identity-based services
  • The focus of ITU-Ts IdM work is on global trust
    and interoperability of diverse IdM capabilities
    in telecommunication.
  • Work is focused on leveraging and bridging
    existing solutions
  • This Question is dedicated to the vision setting
    and the coordination and organization of the
    entire range of IdM activities within ITU-T
  • Key focus
  • Adoption of interoperable federated identity
    frameworks that use a variety of authentication
    methods with well understood security and privacy
  • Encourage the use of authentication methods
    resistant to known and projected threats
  • Provide a general trust model for making
    trust-based authentication decisions between two
    or more parties
  • Ensure security of online transactions with focus
    on end-to-end identification and authentication
    of the participants and components involved in
    conducting the transaction, including people,
    devices, and services
  • 8 Recommendations and 1 Supplement approved in
    last study period.
  • 1 Recommendation approved in his study period

55
Question 10/17 (cntd)Identity Management (IdM)
  • Recommendations under development
  • X.atag, Attribute aggregation framework
  • X.authi, Guideline to implement the
    authentication integration of the network layer
    and the service layer.
  • X.giim, Mechanisms to support interoperability
    across different IdM services
  • X.iamt, Identity and access management taxonomy
  • X.idmcc, Requirement of IdM in cloud computing
  • X.idmts, Framework for the interoperable exchange
    of trusted services
  • X.oitf, Open identity trust framework
  • X.scim-use, Application of system for cross
    identity management (SCIM) in
    telecommunication environments
  • Engagement
  • JCA-IdM
  • Related standardization bodies ISO/IEC JTC 1 SCs
    6, 27 and 37 IETF ATIS ETSI/TISPAN OASIS
    Kantara Initiative OMA NIST 3GPP 3GPP2
    Eclipse OpenID Foundation OIX etc.
  • Rapporteur Abbie BARBIR

For determ.
For determ.
56
Question 6/17Security aspects of ubiquitous
telecommunication services
  • Responsible for multicast security, home network
    security, mobile security, networked ID security,
    IPTV security, ubiquitous sensor network
    security, intelligent transport system security,
    and smart grid security
  • 13 Recommendations approved in last study period.
  • 1 Recommendation and 1 Supplement approved in
    this study period.
  • Recommendations currently under study include
  • X.msec-7, Guidelines on the management of
    infected terminals in mobile networks
  • X.msec-8, Secure application distribution
    framework for communication devices
  • X.sgsec-1, Security functional architecture for
    smart grid services using
    telecommunication network
  • X.unsec-1, Security requirements and framework of
    ubiquitous networking
  • Close relationship with JCA-IPTV and ISO/IEC JTC
    1/SC 6/WG 7
  • Rapporteur Jonghyun BAEK

57
Question 7/17Secure application services
  • Responsible for web security, security protocols,
    peer-to-peer security
  • 2 Recommendations, and 1 Supplement approved in
    last study period
  • 3 Recommendations approved in this study period
  • Recommendations currently under study include
  • X.1141 Amd.1, Security Assertion Markup Language
    (SAML) 2.0 Amendment 1 Errata
  • X.1142 Amd.1, eXtensible Access Control Markup
    Language (XACML 2.0)
    Amendment 1 Errata
  • X.p2p-3, Security requirements and mechanisms of
    peer-to-peer based telecommunication
    network
  • X.sap-5, Guideline on local linkable anonymous
    authentication for electronic services
  • X.sap-7, Technical capabilities of fraud
    detection and response for services with high
    assurance level requirements
  • X.sap-8, Efficient multi-factor authentication
    mechanisms using mobile devices
  • X.sap-9, Delegated non-repudiation architecture
    based on ITU-T X.813
  • X.websec-5, Security architecture and operations
    for web mashup services
  • Relationships include OASIS, OMA, W3C, ISO/IEC
    JTC 1/SC 27, Kantara Initiative
  • Rapporteur Jae Hoon NAH

