Presentation is loading. Please wait.

Presentation is loading. Please wait.

ITU-T SG17 Q.2 Security Architecture and Framework An overview for newcomers Patrick Mwesigwa Q.2/17 Rapporteur 15 March 2016.

Published byImogene Willis Modified over 7 years ago

Similar presentations

Presentation on theme: "ITU-T SG17 Q.2 Security Architecture and Framework An overview for newcomers Patrick Mwesigwa Q.2/17 Rapporteur 15 March 2016."— Presentation transcript:

1 ITU-T SG17 Q.2 Security Architecture and Framework An overview for newcomers Patrick Mwesigwa Q.2/17 Rapporteur 15 March 2016

2 Contents  Question text for Q.2/17 Motivation, Question, Tasks and Relationships  Recommendations and Supplements related to Q.2/17  Draft Recommendations on developing under Q.2/17  Future Plan for Next Study Period (2017-2020) 2

3 Question text for 2/17 – Motivation  Security architecture Recommendations – Recommendations ITU ‑ T X.800, X.802 and X.803 describe security within the context of open systems interconnection (OSI). – The security architecture for systems providing end-to-end communications is provided in Recommendation ITU ‑ T X.805. – A comprehensive set of detailed security frameworks covering aspects of security such as authentication, access control, non-repudiation, confidentiality, integrity, and security audit and alarms has been established (X.810, X.811, X.812, X.813, X.814, X.815 and X.816). – Generic Upper Layers Security (GULS), Recommendations ITU ‑ T X.830, X.831, X.832, X.833, X.834 and X.835 have been developed. – In cooperation with ISO/IEC JTC 1/SC 27, Recommendations ITU ‑ T X.841, X.842 and X.843 on security information objects and trusted third party services have been established.  A continued effort to maintain and enhance these security Recommendations to satisfy the needs of emerging technologies (e.g., the next generation networks (NGN) and Internet protocol based networks) and services is required. This effort is reflected by X.1035 and X.1036 that show details of password-authenticated key exchange protocols and policy distribution and enforcement. 3

4 Question text for 2/17 – Motivation (cont’)  Due to convergence and mobility, telecommunications carrier networks and the associated information systems are exposed to new classes of security threats. The attackers have a deeper reach into networks and require less skill levels with a higher damage propensity. Viruses, hacking and denial of service attacks have become pervasive and they adversely impact network elements and support systems alike.  The telecommunications and information technology industries are seeking cost-effective comprehensive security solutions that are technology agnostic and protect a wide spectrum of services and applications. To achieve such solutions in multi-vendor environment, network security should be designed around the standard security architectures and standard security technologies. Taking into account the security threats to the telecommunication environment and the current advancement of security countermeasures against the threats, new security requirements and solutions should be investigated. New Recommendations that show how to combine the technology standards and security frameworks are needed to implement comprehensive security for the emerging networks and services. 4

5 Question text for 2/17 – Question  Study items to be considered include, but are not limited to: – How should a comprehensive, coherent telecommunications security solution be defined? – What is the architecture for a comprehensive, coherent telecommunications security solution? – What is the framework for applying the security architecture in order to establish a new security solution? – What is the framework for applying the security architecture in order to assess (and consequently improve) an existing security solution? – What are the architectural underpinnings for security? 5.1 What is the architecture for end-to-end security? 5.2 What is the open systems security architecture? 5.3 What is the security architecture for the mobile environment? 5.4 What is the security architecture for evolving networks? 5.5 What is the security architecture for application services in collaboration with Q7/17? 5

6 Question text for 2/17 – Question (cont’)  Study items to be considered include, but are not limited to: – What new security architecture and framework Recommendations are required for providing security solutions in the changing environment? – How should architectural standards be structured with respect to existing Recommendations on security? – How should architectural standards be structured with respect to the existing advanced security technologies? – How should the security framework Recommendations be modified to adapt them to emerging technologies and what new framework Recommendations are required? – How are security services applied to provide security solutions? – How is telecommunication/ICT infrastructure monitoring applied to provide security solutions? 6

7 Question text for 2/17 – Tasks and Relationships  Tasks include, but are not limited to: – Development of a comprehensive set of security architecture and framework Recommendations for providing standard security solutions for telecommunications in collaboration with other standards development organizations and ITU ‑ T study groups. – Studies and development of Recommendations on a trusted telecommunication network architecture that integrates advanced security technologies. – Maintenance and enhancements of Recommendations and Supplements in the X.800-series and X.103x-series.  Relationships: – Recommendations: X-series and others related to security – Questions: ITU ‑ T Questions 1/17, 3/17, 4/17, 5/17, 6/17, 7/17, 8/17, 9/17, 10/17 and 11/17 – Study Groups: ITU ‑ T SGs 2, 9, 11, 13 and 16 – Standardization bodies: ISO/IEC JTC 1/SC 27 and SC 37; IEC TC 25; ISO TC12; IETF; ATIS; ETSI; 3GPP, 3GPP2; FIINA. 7

