760 likes | 772 Views
This comprehensive overview provides insights into the security achievements and activities of ITU-T Study Group 17. Covering a wide range of topics including cybersecurity, identity management, and application security, it aims to enhance trust and protection in the use of information and communication technologies. The overview also delves into key responsibilities of SG17, such as developing specific recommendations, managing languages and description techniques, and addressing various security challenges in the ICT domain. With a focus on promoting secure ICT environments, this overview offers valuable information on the group's mandate, work program, and contributions to the telecommunication industry.
E N D
ITU-T Study Groups’Security Achievementsand Security Activities 11 November 2013
ITU-T Study Groups TSAG Review Committee SG 2 Numbering Performance, QoS,QoE SG 12 SG 3 Tariffs, Policy Future Networks,Cloud Computing SG 13 Climate Change& Environment SG 5 Access, Transport,Home Networks SG 15 SG 9 BB Cable TV SG 16 Multimedia Protocols& Testing SG 17 Security SG 11
ITU-T SG2Security Recommendations • TMN security: • Security for the management plane (M.3016.x) • IMT-2000 security management (M.3210.1) M.3210.1 - Fraud Management for Wireless Services
ITU-T SG9Security Recommendations • Cable Modem security (J.112) • IPCablecom security: • IPCablecom security (J.170) • IPCablecom2 Access Security (J.366.7) • IPCablecom2 IP Multimedia Subsystem (IMS): Generic authentication architecture specification (J.366.9) • Renewable conditional access system (J.1002) J.170 - IPCablecom component reference model
ITU-T SG13Security Recommendations • Next Generation Network security: • NGN security (Y.2701, Y.2702, Y.2703, Y.2704) • Secure mobile financial transactions in next generation networks (Y.2740, Y.2741) • Mobility security framework in NGN (Y.2760) • Requirements for deep packet inspection in next generation networks (Y.2770)
ITU-T SG13 (cnt’d)Security Recommendations • NGN Identity management (Y.2720, Y.2721, Y.2722). • Support for OAuth in NGN (draft Y.2723, Y.NGN-OAuth) • Framework for NGN support and use of OpenID and Oauth (Draft Y.2724, Y.NGN-OOF) • Emergency Telecommunications Service security requirements (Y.2705)
ITU-T SG15Security Recommendations • Optical safety procedures & requirements for optical transport systems (ITU-T G.664) • Generic protection switching: Linear trail and subnetwork protection, ring protection, Shared mesh protection (G.808.1, G.808.2, G.808.3) • SDH network protection architectures (G.841, G.842 • Linear, ring protection in Optical Transport Network (OTN) (G.873.1, G.873.2) • Ethernet linear, ring protection switching (G.8031/Y.1342, G.8032/Y.1344) • MPLS-TP linear protection (G.8131/ Y.1382)
ITU-T SG16Security Recommendations • Security capabilities for use with Group 3 facsimile terminals (T.36) • Confidentiality and key management for ISDN audio visual (H.233, H.234) • Security for H.323: (H.235.x) • Network Address Translation for H.323 (H.460.18, H.460.19) • Secure JPEG 2000 (T.807) NAT/FW traversal in ITU-T H.460.18 architecture
ITU-T SG16 (cnt’d)Security Recommendations Security in ITU-T H.323 as provided by ITU-T H.235
SG17 mandate established by World Telecommunication Standardization Assembly (WTSA-12) WTSA-12 decided the following for Study Group 17: • Title: Security Responsible for building confidence and security in the use of information and communication technologies (ICTs). This includes studies relating to cybersecurity, security management, countering spam and identity management. It also includes security architecture and framework, protection of personally identifiable information, and security of applications and services for the Internet of things, smart grid, smartphone, IPTV, web services, social network, cloud computing, mobile financial system and telebiometrics. Also responsible for the application of open system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems, and for conformance testing to improve quality of Recommendations. • Lead Study Group for: • Security • Identity management • Languages and description techniques • Responsible for specific E, F, X and Z series Recommendations • Responsible for 12 Questions
Study Group 17 Overview • Primary focus is to build confidence and security in the use of Information and Communication Technologies (ICTs) • Meets twice a year. Last meeting had 131 participants from 22 Member States, 12 Sector Members and 5 Associates. • As of 14 October 2013, SG17 is responsible for 330 approved Recommendations, 18 approved Supplements and 3 approved Implementer’s Guides in the E, F, X and Z series. • Large program of work: • 12 new work items added to work program in 2013 • September 2013 meeting: approved 1 Recommendations, and 1 Amendment; 6 Recommendations and one Corrigendum in TAP • 89 new or revised Recommendations and other texts are under development for approval in January 2014 or later • Work organized into 5 Working Parties with 12 Questions • 7 Correspondence groups operating, • See SG17 web page for more informationhttp://itu.int/ITU-T/studygroups/com17
