View
213
Download
1
Category
Preview:
Citation preview
ITU-T Study Group 17 Security
An overview for newcomers
Arkadiy KremerFebruary 2012
Contents
Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on
ICT security World Telecommunications Standardization
Assembly (WTSA-08) mandate for Study Group 17 Study Group 17 overview Security Coordination Future meetings Useful references
2/51
Importance of ICT security standardization (1/4)
National laws are oftentimes inadequate to protect against attacks.
They are insufficient from the timing perspective(i.e. laws cannot keep up with the pace of technological change),and, since attacks are often transnational, national laws may well be inapplicable anyway.
What this means is that the defenses must be largely technical, procedural and administrative; i.e. those that can be addressed in standards.
The development of standards in an open forum that comprises international specialists from a wide variety of environments and backgrounds provides the best possible opportunity to ensure relevant, complete and effective standards.
SG 17 provides the environment in which such standards can be, and are being, developed.
3/51
Importance of ICT security standardization (2/4)
The primary challenges are the time it takes to develop a standard (compared to the speed of technological change and the emergence of new threats) and the shortage of skilled and available resources.
We must work quickly to respond to the rapidly-evolving technical and threat environment but we must also ensure that the standards we produce are given sufficient consideration and review to ensure that they are complete and effective.
We must recognize and respect the differences in developing countries respective environments: their telecom infrastructures may be at different levels of development from those of the developed countries; their ability to participate in, and contribute directly to the security standards work may be limited by economic and other considerations; and their needs and priorities may be quite different.
4/51
Importance of ICT security standardization (3/4)
ITU-T can help the developing countries by fostering awareness of the work we are doing (and why we are doing it), by encouraging participation in the work particularly via the electronic communication facilities now being used (e.g. web based meetings and teleconferencing), and, most particularly, by encouraging the members from the developing countries to articulate their concerns and priorities regarding the ICT security.
The members from the developed nations should not confuse their own needs with those of the developing countries, nor should they make assumptions about what the needs and priorities of the developing countries may be.
5/51
Importance of ICT security standardization (4/4)
For on-going credibility, we need performance measures that provide some indication of the effectiveness of our standards. In the past there has been too much focus on quantity (i.e. how many standards are produced) than on the quality and effectiveness of the work.
Going forward, we really need to know which standards are being used (and which are not being used), how widely they are used, and how effective they are.
This is not going to be easy to determine but it would do much more to the ITU-T’s credibility if it could demonstrate the value and effectiveness of standards that have been developed rather than simply saying “we produced X number of standards”.
The number of standards produced is irrelevant: what counts is the impact they have.
6/51
Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on
ICT security World Telecommunications Standardization
Assembly (WTSA-08) mandate for Study Group 17 Study Group 17 overview Security Coordination Future meetings Useful references
7/51
ITU Plenipotentiary Conference 2010
Strengthened the role of ITU in ICT security: Strengthening the role of ITU in building confidence and security in
the use of information and communication technologies (Res. 130) The use of telecommunications/information and communication
technologies for monitoring and management in emergency and disaster situations for early warning, prevention, mitigation and relief (Res. 136).
ITU's role with regard to international public policy issues relating to the risk of illicit use of information and communication technologies (Res. 174)
ITU role in organizing the work on technical aspects of telecommunication networks to support the Internet (Res. 178)
ITU's role in child online protection (Res. 179) Definitions and terminology relating to building confidence and
security in the use of information and communication technologies (Res. 181)
8/51
Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on
ICT security World Telecommunications Standardization
Assembly (WTSA-08) mandate for Study Group 17 Study Group 17 overview Security Coordination Future meetings Useful references
9/51
SG 17 mandate established by World Telecommunication Standardization Assembly (WTSA-08)
WTSA-08 decided the following for Study Group 17:Title: SecurityResponsible for: studies relating to security including cybersecurity, countering spam and identity management. Also responsible for the application of open system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems.Lead Study Group for:
– Telecommunication security– Identity management– Languages and description techniques
Responsible for specific E, F, X and Z series RecommendationsResponsible for 15 QuestionsChairman: Arkadiy KremerVice chairmen: Jianyong Chen, Mohamed M.K. Elhaj, Antonio Guimaraes, Patrick Mwesigwa, Koji Nakao, Heung Youl Youm
10/51
Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on
ICT security World Telecommunications Standardization
Assembly (WTSA-08) mandate for Study Group 17 Study Group 17 overview Security Coordination Future meetings Useful references
11/51
Study Group 17 Overview Primary focus is to build confidence and security in the use of
Information and Communication Technologies (ICTs) Meets twice a year. Last meeting had 171 participants from 21
Member States, 20 Sector Members and 7 Associates. As of 16 October 2011, SG 17 is responsible for 279 approved
Recommendations, 11 approved Supplements and 3 approved Implementer’s Guides in the E, F, X and Z series.