8 Contents  Question text for Q.2/17 Motivation, Question, Tasks and Relationships  Recommendations and supplements related to Q.2/17  Draft Recommendations on developing under Q.2/17  Future Plan for Next Study Period (2017-2020) 8

9 Recommendations related to Q.2/17  OSI security architecture (Rec. ITU-T X.800)Rec. ITU-T X.800  OSI security models (Recs. ITU-T X.802, X.803, X.830, X.831, X.832, X.833, X.834, X.835)X.802X.803X.830X.831X.832X.833X.834 X.835  OSI security frameworks for open systems (Recs. ITU-T X.810, X.811, X.812, X.813, X.814, X.815, X.816, X.841)X.810X.811X.812X.813X.814X.815X.816 X.841  Security architecture for systems providing end-to-end communications (Rec. ITU-T X.805)Rec. ITU-T X.805 9

10 Security architecture for systems providing end-to-end communications (10/2003)  Defines a general network security architecture for providing end-to-end network security  For a systematic security design of products. 10 Rec. ITU-T X.805 - Security architectural elements Recommendation ITU-T X.805

11 Recommendations related to Q.2/17  Roles of end users and telecommunications networks within security architecture (Rec. ITU-T X.1031)Rec. ITU-T X.1031  IP-based telecommunication network security system (TNSS) (Rec. ITU-T X.1032)Rec. ITU-T X.1032  EAP + key management guideline (Rec. ITU-T X.1034)Rec. ITU-T X.1034  Password-authenticated key exchange (PAK) protocol (Rec. ITU-T X.1035)Rec. ITU-T X.1035  Framework for creation, storage, distribution and enforcement of policies for network security (Rec. ITU-T X.1036)  IPv6 security (Rec. ITU-T X.1037) 11

12 Supplements related to Q.2/17  X.Suppl. 2: ITU-T X.800-X.849 series – Supplement on security baseline for network operators  X Suppl. 3: ITU-T X.800-X.849 series – Supplement on guidelines for implementing system and network security  X Suppl. 15: ITU-T X.800-X.849 series - Supplement on guidance for creating a national IP-based public network security centre for developing countries  X.Suppl. 16: ITU-T X.800-X.849 series – Supplement on architectural systems for security controls for preventing fraudulent activities in public carrier networks  X.Suppl. 23: ITU-T X.1037 - Supplement on security management guidelines for the implementation of an IPv6 environment in telecommunication organizations 12

13  P2P (peer-to-peer) communication Rec. ITU-T X.1161: Framework for secure peer-to-peer communications Rec. ITU-T X.1162: Security architecture and operations for peer-to-peer networks  Mobile web services Rec. ITU-T X.1143: Security architecture for message security in mobile web services  Network management architecture Rec. ITU-T M.3010: Principles for a telecommunications management network  IPCablecom architecture Rec. ITU-T J.160: Architectural framework for the delivery of time-critical services over cable television networks using cable modems  IPTV service Rec. ITU-T X.1191: Functional requirements and architecture for IPTV security aspects 13 Some application-specific architectures

14 Contents  Question text for Q.2/17 Motivation, Question, Tasks and Relationships  Recommendations and supplements related to Q.2/17  Draft Recommendations on developing under Q.2/17  Future Plan for Next Study Period (2017-2020) 14

15 Guidelines on security of the individual information service for operators (Timing : 2016-03, Consent)  Addresses the aspects of security of the information service provided by the telecommunication operators  Defines the classification of the telecommunication information service; Communication services: telephone, internet broadband etc. Content services: web indexing/searching, mobile TV/IPTV etc. Information services: e-government, e-commerce, e-health, etc. Individual information services: users’ requirements, privileges, preferences, and habitual behaviors, etc. 15 Draft Recommendation ITU-T X.gsiiso

16 Security requirements and reference architecture for Software- Defined Networking (Timing : 2017-10, Consent) 16 Draft Recommendation ITU-T X.sdnsec-2  Describe use cases to detail new security threats when introducing SDN;  Identify security threats;  Define security requirements;  Provide possible security mechanisms for new security threats;  Design security reference architecture for SDN Security reference architecture for SDN, in Rec. ITU-T Y.3300

17 ITU-T X.805 - Supplement on Security guideline for mobile virtual network operator (MVNO) (Timing : 2016-09, Agreement) 17 Draft Supplement ITU-T X.sgmvno  Provides security guideline for MVNOs Main features and typical threats of MVNOs Security framework including security objectives and security requirements. Mobile Virtual Network Operator (MVNO)

18 Technical implementation guidelines for ITU-T X.805 (Timing : 2016-09, Consent)  Provides technical implementation guideline for security countermeasures A set of technical countermeasures or solutions to implement technical information security domains, including access control, authentication, Non-repudiation, data confidentiality, communication security, data integrity, availability, and privacy. Provides examples for applying the set of technical countermeasures to the organizations with practical levels of information security domains 18 Draft Recommendation ITU-T X.tigsc