SG17, Security Study Group 17 WP 1/17 Fundamental security WP 2/17 Network and information security WP 3/17 IdM + Cloud Computing Security WP 4/17 Application security WP 5/17 Formal languages Q6/17 Ubiquitousservices Q1/17 Telecom./ICT security coordination Q8/17 Cloud Computing Security Q11/17 Directory, PKI, PMI, ODP, ASN.1, OID, OSI Q4/17 Cybersecurity Q2/17 Security architecture and framework Q5/17 Countering spam Q10/17 IdM Q7/17 Applications Q12/17 Languages + Testing Q9/17 Telebiometrics Q3/17 ISM
SG17, Working Party Structure • WP 1 “Fundamental security” Chairman: Koji NAKAO • Q1/17 Telecommunication/ICT security coordination • Q2/17 Security architecture and framework • Q3/17 Telecommunication information security management • WP 2 “Network and information security” Chairman: Sacid SARIKAYA • Q4/17 Cybersecurity • Q5/17 Countering spam by technical means • WP 3 “Identity management and cloud computing security” Chairman: Heung Youl YOUM • Q10/17 Identity management architecture and mechanisms • Q8/17 Cloud computing security • WP 4 “Application security” Chairman: Antonio GUIMARAES • Q6/17 Security aspects of ubiquitous telecommunication services • Q7/17 Secure application services • Q9/17 Telebiometrics • WP 5 “Formal languages”Chairman: George LIN • Q11/17 Generic technologies to support secure applications • Q12/17 Formal languages for telecommunication software and testing
Study Group 17 is the Lead Study Group on:●Security● Identity management (IdM)● Languages and description techniques • A study group may be designated by WTSA or TSAG as the lead study group for ITU‑T studies forming a defined programme of work involving a number of study groups. • This lead study group is responsible for the study of the appropriate core Questions. • In addition, in consultation with the relevant study groups and in collaboration, where appropriate, with other standards bodies, the lead study group has the responsibility to define and maintain the overall frameworkand to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations. * Extracted from WTSA-12 Resolution 1
SG17 is “Parent” for Joint Coordination Activities (JCAs) on:● Identity management● Child online protection • A joint coordination activity (JCA) is a tool for management of the work programme of ITU-T when there is a need to address a broad subject covering the area of competence of more than one study group. A JCA may help to coordinate the planned work effort in terms of subject matter, time-frames for meetings, collocated meetings where necessary and publication goals including, where appropriate, release planning of the resulting Recommendations. • The establishment of a JCA aims mainly at improving coordination and planning. The work itself will continue to be conducted by the relevant study groups and the results are subject to the normal approval processes within each study group.A JCA may identify technical and strategic issues within the scope of its coordination role, but will not perform technical studies nor write Recommendations. A JCA may also address coordination of activities with recognized standards development organizations (SDOs) and forums, including periodic discussion of work plans and schedules of deliverables. The study groups take JCA suggestions into consideration as they carry out their work. * Extracted from Recommendation ITU-T A.1
ITU-T Joint Coordination Activity on Identity Management (JCA-IdM) • Coordinates of the ITU-T identity management (IdM) work. • Ensures that the ITU-T IdM work is progressed in a well-coordinated way between study groups, in particular with SG2, SG13 and SG17. • Analyzes IdM standardization items and coordinates an associated roadmap with ITU-T Q10/17. • Acts as a point of contact within ITU-T and with other SDOs/Fora on IdM in order to avoid duplication of work and assist in implementing the IdM tasks assigned by WTSA-12 Resolution 2 and in implementing GSC-16 Resolution 4 on identity management. • In carrying out the JCA-IdM’s external collaboration role, representatives from other relevant recognized SDOs/Fora and regional/national organizations may be invited to join the JCA-IdM. • Maintains IdM roadmap and landscape document/WIKI. • JCA-COP co-chairmen: • Mr. Jon Shamah, United Kingdom, • Mr. Hiroshi Takechi, LAC Co., Ltd, Japan.