Large program of work:• 23 new work items added to work program in 2011• 33 Recommendations, 22 Corrigenda and 3 Supplements
approved or entered approval process in 2011• 143 new or revised Recommendations and other texts are
under development for approval in 2012 or later Work organized into 3 Working Parties with 15 Questions
5 Correspondence groups See SG 17 web page for more information
http://itu.int/ITU-T/studygroups/com17 12/51
SG 17, Security
WP 1 WP 2 WP 3Netw
ork
an
d in
form
ati
on
se
curi
ty
Ap
plic
ati
on
se
curi
ty
Iden
tity
man
ag
em
en
t an
d
lan
gu
ag
es
Q10 IdM
Q12 ASN.1, OID
Q13 Languages
Q14 Testing
Q15 OSI
Q8 SOA
Q9 Telebiometrics
Q7 Applications
Q6Ubiquitousservices
SecurityprojectQ1
Q2 Architecture
Q3 ISM
Q4 Cybersecurity
Q5Counteringspam
Working Party 1 Working Party 2 Working Party 3
Q11 Directory, PKI and PMI
13/51
Study Group 17 is the Lead Study Group on:● Telecommunication security● Identity management (IdM)
● Languages and description techniques
A study group may be designated by WTSA or TSAG as the lead study group for ITU T studies forming a defined programme of work involving a ‑number of study groups.
This lead study group is responsible for the study of the appropriate core Questions.
In addition, in consultation with the relevant study groups and in collaboration, where appropriate, with other standards bodies, the lead study group has the responsibility to define and maintain the overall framework and to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations.
* Extracted from WTSA-08 Resolution 114/51
SG 17 is “Parent” for Joint Coordination Activities (JCAs) on:● Identity management
● Conformance & interoperability testing A joint coordination activity (JCA) is a tool for management of the work
programme of ITU-T when there is a need to address a broad subject covering the area of competence of more than one study group. A JCA may help to coordinate the planned work effort in terms of subject matter, time-frames for meetings, collocated meetings where necessary and publication goals including, where appropriate, release planning of the resulting Recommendations.
The establishment of a JCA aims mainly at improving coordination and planning. The work itself will continue to be conducted by the relevant study groups and the results are subject to the normal approval processes within each study group. A JCA may identify technical and strategic issues within the scope of its coordination role, but will not perform technical studies nor write Recommendations. A JCA may also address coordination of activities with recognized standards development organizations (SDOs) and forums, including periodic discussion of work plans and schedules of deliverables. The study groups take JCA suggestions into consideration as they carry out their work.