For consent
For consent
58
Question 9/17Telebiometrics
  • Current focus
  • Security requirements and guidelines for
    applications of telebiometrics
  • Requirements for evaluating security, conformance
    and interoperability with privacy protection
    techniques for applications of telebiometrics
  • Requirements for telebiometric applications in a
    high functionality network
  • Requirements for telebiometric multi-factor
    authentication techniques based on biometric data
    protection and biometric encryption
  • Requirements for appropriate generic protocols
    providing safety, security, privacy protection,
    and consent for manipulating biometric data in
    applications of telebiometrics, e.g., e-health,
    telemedicine
  • 11 Recommendations approved in last study period.
  • 1 Recommendation approved in this study period.

59
Question 9/17 (cntd)Telebiometrics
  • Recommendations under development
  • X.bhsm, Information technology Security
    Techniques Telebiometric
    authentication framework using biometric hardware
    security module
  • X.tam, A guideline to technical and operational
    countermeasures for telebiometric
    applications using mobile devices
  • X.th-series, e-Health and world-wide
    telemedicines
  • X.th2, Telebiometrics related to physics
  • X.th3, Telebiometrics related to chemistry
  • X.th4, Telebiometrics related to biology
  • X.th5, Telebiometrics related to culturology
  • X.th6, Telebiometrics related to psychology
  • Close working relationship with ISO/IEC JTC 1/SCs
    17, 27 and 37, ISO TCs 12, 68 and 215, IEC TC 25,
    IETF, IEEE
  • Rapporteur John CARAS

For determ.
60
Question 11/17Generic technologies to support
secure applications
  • Q11/17 consists of four main parts
  • X.500 directory, Public-Key Infrastructure (PKI),
    Privilege Management Infrastructure (PMI)
  • Abstract Syntax Notation 1 (ASN.1), Object
    Identifier (OID)
  • Open Distributed Processing (ODP)
  • Open Systems Interconnection (OSI)
  • Rapporteur Erik ANDERSEN

61
Question 11/17Generic technologies to support
secure applications(parts Directory, PKI, PMI)
  • Three Directory Projects
  • ITU-T X.500 Series of Recommendations ISO/IEC
    9594 - all parts The Directory
  • ITU-T E.115 - Computerized directory assistance
  • ITU-T F.5xx - Directory Service - Support of
    tag-based identification services
  • X.500 series is a specification for a highly
    secure, versatile and distributed directory
  • X.500 work is collaborative with ISO/IEC JTC 1/SC
    6/WG 10
  • 20 Recommendations and many Corrigenda approved
    in last study period.

62
Question 11/17Generic technologies to support
secure applications(parts Directory, PKI, PMI)
  • Recommendations under development
  • F.5xx, Directory Service - Support of Tag-based
    Identification Services
  • X.500rev (8th ed), Information technology Open
    Systems Interconnection The Directory Overview
    of concepts,
    models and services
  • X.501rev (8th ed), Information technology Open
    Systems Interconnection The Directory Models
  • X.509rev (8th ed), Information technology Open
    Systems Interconnection The Directory
    Public-key and
    attribute certificate frameworks
  • X.511rev (8th ed), Information technology Open
    Systems Interconnection The Directory
    Abstract Service
    Definition
  • X.518rev (8th ed), Information technology Open
    Systems Interconnection The Directory
    Procedures for
    Distributed Operations
  • X.519rev (8th ed), Information technology Open
    Systems Interconnection The Directory
    Protocols
  • X.520rev (8th ed), Information technology Open
    Systems Interconnection The Directory
    Selected
    Attribute Types
  • X.521rev (8th ed), Information technology Open
    Systems Interconnection The Directory
    Selected object
    classes
  • X.525rev (8th ed), Information technology Open
    Systems Interconnection The Directory
    Replication
  • X.cmail, Certified mail transport and certified
    post office protocols
  • X.pki-em, Information Technology - Public-Key
    Infrastructure Establishment and maintenance
  • X.pki-prof, Information Technology - Public-Key
    Infrastructure Profile
  • TR HBPKI, Technical Report New challenges for
    Public-Key Infrastructure standardization Mobile
    Networks, Machine-to-Machine communication, Cloud
    Computing and Smart Grid