ITU-T Joint Coordination Activity on Child Online Protection (JCA-COP) • Purpose and objectives: • co-ordinates activity on COP across ITU-T study groups, in particular Study Groups 2, 9, 13, 15, 16 and 17, and coordinates with ITU-R, ITU-D and the Council Working Group on Child Online Protection • provides a visible contact point for COP in ITU-T. • cooperates with external bodies working in the field of COP, and enables effective two-way communication with these bodies • Tasks: • Maintain a list of representatives for COP in each study group • Exchange information relevant to COP between all stakeholders. • Promote a coordinated approach towards any identified and necessary areas of standardization • Address coordination of activity with relevant SDOs and forums, including periodic discussion of work plans and schedules of deliverables on COP (if any) • JCA-COP co-chairmen: • Ms Ashley Heineman, United States, • Mr Philip Rushton, United Kingdom.
SG 17 Lead Study Group roles - Coordination & Collaboration 3 Lead Study Group responsibilities: Security, Identity management, and Languages and description techniques Joint Coordination Activity on Identity Management (JCA-IdM) Joint Coordination Activity on Child Online Protection (JCA-COP) The two JCAs will run in conjunction with ITU-T SG17 meeting(15 – 24 January 2014)
ITU-T SG17Security Recommendations • Security architecture: • OSI security architecture (X.800) • OSI security models (X.802, X.803, X.830, X.831, X.832, X.833, X.834, X.835) • OSI security frameworks for open systems (X.810, X.811, X.812, X.813, X.814, X.815, X.816, X.841) • Security architecture for systems providing end-to-end communications (X.805) • Security architecture aspects (X.1031, X.1032) • IP-based telecommunication network security system (TNSS) (X.1032) Security architectural elements in Recommendation ITU-T X.805
ITU-T SG17 (cnt’d)Security Recommendations • Fast infoset security (X.893) • Public Key Infrastructure and Trusted Third Party Services: • Public-key and attribute certificate frameworks (X.509) • Guidelines for the use of Trusted Third Party services (X.842) • Specification of TTP services to support the application of digital signatures (X.843)
ITU-T SG17 (cnt’d)Security Recommendations • Security protocols: • EAP guideline (X.1034) • Password authenticated key exchange protocol (X.1035) • Technical security guideline on deploying IPv6 (X.1037) • Guideline on secure password-based authentication protocol with key exchange (X.1151) • Secure end-to-end data communication techniques using trusted third party services (X.1152) • Management framework of a one time password-based authentication service (X.1153) • General framework of combined authentication on multiple identity service provider environments (X.1154) • Non-repudiation framework based on a one time password (X.1156) • OSI Network + transport layer security protocol (X.273, X.274)
ITU-T SG17 (cnt’d)Security Recommendations • Information Security Management: • Information Security Management System (X.1051, X.1052) • Governance of information security (X.1054) • Risk management and risk profile guidelines (X.1055) • Security incident management guidelines (X.1056) • Asset management guidelines (X.1057) X.1055 - Risk management process X.1052 - Information Security Management X.1057 - Asset management process
ITU-T SG17 (cnt’d)Security Recommendations • Incident organization and security incident handling: Guidelines for telecommunication organizations (E.409) X.1056 - Five high-level incident management processes E.409 - pyramid of events and incidents
ITU-T SG17 (cnt’d)Security Recommendations • Telebiometrics: • e-Health generic telecommunication protocol (X.1081.1) • telebiometric multimodal framework model (X.1081) • BioAPI interworking protocol (X.1083) • General biometric authentication protocol (X.1084, X.1088) • Telebiometrics authentication infrastructure (X.1089) Telebiometric authenticationof an end user Biometric-key generation