* Extracted from Recommendation ITU-T A.1 15/51
Additional Security Work
Cloud Computing Security• Expected transfer in early 2012 of security work from ITU-T
Focus Group on Cloud Computing to SG 17• Smart Grid Security
• Expected transfer in early 2012 of security work from ITU-T Focus Group on Smart Grid to SG 17
• Child Online Protection• Correspondence group currently looking at what aspects
are appropriate given SG 17 mandate and area of expertise• MoU UNODC-ITU
• ITU-T Secretary General signed MoU with United Nations Office on Drugs and Crime (UNODC) – Role of SG 17 needs further consideration
SG 17 has prepared first draft of 17 proposed Questions for the 2013-2016 study period 16/51
Working Party 1/17Network and information security
Q1 Telecommunications systems security project
Q2 Security architecture and framework
Q3 Telecommunications information security management
Q4 Cybersecurity
Q5 Countering spam by technical means
Chairman: Koji Nakao
17/51
Question 1/17Telecommunications systems security project
Security Coordination• Coordinate security matters within SG 17, with ITU-T SGs,
ITU-D and externally with other SDOs• Maintain reference information on LSG security webpage
ICT Security Standards Roadmap• Searchable database of approved ICT security standards
from ITU-T, ISO/IEC, ETSI and others Security Compendium
• Catalogue of approved security-related Recommendations and security definitions extracted from approved Recommendations
ITU-T Security Manual • 4th edition published in 4Q/2009; 5th edition planned for 2012
Bridging the standardization gap
18/51
Question 1/17 (cnt’d)Telecommunications systems security project
Security standardization strategy – Define a top-down approach to complement the contribution-driven work• to ensure the continued relevance of security standards by
keeping them current with rapidly-developing technologies and operators’ trends (in e-commerce, e-payments, e-banking, telemedicine, fraud-monitoring, fraud-management, fraud identification, digital identity, infrastructure creation, billing systems, IPTV, Video-on-demand, grid network computing, ubiquitous networks, etc.)
• to follow-up on considerable attention recently given to trust between network providers and communication infrastructure vendors, in particular for communication hardware and software security, issues of how trust can be established and/or enhanced would need to be considered
Rapporteur: Antonio Guimaraes
19/51
Question 2/17Security Architecture and Framework
Responsible for general security architecture and framework for telecommunication systems
Recommendation in approval process:• X.1037, Architectural systems for security controls for preventing
fraudulent activities in public carrier networks Recommendations currently under study include:
• X.gsiiso, Guidelines on security of the individual information service for operators
• X.ncns-1, National IP-based Public Networks Security Center for Developing Countries
• X.ipv6-secguide, Technical guideline on deploying IPv6• X.hns, Heterarchic for secure distributed services networks
25 Recommendations and 2 Supplements approved Relationships with ISO/IEC JTC 1 SCs 27 and 37, IEC TC 25, ISO
TC 12, IETF, ATIS, ETSI, 3GPP, 3GPP2 Rapporteur: Patrick Mwesigwa
20/51
Question 3/17Telecommunications information security management
Responsible for information security management - X.1051, etc. Recommendations approved May 2011:
• X.1052, Information security management framework• X.1057, Asset management guidelines in telecommunication organizations
Developing specific guidelines including: • X.gpim, Guideline for management of personally
identifiable information for telecommunication org.• X.isgf, Governance of information security (w/SC 27)• X.sgsm, Security management guidelines for small
and medium-sized telecommunication organizations• X.mgv6, Security management guideline for
implementation of IPv6 environment• Supplement - User guide for X.1051• Information security incident management for developing countries
Close collaboration with ISO/IEC JTC 1/SC 27 Rapporteur: Miho Naganuma
21/51
Question 4/17 Cybersecurity
Cybersecurity by design no longer possible; a new paradigm:• know your weaknesses minimize the vulnerabilities• know your attacks share the heuristics within trust communities
Current work program (28 Recommendations under development) X.1500 suite: Cybersecurity Information Exchange (CYBEX) – non-