19 Contents  Question text for Q.2/17 Motivation, Question, Tasks and Relationships  Recommendations and supplements related to Q.2/17  Draft Recommendations on developing under Q.2/17  Future Plan for Next Study Period (2017-2020) 19

20  Q.2/17 will address all aspects of security architecture and framework; OSI security architecture and security architecture in end-to-end communication Guidelines and supplements to support Recommendation ITU-T X.805 Other networks: NGN (Next Generation Network), Internet protocol based networks, SDN (Software-defined Networking), etc. New topics: NFV (Network Function Virtualization), LTE/SAE (Long-Term Evolution/System Architecture Evolution), etc.  Q.2/17 will endeavour to improve the relationship with other groups dealing with work related to security architecture and framework. Questions in SG17: SDN, Mobile, P2P, IdM, etc. Other SGs: NGN, FN, IPCablecom, Multimedia, etc. External SDOs: IEO/IEC JTC 1/SC 27, IETF, 3GPP/3GPP2, etc. 20 Future Plan for Next Study Period (2017-2020)

21 Thank you very much for your attention! Rapporteur: Patrick MWESIGWA Associate Rapporteur: Heung-Ryong OH and Zhiyuan HU

Download ppt "ITU-T SG17 Q.2 Security Architecture and Framework An overview for newcomers Patrick Mwesigwa Q.2/17 Rapporteur 15 March 2016."

Similar presentations

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
Chapter 1 – Introduction

Chapter 1 – Introduction
Applied Cryptography for Network Security

Applied Cryptography for Network Security
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.

Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.

Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
DOCUMENT #: GSC15-GTSC8-02 FOR: Presentation SOURCE: ATIS AGENDA ITEM: GTSC8; 4.1 CONTACT(S): Wayne Zeuch ATIS:

DOCUMENT #: GSC15-GTSC8-02 FOR: Presentation SOURCE: ATIS AGENDA ITEM: GTSC8; 4.1 CONTACT(S): Wayne Zeuch ATIS:
DOCUMENT #:GSC15-GTSC-05 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:4.1 NGN, Testing specification and Beyond Chaesub.

DOCUMENT #:GSC15-GTSC-05 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:4.1 NGN, Testing specification and Beyond Chaesub.
Metadata for the Cloud Telco Motivation presentation to ISO/IEC JTC1 SC32 WG2 Ewelina Szczekocka, Orange Labs Poland, Telekomunikacja Polska S.A. 25th.

Metadata for the Cloud Telco Motivation presentation to ISO/IEC JTC1 SC32 WG2 Ewelina Szczekocka, Orange Labs Poland, Telekomunikacja Polska S.A. 25th.
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
ATIS & TISPAN JOINT MEETING ON NGN Washington D.C., 1 April 2005 MEETING SUMMARY Draft v2 (4 April 2005) Based on Notes from David Boswarthick (ETSI),

ATIS & TISPAN JOINT MEETING ON NGN Washington D.C., 1 April 2005 MEETING SUMMARY Draft v2 (4 April 2005) Based on Notes from David Boswarthick (ETSI),
02-007.ppt ITU-T status report ieprep-related activities Stephen Perschau, NCS.

ppt ITU-T status report ieprep-related activities Stephen Perschau, NCS.
DOCUMENT #: GSC15-GTSC8-06 FOR: Presentation SOURCE: ATIS AGENDA ITEM: GTSC8; 4.2 CONTACT(S): Art Reilly ATIS Cybersecurity.

DOCUMENT #: GSC15-GTSC8-06 FOR: Presentation SOURCE: ATIS AGENDA ITEM: GTSC8; 4.2 CONTACT(S): Art Reilly ATIS Cybersecurity.
International Telecommunication Union Eighth Global Standards Collaboration (GSC) Meeting - Ottawa, Canada, 27 April-1 May 2003 Security Standardization.

International Telecommunication Union Eighth Global Standards Collaboration (GSC) Meeting - Ottawa, Canada, 27 April-1 May 2003 Security Standardization.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester 2008-2009.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Committed to Connecting the World ITU-T SG13 since the 1 st AFRG Chairman: Chaesub Lee Counsellor: Tatiana Kurakova.

Committed to Connecting the World ITU-T SG13 since the 1 st AFRG Chairman: Chaesub Lee Counsellor: Tatiana Kurakova.
1 International Telecommunication Union ITU CHALLENGES AND RESPONSES (Fabio Bigi – TSB Deputy Director) (

1 International Telecommunication Union ITU CHALLENGES AND RESPONSES (Fabio Bigi – TSB Deputy Director) (
International Telecommunication Union ITU Seminar on the Standardization and ICT development for the Information Society Uzbekistan, 6-8 October 2003 Network.

International Telecommunication Union ITU Seminar on the Standardization and ICT development for the Information Society Uzbekistan, 6-8 October 2003 Network.

Similar presentations

Ads by Google