ITU-T SG17 (cnt’d)Security Recommendations • Multicast security requirements (X.1101) • Home network security (X.1111, X.1112, X.1113, X.1114) X.1113 - Authentication service flows for the home network
ITU-T SG17 (cnt’d)Security Recommendations • Secure mobile systems (X.1121, X.1122, X.1123, X.1124, X.1125) X.1121 - Threats in the mobile end-to-end communications
ITU-T SG17 (cnt’d)Security Recommendations • Peer-to-peer security (X.1161, X.1162, X.1164) • IPTV security and content protection (X.1191-X.1198) X.1191 - General security architecture for IPTV
ITU-T SG17 (cnt’d)Security Recommendations • Web Security: • Security Assertion Markup Language (X.1141) • eXtensible Access Control Markup Language (X.1142, X.1144) • Security architecture for message security in mobile web services (X.1143) X.1141 - Basic template for achieving SSO
ITU-T SG17 (cnt’d)Security Recommendations • Networked ID security: • Threats and requirements for protection of personally identifiable information in applications using tag-based identification (X.1171) X.1171 - PII infringement through information leakage X.1171 - General PII protection service (PPS) service flow
ITU-T SG17 (cnt’d)Security Recommendations • Ubiquitous sensor network security: • Information technology – Security framework for ubiquitous sensor networks (X.1311) • Ubiquitous sensor network middleware security guidelines (X.1312) • Security requirements for wireless sensor network routing (X.1313) X.1311 - Security model for USN X.1312 - Security functionsfor USN middleware
ITU-T SG17 (cnt’d)Security Recommendations • Incident organization and security incident handling: Guidelines for telecommunication organizations (E.409) • Cloud computing security: • Security framework for cloud computing (draft X.1600 , X.ccsec) E.409 - pyramid of events and incidents
ITU-T SG17 (cnt’d)Security Recommendations • CYBERSPACE SECURITY – Cybersecurity: • Overview of cybersecurity (X.1205) • A vendor-neutral framework for automatic notification of security related information and dissemination of updates (X.1206) • Guidelines for telecommunication service providers for addressing the risk of spyware and potentially unwanted software (X.1207) • A cybersecurity indicator of risk to enhance confidence and security in the use of telecommunication/information and communication technology (draft X.1208, X.csi) • Capabilities and their context scenarios for cybersecurity information sharing and exchange (X.1209) • Overview of source-based security troubleshooting mechanisms for Internet protocol-based networks (draft X.1210 , X.trm) • Emergency communications: • Common alerting protocol (CAP 1.1) (X.1303)
ITU-T SG17 (cnt’d)Security Recommendations • CYBERSECURITY INFORMATION EXCHANGE (CYBEX): • Overview of cybersecurity information exchange (X.1500) • Procedures for the registration of arcs under the object identifier arc for cybersecurity information exchange (X.1500.1) • Common vulnerabilities and exposures (X.1520) X.1500 - CYBEX model
ITU-T SG17 (cnt’d)Security Recommendations • CYBEX vulnerability/state exchange: • Common vulnerability scoring system (X.1521) • Common weakness enumeration (X.1524) • Open vulnerability and assessment language (X.1526) • Common platform enumeration (X.1528.x) X.1521 - CVSS metric groups
ITU-T SG17 (cnt’d)Security Recommendations • CYBEX event/incident/heuristics exchange: • Incident object description exchange format (X.1541) • Common attack pattern enumeration and classification (X.1544) • Malware attribute enumeration and classification (X.1546 , X.maec)
ITU-T SG17 (cnt’d)Security Recommendations • CYBEX identification and discovery: • Discovery mechanisms in the exchange of cybersecurity information (X.1570) X.1570 - Cybersecurity operational information ontology