prescriptive, extensible, complementary techniques for the new paradigm • Weakness, vulnerability and state • Event, incident, and heuristics• Information exchange policy• Identification, discovery, and query • Identity assurance • Exchange protocols
Non-CYBEX deliverables include compendiums and guidelines for• SIP server protection• Abnormal traffic detection• Botnet mitigation• Attack source attribution (including traceback)• Trusted standards availability
• Extensive relationships with many external bodies 22/51
Question 4/17 (cnt’d)Cybersecurity
Key achievements• X.1205, Overview of cybersecurity • X.1206, A vendor-neutral framework for automatic notification of security related
information and dissemination of updates • X.1207, Guidelines for telecommunication service providers for addressing the risk
of spyware and potentially unwanted software • X.1209, Capabilities and their context scenarios for cybersecurity information
sharing and exchange• X.1303, Common alerting protocol• X.1500, Overview of cybersecurity information exchange (CYBEX)• X.1520, Common vulnerabilities and exposures (CVE)• X.1521, Common vulnerability scoring system (CVSS)• X.1570, Discovery mechanisms in the exchange of cybersecurity information• X.Sup.8, Supplement on best practices against botnet threats• X.Sup.9, Guidelines for reducing malware in ICT networks• X.Sup.10, Usability of network traceback
Recommendations in approval process• X.1500.1, Procedures for the registration of arcs under OID arc for CYBEX• X.1524, Common weakness enumeration (CWE)• X.1541, Incident object description exchange format
Rapporteur: Anthony Rutkowski 23/51
Question 5/17Countering spam by technical means
Lead group in ITU-T on countering spam by technical means in support of WTSA-08 Resolution 52 (Countering and combating spam)
7 Recommendations and 2 Supplements approved. 3 draft texts under development (see structure in next slide):• X.oacms, Overall aspects of countering messaging spam in mobile
networks• X.ticvs, Technologies involved in countering voice spam in
telecommunication organizations• Supplement, Functions and interfaces for countering e-mail spam using
botnet information Effective cooperation with ITU-D, IETF, ISO/IEC JTC 1, 3GPP,
OECD, MAAWG , ENISA and other organizations Rapporteur: Hongwei Luo
24/51
Question 5/17 (cnt’d)Countering spam by technical means
25/51
Working Party 2/17Application Security
Chairman: Heung Youl Youm
Q8 Service oriented architecture security
Q9 Telebiometrics
Q7 Secure application services
Q6 Security aspects of ubiquitous telecommunication services
26/51
Question 6/17Security aspects of ubiquitous telecommunication services
Multicast security• X.1101, Security requirements and framework for multicast communication
Home network security• X.1111, Framework for security technologies for home network• X.1112, Device certificate profile for the home network• X.1113, Guideline on user authentication mechanism for home network services• X.1114, Authorization framework for home network
Mobile security• X.1121, Framework of security technologies for mobile end-to-end data communications • X.1122, Guideline for implementing secure mobile systems based on PKI • X.1123, Differentiated security service for secure mobile end-to-end data communication • X.1124, Authentication architecture for mobile end-to-end data communication • X.1125, Correlative reacting system in mobile data communication • X.msec-5, Security requirements and mechanism for reconfiguration of mobile device with
multiple communication interfaces • X.msec-6, Security aspects of mobile phones
Networked ID security X.1171, Threats and requirements for protection of personally identifiable information in
applications using tag-based identification X.1175, Guidelines on protection of personally identifiable information in the application of
RFID technology27/51
Question 6/17 (cnt’d)Security aspects of ubiquitous telecommunication services
IPTV security• X.1191, Functional requirements and architecture for IPTV security aspects• X.1192, Functional requirements and mechanisms for secure transcodable scheme of IPTV• X.1193, Key management framework for secure IPTV services• X.1195, Service and content protection (SCP) interoperability scheme• X.iptvsec-4, Algorithm selection scheme for service and content protection (SCP)
descrambling• X.iptvsec-6, Framework for the downloadable service and content protection (SCP) system in
the mobile IPTV environment• X.iptvsec-7, Guidelines on criteria for selecting cryptographic algorithms for the IPTV service
