160 likes | 360 Views
ITU-T Security and Privacy International Cloud Symposium Washington DC October 2012. Abbie Barbir, Ph.D. Rapporteur, Q10/17 Identity Management Question Abbie.barbir@ties.itu.int. ITU-T Objectives. International Telecommunication Union
E N D
ITU-T Security and Privacy International Cloud Symposium Washington DC October 2012 Abbie Barbir, Ph.D. Rapporteur, Q10/17 Identity Management Question Abbie.barbir@ties.itu.int
ITU-T Objectives • International Telecommunication Union • Develop and publish standards for global ICT interoperability • Identify areas for future standardization • Provide an attractive and effective forum for the development of international standards • Promote the value of ITU standards • Disseminate information and know-how • Cooperate and collaborate • Provide support and assistance
ITU-T Key Features • Truly global public/private partnership • 95% of work is done by private sector • Continuously adapting to market needs • Pre-eminent global ICT standards body
ITU-T Study Groups TSAG SG 12 Quality SG 2 Numbering SG 3 Tariffs SG 13 Future Networks Climate Change& EMC SG 5 Access &Transport Networks SG 15 SG 9 Cable TV SG 16 Multimedia Protocols& Testing SG 17 Security SG 11
Personally Identifiable Information (PII) • Aspects of privacy and protection of PII data is a key concern to the ITU-T (SG 17 ) • Recommendations published have identified security threats and provide guidelines in that area. • Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification. • Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system • Joint Coordination Activity on Internet of Things (JCA-IoT) • Focus Group on Machine-to-Machine Service Layer
SG 17 Questions involved in “privacy” studies • Question 3/17 “Telecommunications information security management” • Question 4/17 “Cybersecurity” • Question 6/17 “Security aspects of ubiquitous telecommunication services” • Question 7/17 “Secure application services” • Question 9/17 “Telebiometrics” • Question 10/17 “Identity management architecture and mechanisms” • Further candidate Questions could be • Question 8/17 “Cloud computing security” • Question 11/17 “Directory services, Directory systems, and public- key/attribute certificates”
Definitions of Privacy in ITU-T Recommendations Privacy • ITU-T X.1252 (04/2010) “Baseline identity management terms and definitions” • The right of individuals to control or influence what personal information related to them may be collected, managed, retained, accessed, and used or distributed. • ITU-T Y.2720 (01/2009) “NGN identity management framework” • The protection of personally identifiable information.
Recommendation X.1171 Threats and requirements for protection of PII in applications using tag-based identification Basic model of a B2C application \
X.1171 Threats PII infringement through information leakage
Guidelines on protection of personally identifiable information in the application of RFID technology Privacy principles (based on privacy principles of: Council of Europe], EC Directive 95/46, EC Directive 2002/58/EC, OECD, and UNHCR) Threats and infringements of PII in RFID Typical RFID applications and possible threats to PII Supply-chain management Transportation and logistics Healthcare and medical application e-government Information service Guidelines on protection for personally identifiable information ITU-T X.1275
Other Work • X.gpim • Draft Recommendation, Guideline for management of personally identifiable information for telecommunication organizations • Big Data view • Scope • provides a guideline of management PII in the context of telecommunications • Possibly joint work Liaison cooperation with ISO/IEC JCT 1/SC 27/WG 1
Internet-of-Things (IoT), ubiquitous sensor networks (USN), Machine-to-Machine (M2M) and network aspects of identification systems, including RFID (NID) play an important role in ITU-T’s standardization activities. Various ITU-T Study Groups and ITU-T initiatives are addressing RFID/NID, IoT, USN and M2M including the security aspects thereof; an initial suite of ITU-T Recommendations has already been developed in that domain and serves as a tool set for standard developers and implementers; yet the comprehensive subject is still emerging and forthcoming drafts are in preparation by the ITU-T Global Standards Initiative (GSI-IoT) where those standards are being developed in cooperation among the experts. Aspects of privacy and protection of PII (personally identifiable information) data is a key concern and first set of ITU-T Recommendations published have identified security threats and provide guidelines in that area. Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification. Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system. Summary
THANK YOU For further information http://www.itu.int/ITU-T http://www.itu.int/ITU-T/studygroups/com17