ITU-T SG17 (cnt’d)Security Recommendations • CYBEX event/incident/heuristics exchange: • Incident object description exchange format (X.1541) • Common attack pattern enumeration and classification (X.1544) • Malware attribute enumeration and classification (X.1546 , X.maec) • CYBEX identification and discovery: • Discovery mechanisms in the exchange of cybersecurity information (X.1570) • CYBEX assured exchange: • Real-time inter-network defence (X.1580) • Transport of real-time inter-network defence messages (X.1581) • Transport protocols supporting cybersecurity information exchange (Draft X.1582, X.cybex-tp)
ITU-T SG17 (cnt’d)Security Recommendations • Countering spam: • Technical strategies for countering spam (X.1231) • Technologies involved in countering email spam (X.1240) • Technical framework for countering email spam (X.1241) • Short message service (SMS) spam filtering system based on user-specified rules (X.1242) • Interactive gateway system for countering spam (X.1243) • Overall aspects of countering spam in IP-based multimedia applications (X.1244) • Framework for countering spam in IP-based multimedia applications (X.1245) Note: These Recommendations do not address the content-related aspects of telecommunications (ref. ITR 2012).
ITU-T SG17 (cnt’d)Security Recommendations X.1241 - General structure ofe-mail anti-spam processing domain X.1231 - General modelfor countering spam X.1245 - Framework for countering IP media spam
ITU-T SG17 (cnt’d)Security Recommendations • Identity management (IdM): • Baseline capabilities for enhanced global identity management and interoperability (X.1250) • A framework for user control of digital identity (X.1251) • Baseline identity management terms and definitions (X.1252) • Security guidelines for identity management systems (X.1253) • Entity authentication assurance framework (X.1254) • Framework for discovery of identity management information (X.1255) • Guidelines on protection of personally identifiable information in the application of RFID technology (X.1275)
ITU-T SG17 (cnt’d)Security Recommendations X.1254 - Overview of the entity authentication assurance framework X.1254 - Levels of assurance
Security Project • Security Coordination • Coordinate security matters within SG17, with ITU-T SGs, ITU-D and externally with other SDOs • Maintain reference information on LSG security webpage • ICT Security Standards Roadmap • Searchable database of approved ICT security standards from ITU-T, ISO/IEC, ETSI and others • Security Compendium • Catalogue of approved security-related Recommendations and security definitions extracted from approved Recommendations • ITU-T Security Manual • 5th edition published in 2013
Question 1/17Telecommunication/ICT security coordination • Security Coordination • Coordinate security matters within SG17, with ITU-T SGs, ITU-D, ITU-R and externally with other SDOs • Maintain reference information on LSG security webpage • ICT Security Standards Roadmap • Searchable database of approved ICT security standards from ITU-T, ISO/IEC, ETSI and others • Security Compendium • Catalogue of approved security-related Recommendations and security definitions extracted from approved Recommendations • ITU-T Security Manual • 5th edition was published in January 2013 • Promotion (ITU-T security work and attract participation) • Security Workshops
Question 1/17 (cnt’d)Telecommunication/ICT security coordination • SG17 Strategic Plan / Vision for SG17 • Internal SG17 Coordination • SDN security • Future Network security • Verification process for cryptographic protocols • Terminology issues that impact users of Recommendations • References in Recommendations to withdrawn standards • Guidelines for correspondence groups • Regional and sub-regional coordinators for SG17 • Actions/achievements in support of WTSA, PP, WTDC Resolutions • Bridging the standardization gap • Rapporteur: Mohamed M.K. ELHAJ