and content protection (SCP)• X.iptvsec-8, Virtual machine-based security platform for renewable service and content
protection (SCP)• Ubiquitous sensor network security
• X.1311, Information technology – Security framework for ubiquitous sensor network (w/SC 6)• X.1312, Ubiquitous sensor network (USN) middleware security guidelines• X.usnsec-3, Secure routing mechanisms for wireless sensor network• X.unsec-1, Security requirements and framework of ubiquitous networking
Close relationship with JCA-IPTV and ISO/IEC JTC 1/SC 6/WG 7 Rapporteur: Jonghyun Baek
28/51
Question 7/17Secure application services
Web security• X.1141, Security Assertion Markup Language (SAML 2.0)• X.1142, eXtensible Access Control Markup Language (XACML 2.0)• X.1143, Security architecture for message security in mobile web services• X.websec-4, Security framework for enhanced web based telecommunication services
Security protocols• X.1151, Guideline on secure password-based authentication protocol with key exchange• X.1152, Secure end-to-end data communication techniques using trusted third party services• X.1153, A management framework of an one time password-based authentication service• X.sap-4, The general framework of combined authentication on multiple identity service
provider environment• X.sap-5, Guideline on anonymous authentication for e-commerce service• X.sap-6, An One Time Password-based non-repudiation framework• X.sap-7, The requirements of fraud detection and response services for sensitive Information
Communication Technology Peer-to-peer security
• X.1161, Framework for secure peer-to-peer communications • X.1162, Security architecture and operations for peer-to-peer networks• X.p2p-3, Security requirements and mechanisms of peer-to-peer-based telecommunication
network• X.p2p-4, Use of service providers’ user authentication infrastructure to implement PKI for peer-
to-peer networks Relationships include: OASIS, OMA, W3C, ISO/IEC JTC 1/SC 27, Kantara Initiative Rapporteur: Jae Hoon Nah 29/51
Question 8/17Service oriented architecture security
Current focus:• Security aspects of cloud computing
- X.ccsec, Security guideline for cloud computing in telecommunication area
- X.srfctse, Security requirements and framework of cloud based telecommunication service environment
• Security aspects of service oriented architecture - X.fsspvn, Framework of the secure service platform for
virtual network - X.sfcsc, Security functional requirements for software as a
service (SaaS) application environment Working closely with FG on Cloud computing Rapporteur: Liang Wei
30/51
Question 9/17Telebiometrics
Current focus:• Security requirements and guidelines for applications of telebiometrics• Requirements for evaluating security, conformance and interoperability with
privacy protection techniques for applications of telebiometrics• Requirements for telebiometric applications in a high functionality network• Requirements for telebiometric multi-factor authentication techniques based on
biometric data protection and biometric encryption• Requirements for appropriate generic protocols providing safety, security, privacy
protection, and consent “for manipulating biometric data” in applications of telebiometrics, e.g., e-health, telemedicine
Approved Recommendations• X.1080.1, e-Health and world-wide telemedicines - Generic telecommunication
protocol• X.1081, The telebiometric multimodal model – A framework for the specification of
security and safety aspects of telebiometrics• X.1082, Telebiometrics related to human physiology• X.1083, Information technology – Biometrics – BioAPI interworking protocol (w/SC 37)• X.1084, Telebiometrics system mechanism – Part 1: General biometric authentication
protocol and system model profiles for telecommunications systems• X.1086, Telebiometrics protection procedures – Part 1: A guideline to technical and
managerial countermeasures for biometric data security 31/51
Question 9/17 (cnt’d)Telebiometrics
Approved Recommendations (continued)• X.1088, Telebiometrics digital key framework (TDK) – A framework for biometric digital
key generation and protection• X.1089, Telebiometrics authentication infrastructure (TAI)• X.1090, Authentication framework with one-time telebiometric templates
Recommendations under development:• X.bhsm, Telebiometric authentication framework using biometric hardware• X.gep, A guideline for evaluating telebiometric template protection• X.tam, Guideline to technical and operational countermeasurers for telebiometric