For consent
For agreement
63
Question 11/17Generic technologies to support
secure applications(parts Directory, PKI, PMI)
  • ITU-T X.509 on public-key/attribute certificates
    is the cornerstone for security
  • Base specification for public-key certificates
    and for attribute certificates
  • Has a versatile extension feature allowing
    additions of new fields to certificates
  • Basic architecture for revocation
  • Base specification for Public-Key Infrastructure
    (PKI)
  • Base specifications for Privilege Management
    Infrastructure (PMI)
  • ITU-T X.509 is used in many different areas
  • Basis for eGovernment, eBusiness, etc. all over
    the world
  • Used for IPsec, cloud computing, and many other
    areas
  • Is the base specification for many other
    groups(PKIX in IETF, ESI in ETSI, CA Browser
    Forum, etc.)

64
Question 11/17Generic technologies to support
secure applications(parts ASN.1, OID)
  • Developing and maintaining the heavily used
    Abstract Syntax Notation One (ASN.1) and Object
    Identifier (OID) specifications
  • Recommendations are in the X.680 (ASN.1), X.690 (
    ASN.1 Encoding Rules), X.660/X.670 (OID
    Registration), and X.890 (Generic Applications,
    such as Fast Infoset, Fast Web services, etc)
    series
  • 13 Recommendations and several Corrigenda
    approved in last study period
  • Giving advice on the management of OID
    Registration Authorities, particularly within
    developing countries, through the OID Project
    Leader Olivier Dubuisson
  • Approving new top arcs of the Object Identifier
    tree as necessary
  • Promoting use of OID resolution system by other
    groups such as SG16
  • Repository of OID allocations and a database of
    ASN.1 modules
  • Promoting the term description and encoding of
    structured data as what ASN.1 is actually about
  • ASN.1 Packed Encoding Rules reduces the bandwidth
    required for communication thus conserving energy
    (e.g., compared with XML)
  • Recommendations under development
  • X.680/X.690-series Technical Corrigenda
  • X.cms, Cryptographic Message Syntax (CMS)
  • X.oer, Specification of Octet Encoding Rules
    (OER)
  • X.orf, OID-based resolution framework for
    heterogeneous identifiers/locators
  • Work is collaborative with ISO/IEC JTC 1/SC 6/WG
    10

For consent
65
Question 11/17Generic technologies to support
secure applications(part ODP)
  • Open Distributed Processing (ODP)
  • ODP (X.900 series in collaboration with ISO/IEC
    JTC 1/SC 7/WG 19)
  • Recommendations under development
  • X.906rev, Open distributed processing Use of
    UML for ODP system
    specification
  • X.911rev, Open distributed processing Reference
    model Enterprise language
  • Work is carried out in collaboration with ISO/IEC
    JTC 1

66
Question 11/17Generic technologies to support
secure applications(part OSI)
  • Ongoing maintenance of the OSI X-series
    Recommendations and the OSI Implementers Guide
  • OSI Architecture
  • Message Handling
  • Transaction Processing
  • Commitment, Concurrency and Recovery (CCR)
  • Remote Operations
  • Reliable Transfer
  • Quality of Service
  • Upper layers Application, Presentation, and
    Session
  • Lower Layers Transport, Network, Data Link, and
    Physical
  • 109 approved Recommendations (from former study
    periods)
  • Work is carried out in collaboration with ISO/IEC
    JTC 1

67
Question 12/17Formal languages for
telecommunication software and testing
  • Languages and methods for requirements,
    specification implementation
  • Q12/17 consists of three parts
  • Formal languages for telecommunication software
  • Methodology using formal languages for
    telecommunication software
  • Testing languages
  • 18 Recommendations, 1 Amendment, 1 Implementers
    Guide approved in last study period.
  • 3 new and 9 revised Recommendations approved in
    this study period.
  • Rapporteur Dieter HOGREFE