Question 2/17Security Architecture and Framework • Responsible for general security architecture and framework for telecommunication systems • 2 Recommendations and 4 Supplements approved in last study period • 1 Recommendation approved in this study period • Recommendations currently under study include: • X.gsiiso, Guidelines on security of the individual information service for operators • X.mgv6, Supplement to ITU-T X.1037 – Supplement on security management guideline for implementation of IPv6 environment in telecommunications organizations • Relationships with ISO/IEC JTC 1 SCs 27 and 37, IEC TC 25, ISO TC 12, IETF, ATIS, ETSI, 3GPP, 3GPP2 • Rapporteur: Patrick MWESIGWA
Question 3/17Telecommunication information security management • Responsible for information security management - X.1051, etc. • 5 Recommendations approved in last study period • Developing specific guidelines including: • X.1051rev, Information technology – Security techniques – Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 • X.gpim, Guideline for management of personally identifiable information for telecommunication organizations. • X.sgsm, Information security management guidelines for small and medium telecommunication organizations • X.sup1056, Supplement to ITU-T X.1056 – Related Recommendations, International Standards and documents for security incident management • Close collaboration with ISO/IEC JTC 1/SC 27 • Rapporteur: Miho NAGANUMA
Question 4/17 Cybersecurity • Cybersecurity by design no longer possible; a new paradigm: • know your weaknesses minimize the vulnerabilities • know your attacks share the heuristics within trust communities • Current work program (17 Recommendations under development) • X.1500 suite: Cybersecurity Information Exchange (CYBEX) – non-prescriptive, extensible, complementary techniques for the new paradigm • Weakness, vulnerability and state • Event, incident, and heuristics • Information exchange policy • Identification, discovery, and query • Identity assurance • Exchange protocols • Non-CYBEX deliverables include compendiums and guidelines for • Abnormal traffic detection • Botnet mitigation • Attack source attribution (including traceback) • Extensive relationships with many external bodies • Rapporteur: Youki KADOBAYASHI
Question 4/17 (cnt’d)Cybersecurity • 16 Recommendations and 3 Supplements approved in last study period • 2 Recommendations and 2 Supplements approved in this study period • Recommendations in TAP approval process • X.1208 (X.csi), A cybersecurity indicator of risk to enhance confidence and security in the use of telecommunication/information and communication technology • X.1210 ( X.trm), Overview of source-based security troubleshooting mechanisms for Internet protocol-based networks • X.1520rev, Common vulnerabilities and exposures • X.1526rev (X.oval), Open vulnerability and assessment language • X.1546 (X.maec), Malware attribute enumeration and characterization • X.1582 (X.cybex-tp), Transport protocols supporting cybersecurity information exchange For approval For approval For approval For approval For approval For approval
Question 4/17 (cnt’d)Cybersecurity For agreement • Recommendations on CYBEX currently under study include: • X.1500 Amd.5, Overview of cybersecurity information exchange – Amendment 5 - Revised structured cybersecurity information exchange techniques • X.cee, Common event expression • X.cee.1, CEE overview • X.cee.2, CEE profile • X.cee.3,CEE common log syntax (CLS) • X.cee.4, CEE common log transport (CLT) requirements • X.csmc,An iterative model for cybersecurity operation using CYBEX techniques • X.cwss, Common weakness scoring system • X.cybex-beep,Use of BEEP for cybersecurity information exchange • Recommendations (non-CYBEX) currently under study include: • X.cap, Common alerting protocol (CAP 1.2) • X.eipwa,Guideline on techniques for preventing web-based attacks For determ. For consent For determ