applications using mobile devices• X.th-series, e-Health and world-wide telemedicines
• X.th2, Telebiometrics related to physics• X.th3, Telebiometrics related to chemistry• X.th4, Telebiometrics related to biology• X.th5, Telebiometrics related to culturology• X.th6, Telebiometrics related to psychology
• X.tif, Integrated framework for telebiometric data protection Close working relationship with ISO/IEC JTC 1/SCs 17, 27 and 37,
ISO TCs 12, 68 and 215, IEC TC 25, IETF, IEEE Rapporteur: Hale Kim 32/51
Working Party 3/17Identity management and languages
Q10 Identity management architecture and mechanisms
Q11 Directory services, Directory systems, and public-key/attribute certificates
Q12 ASN.1, Object Identifiers (OIDs) and associated registration
Q13 Formal languages and telecommunication software
Q14 Testing languages, methodologies and framework
Q15 Open Systems Interconnection (OSI)
Chairman: Jianyong Chen
33/51
Question 10/17Identity Management (IdM)
Identity Management (IdM)• IdM is a security enabler by providing trust in the identity of both parties to an e-
transaction• IdM also provides network operators an opportunity to increase revenues by
offering advanced identity-based services• The focus of ITU-T’s IdM work is on global trust and interoperability of diverse IdM
capabilities in telecommunication. • Work is focused on leveraging and bridging existing solutions• This Question is dedicated to the vision setting and the coordination and
organization of the entire range of IdM activities within ITU-T Approved Recommendations
• X.1250, Baseline capabilities for enhanced global identity management trust and interoperability
• X.1251, A framework for user control of digital identity • X.1252, Baseline identity management terms and definitions• X.1253, Security guidelines for identity management systems• X.1275, Guidelines on protection of personally identifiable information in the
application of RFID technology • X.Sup.7, Overview of identity management in the context of cybersecurity
34/51
Question 10/17 (cnt’d)Identity Management (IdM)
Key focus• Adoption of interoperable federated identity frameworks that use a variety of
authentication methods with well understood security and privacy• Encourage the use of authentication methods resistant to known and projected
threats• Provide a general trust model for making trust-based authentication decisions
between two or more parties• Ensure security of online transactions with focus on end-to-end identification
and authentication of the participants and components involved in conducting the transaction, including people, devices, and services
Engagement• JCA-IdM• 11 Recommendations under development
₋ Collaborative work with JTC 1/SC27 on X.eaa, Entity authentication assurance framework
₋ Collaborative work with CA/Browser Forum on X.EVcert, Extended validation certificate framework
• Related standardization bodies: ISO/IEC JTC 1 SCs 6, 27 and 37; IETF; ATIS; ETSI/TISPAN; OASIS; Kantara Initiative; OMA; NIST; 3GPP; 3GPP2; Eclipse; OpenID Foundation; OIX etc.
Rapporteur: Abbie Barbir 35/51
Question 11/17Directory services, Directory systems, and
Public-key/attribute certificates Three Directory Projects:
• ITU-T X.500 Series of Recommendations | ISO/IEC 9594 - all parts – The Directory
• ITU-T F.5xx - Directory Service - Support of tag-based identification services
• ITU-T E.115 - Computerized directory assistance X.500 series is a specification for a highly secure, versatile and
distributed directory The X.500 series is under continuous enhancement
• Password policy• Support of RFID• Interworking with LDAP• Support for Identity Management
X.500 work is collaborative with ISO/IEC JTC 1/SC 6/WG 836/51
Question 11/17 (cnt’d)Directory services, Directory systems, and
Public-key/attribute certificates ITU-T X.509 on public-key/attribute certificates is the cornerstone
for security:• Base specification for public-key certificates and for attribute certificates• Has a versatile extension feature allowing additions of new fields to
certificates• Basic architecture for revocation• Base specification for Public-Key Infrastructure (PKI)• Base specifications for Privilege Management Infrastructure (PMI)
ITU-T X.509 is used in many different areas:• Basis for eGovernment, eBusiness, etc. all over the world
• Used for IPsec, cloud computing, and many other areas
• Is the base specification for many other groups (PKIX in IETF, ESI in ETSI, CA Browser Forum, etc.)