68
Question 12/17Formal languages for
telecommunication software and testing(part
Formal languages for telecommunication software)
  • Languages and methods for requirements,
    specification implementation
  • Recommendations for
  • Specification and Description Language (Z.100
    series)
  • Message Sequence Chart (Z.120 series)
  • User Requirements Notation (Z.150 series)
  • Framework and profiles for Unified Modeling
    Language, as well as use of languages (Z.110,
    Z.111, Z.400, Z.450).
  • These techniques enable high quality
    Recommendations to be written from which formal
    tests can be derived, and products to be cost
    effectively developed.
  • Recommendations under development
  • Z.100 Annex F1rev , Specification and Description
    Language - Overview of SDL-2010
    SDL formal definition
    General overview
  • Z.100 Annex F2rev, Specification and Description
    Language - Overview of SDL-2010
    SDL formal definition Static
    semantics
  • Z.100 Annex F3rev, Specification and Description
    Language - Overview of SDL-2010
    SDL formal definition
    Dynamic semantics
  • Relationship with SDL Forum Society

For consent
For consent
For consent
69
Question 12/17Formal languages for
telecommunication software and testing(part
Methodology using formal languages for
telecommunication software)
  • Covers the use of formal ITU system design
    languages (ASN.1, SDL, MSC, URN, TTCN, CHILL) to
    define the requirements, architecture, and
    behaviour of telecommunications systems
    requirements languages, data description,
    behaviour specification, testing and
    implementation languages.
  • The formal languages for these areas of
    engineering are widely used in industry and ITU-T
    and commercial tools support them. The languages
    can be applied collectively or individually for
    specification of standards and the realization of
    products, but in all cases a framework and
    methodology is essential for effective use.
  • Responsible for formal languages methodology
    Recommendations Z.110, Z.400, Z.450, Z.600,
    Z.601, and Z.Supp1.
  • Supplement under development
  • Z.Sup1, Supplement 1 to Z-series Recommendations
    ITU-T Z.100-series Supplement on methodology
    on the use of description techniques

For agreement
70
Question 12/17Formal languages for
telecommunication software and testing(part
Testing languages)
  • Testing languages, and Testing and Test Control
    Notation version 3 (TTCN-3)
  • Z.161, Testing and Test Control Notation version
    3 TTCN-3 core language
  • Z.161.1, Testing and Test Control Notation
    version 3 TTCN-3 language extensions Support of
    interfaces with continuous signals
  • Z.161.2, Testing and Test Control Notation
    version 3 TTCN-3 language extensions
    Configuration and deployment support
  • Z.161.3, Testing and Test Control Notation
    version 3 TTCN-3 language extensions Advanced
    parameterization
  • Z.161.4, The Testing and Test Control Notation
    version 3 TTCN-3 Language Extensions Behaviour
    Types
  • Z.165, Testing and Test Control Notation version
    3 TTCN-3 runtime interface (TRI)
  • Z.165.1, Testing and Test Control Notation
    version 3 TTCN-3 extension package Extended TRI
  • Z.166, Testing and Test Control Notation version
    3 TTCN-3 control interface (TCI)
  • Z.167, Testing and Test Control Notation version
    3 TTCN-3 mapping from ASN.1
  • Z.168, Testing and Test Control Notation version
    3 The IDL to TTCN-3 mapping
  • Z.169, Testing and Test Control Notation version
    3 Using XML schema with TTCN-3
  • Z.170, Testing and Test Control Notation version
    3 TTCN-3 documentation comment specification
  • Provides support for WTSA-12 Resolution 76 on
    conformance and interoperability testing
  • Close liaisons with SG11, JCA-CIT and ETSI.