Rapporteur: Erik Andersen 37/51
Question 12/17Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registration
Developing and maintaining the heavily used Abstract Syntax Notation One (ASN.1) and Object Identifier (OID) specifications
Giving advice on the management of OID Registration Authorities, particularly within developing countries, through the ASN.1 and OID Project Leader Olivier Dubuisson
Approving new top arcs of the Object Identifier tree as necessary Promoting use of OID resolution system by other groups such as
SG 16 Repository of OID allocations and a database of ASN.1 modules Recommendations are in the X.680 (ASN.1), X.690 ( ASN.1 Encoding
Rules), X.660/X.670 (OID Registration), and X.890 (Generic Applications, such as Fast Infoset, Fast Web services, etc) series
ASN.1 Packed Encoding Rules reduces the bandwidth required for communication thus conserving energy (e.g., compared with XML)
Work is collaborative with ISO/IEC JTC 1/SC 6/WG 9 Rapporteur: John Larmouth
38/51
Question 12/17 (cnt’d)Definition and encoding of structured data
This is what ASN.1 has always been about, since about 1984, but the terminology is fairly recent.
A Tutorial on this topic, giving history and comparisons of different approaches will be given at the Feb 2012 SG 17 meeting, and will be available as a TD shortly before the meeting.
ASN.1 (Abstract Syntax Notation One) – is just another way of saying “description of structured data”, and its notation and its encoding rules have been the primary ITU-T recommended means for describing and encoding structured data since about 1984.
It is not appropriate to describe this further here, but Q12/17 is actively promoting the term “description and encoding of structured data” as what ASN.1 is actually about and continues to recommend it for all use by ITU-T Recommendations in all Study Groups with such requirements. Q12/17 is always prepared to provide assistance to other Study Groups in this area.
39/51
Question 13/17Formal languages and telecommunication software
Languages and methods for requirements, specification implementation, and Open Distributed Processing (ODP)
Recommendations for ODP (X.900 series in collaboration with JTC 1/SC 7/WG 19), Specification and Description Language (Z.100 series), Message Sequence Chart (Z.120 series), User Requirements Notation (Z.150 series), framework and profiles for Unified Modeling Language, as well as use of languages (Z.110, Z.111, Z.400, Z.450).• Updates of Z.100 and Z.150 series are being progressed
These techniques enable high quality Recommendations to be written from which formal tests can be derived, and products to be cost effectively developed.
Relationship with SDL Forum Society Rapporteur: Rick Reed
40/51
Question 14/17Testing languages, methodologies and framework
Interoperability and conformance testing languages, methodologies and framework
Responsible for Testing and Test Control Notation version 3 (TTCN-3) Recommendations: Z.161, Z.162, Z.163, Z.164, Z.165, Z.166, Z.167, Z.168, Z.169, Z.170• Further updates on the Z.160-170 series will be produced in 2012
Also responsible for conformance testing methodology and framework for protocol Recommendations: X.290, X.291, X.292, X.293, X.294, X.295, X.296, X.Sup4 and X.Sup5
Provides support for WTSA-08 Resolution 78 on conformance and interoperability testing
Close liaisons with ETSI, SG 11, JCA-CIT Rapporteur: Dieter Hogrefe
41/51
Question 15/17Open Systems Interconnection (OSI)
Ongoing maintenance of the OSI X-series Recommendations and the OSI Implementer’s Guide:• OSI Architecture• Message Handling• Transaction Processing• Commitment, Concurrency and Recovery (CCR)• Remote Operations• Reliable Transfer• Quality of Service• Upper layers – Application, Presentation, and Session• Lower Layers – Transport, Network, Data Link, and Physical
109 approved Recommendations Work is carried out in collaboration with ISO/IEC JTC 1
42/51
Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on
ICT security World Telecommunications Standardization
Assembly (WTSA-08) mandate for Study Group 17 Study Group 17 overview Security Coordination Future meetings Useful references
43/51
Security CoordinationSecurity activities in other ITU-T Study Groups
ITU-T SG 2 Operation aspects & TMN– Q3 International Emergency Preference Scheme , ETS/TDR– Q5 Network and service operations and maintenance procedures , E.408– Q11 TMN security, TMN PKI
ITU-T SG 9 Integrated broadband cable and TV– Q3 Conditional access, copy protection, HDLC privacy,– Q7, Q8 DOCSIS privacy/security– Q9 IPCablecom 2 (IMS w. security), MediaHomeNet security gateway, DRM,
ITU-T SG 11 Signaling Protocols– Q7 EAP-AKA for NGN
ITU-T SG 13 Future network– Q16 Security and identity management for NGN– Q17 Deep packet inspection
ITU-T SG 15 Optical Transport & Access– Reliability, availability, Ethernet/MPLS protection switching
ITU-T SG 16 Multimedia– Secure VoIP and multimedia security (H.233, H.234, H.235, H.323, JPEG2000) 44/51
Coordination with other bodies
ITU-D, ITU-R, xyz…
Study Group 17
45/51
SG 17 collaborative work with ISO/IEC JTC 1
JTC 1 SG 17 Question Subject
SC 6/WG 7 Q6/17 Ubiquitous networking
SC 6/WG 8 Q11/17 Directory
SC 6/WG 9 Q12/17 ASN.1, OIDs, and Registration Authorities
SC 7/WG 19 Q13/17 Open Distributed Processing (ODP)
SC 27/WG 1 Q3/17 Information Security Management System (ISMS)
SC 27/WG 3 Q2/17 Security architecture
SC 27/WG 5 Q10/17 Identity Management (IdM)
SC 37 Q9/17 Telebiometrics
Note – In addition to collaborative work, extensive communications and liaison relationships exist with the following JTC 1 SCs: 6, 7, 17, 22, 27, 31, 37 and 38 on a wide range of topics. All SG 17 Questions are involved.
Existing relationships having collaborative (joint) projects:
46/51
SG 17 collaborative work with ISO/IEC JTC 1 (cnt’d)
Guide for ITU-T and ISO/IEC JTC 1 Cooperation• http://itu.int/rec/T-REC-A.23-201002-I!AnnA
Listing of common text and technically aligned Recommendations | International Standards• http://itu.int/oth/T0A0D000011
Mapping between ISO/IEC International Standards and ITU-T Recommendations• http://itu.int/oth/T0A0D000012
Relationships of SG 17 Questions with JTC 1 SCsthat categorizes the nature of relationships as:– joint work (e.g., common texts or twin texts)– technical collaboration by liaison mechanism– informational liaison• http://itu.int/en/ITU-T/studygroups/com17/Pages/relationships.aspx
47/51
Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on
ICT security World Telecommunications Standardization
Assembly (WTSA-08) mandate for Study Group 17 Study Group 17 overview Security Coordination Future meetings Useful references
48/51
Study Group 17 Meetings
This meeting:Monday, 20 February – Friday, 2 March 2012(10 days), Geneva, Switzerland
Final meeting in 2008-2012 study period:Monday, 3 September – Friday 7, September 2012(5 days), Geneva, Switzerland.Note: may be extended to 8 days
Next study period starts following WTSA-12
49/51
Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on
ICT security World Telecommunications Standardization
Assembly (WTSA-08) mandate for Study Group 17 Study Group 17 overview Security Coordination Future meetings Useful references
50/51
Reference links Webpage for ITU-T Study Group 17
• http://itu.int/ITU-T/studygroups/com17 Webpage on ICT security standard roadmap
• http://itu.int/ITU-T/studygroups/com17/ict Webpage on ICT cybersecurity organizations
• http://itu.int/ITU-T/studygroups/com17/nfvo Webpage for JCA on Identity management
• http://www.itu.int/en/ITU-T/jca/idm/Pages/default.aspx Webpage for JCA on Conformance and interoperability testing
• http://itu.int/en/ITU-T/jca/idm Webpage on lead study group on telecommunication security
• http://itu.int/en/ITU-T/studygroups/com17/Pages/telesecurity.aspx Webpage on lead study group on identity management
• http://itu.int/en/ITU-T/studygroups/com17/Pages/idm.aspx Webpage on lead study group on languages and description techniques
• http://itu.int/en/ITU-T/studygroups/com17/Pages/ldt.aspx Webpage for security workshop on Addressing security challenges on a global scale
• http://itu.int/ITU-T/worksem/security/201012 51/51
Recommended