71
Security CoordinationSecurity activities in
other ITU-T Study Groups
  • ITU-T SG2 Operational aspects TMN
  • International Emergency Preference Scheme,
    ETS/TDR
  • Disaster Relief Systems, Network Resilience and
    Recovery
  • Network and service operations and maintenance
    procedures, E.408
  • TMN security, TMN PKI,
  • ITU-T SG5 Environment and climate change
  • protection from lightning damage, from
    Electromagnetic Compatibility (EMC) issues and
    also the effects of High-Altitude Electromagnetic
    Pulse (HEMP) and High Power Electromagnetic
    (HPEM) attack and Intentional Electromagnetic
    Interference (IEMI)
  • ITU-T SG9 Integrated broadband cable and TV
  • Conditional access, copy protection, HDLC
    privacy,
  • DOCSIS privacy/security
  • IPCablecom 2 (IMS w. security), MediaHomeNet
    security gateway, DRM,
  • ITU-T SG11 Signaling Protocols and Testing
  • EAP-AKA for NGN
  • methodology for security testing and test
    specification related to security testing
  • ITU-T SG13 Future networks including cloud
    computing, mobile, NGN, SDN
  • Security and identity management in evolving
    managed networks
  • Deep packet inspection
  • ITU-T SG15 Networks and infrastructures for
    transport, access and home
  • Reliability, availability, Ethernet/MPLS
    protection switching

72
Coordination with other bodies
Study Group 17
ITU-D, ITU-R, xyz
73
SG17 collaborative work with ISO/IEC JTC 1
Existing relationships having collaborative
(joint) projects
JTC 1 SG 17 Question Subject
SC 6/WG 7 Q6/17 Ubiquitous networking
SC 6/WG 10 Q11/17 Directory, ASN.1, OIDs, and Registration
SC 7/WG 19 Q11/17 Open Distributed Processing (ODP)
SC 27/WG 1 Q3/17 Information Security Management System (ISMS)
SC 27/WG 3 Q2/17 Security architecture
SC 27/WG 5 Q10/17 Identity Management (IdM)
SC 37 Q9/17 Telebiometrics
Note In addition to collaborative work,
extensive communications and liaison
relationships exist with the following JTC 1 SCs
6, 7, 17, 22, 27, 31, 37 and 38 on a wide range
of topics. All SG17 Questions are involved.
74
SG17 collaborative work with ISO/IEC JTC 1 (cntd)
  • Guide for ITU-T and ISO/IEC JTC 1 Cooperation
  • http//itu.int/rec/T-REC-A.23-201002-I!AnnA
  • Listing of common text and technically aligned
    Recommendations International Standards
  • http//itu.int/oth/T0A0D000011
  • Mapping between ISO/IEC International Standards
    and ITU-T Recommendations
  • http//itu.int/oth/T0A0D000012
  • Relationships of SG17 Questions with JTC 1
    SCsthat categorizes the nature of relationships
    as
  • joint work (e.g., common texts or twin texts)
  • technical collaboration by liaison mechanism
  • informational liaison
  • http//itu.int/en/ITU-T/studygroups/com17/Pages/re
    lationships.aspx

75
Study Group 17 Meetings
  • For 2014, Study Group 17 meeting has been
    scheduled for
  • 17 26 September 2014 (8 days), Geneva,
    Switzerland (tbc) (preceded by 1 ½ day ITU
    security workshop)

76
Reference links
  • Webpage for ITU-T Study Group 17
  • http//itu.int/ITU-T/studygroups/com17
  • Webpage on ICT security standard roadmap
  • http//itu.int/ITU-T/studygroups/com17/ict
  • Webpage on ICT cybersecurity organizations
  • http//itu.int/ITU-T/studygroups/com17/nfvo
  • Webpage for JCA on identity management
  • http//www.itu.int/en/ITU-T/jca/idm
  • Webpage for JCA on child online protection
  • http//www.itu.int/en/ITU-T/jca/COP
  • Webpage on lead study group on security
  • http//itu.int/en/ITU-T/studygroups/com17/Pages/te
    lesecurity.aspx
  • Webpage on lead study group on identity
    management
  • http//itu.int/en/ITU-T/studygroups/com17/Pages/id
    m.aspx
  • Webpage on lead study group on languages and
    description techniques
  • http//itu.int/en/ITU-T/studygroups/com17/Pages/ld
    t.aspx
About PowerShow.com