Presentation on theme: "ITU-T Study Group 17 Security"— Presentation transcript:
1 ITU-T Study Group 17 Security An overview for newcomers Arkadiy KremerFebruary 2012
2 Importance of ICT security standardization ContentsImportance of ICT security standardizationITU Plenipotentiary Conference (PP-10) actions on ICT securityWorld Telecommunications Standardization Assembly (WTSA-08) mandate for Study Group 17Study Group 17 overviewSecurity CoordinationFuture meetingsUseful references
3 Importance of ICT security standardization (1/4) National laws are oftentimes inadequate to protect against attacks.They are insufficient from the timing perspective (i.e. laws cannot keep up with the pace of technological change), and, since attacks are often transnational, national laws may well be inapplicable anyway.What this means is that the defenses must be largely technical, procedural and administrative; i.e. those that can be addressed in standards.The development of standards in an open forum that comprises international specialists from a wide variety of environments and backgrounds provides the best possible opportunity to ensure relevant, complete and effective standards.SG 17 provides the environment in which such standards can be, and are being, developed.
4 Importance of ICT security standardization (2/4) The primary challenges are the time it takes to develop a standard (compared to the speed of technological change and the emergence of new threats) and the shortage of skilled and available resources.We must work quickly to respond to the rapidly-evolving technical and threat environment but we must also ensure that the standards we produce are given sufficient consideration and review to ensure that they are complete and effective.We must recognize and respect the differences in developing countries respective environments: their telecom infrastructures may be at different levels of development from those of the developed countries; their ability to participate in, and contribute directly to the security standards work may be limited by economic and other considerations; and their needs and priorities may be quite different.
5 Importance of ICT security standardization (3/4) ITU-T can help the developing countries by fostering awareness of the work we are doing (and why we are doing it), by encouraging participation in the work particularly via the electronic communication facilities now being used (e.g. web based meetings and teleconferencing), and, most particularly, by encouraging the members from the developing countries to articulate their concerns and priorities regarding the ICT security.The members from the developed nations should not confuse their own needs with those of the developing countries, nor should they make assumptions about what the needs and priorities of the developing countries may be.
6 Importance of ICT security standardization (4/4) For on-going credibility, we need performance measures that provide some indication of the effectiveness of our standards. In the past there has been too much focus on quantity (i.e. how many standards are produced) than on the quality and effectiveness of the work.Going forward, we really need to know which standards are being used (and which are not being used), how widely they are used, and how effective they are.This is not going to be easy to determine but it would do much more to the ITU-T’s credibility if it could demonstrate the value and effectiveness of standards that have been developed rather than simply saying “we produced X number of standards”.The number of standards produced is irrelevant: what counts is the impact they have.
7 Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on ICT securityWorld Telecommunications Standardization Assembly (WTSA-08) mandate for Study Group 17Study Group 17 overviewSecurity CoordinationFuture meetingsUseful references
8 ITU Plenipotentiary Conference 2010 Strengthened the role of ITU in ICT security:Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Res. 130)The use of telecommunications/information and communication technologies for monitoring and management in emergency and disaster situations for early warning, prevention, mitigation and relief (Res. 136).ITU's role with regard to international public policy issues relating to the risk of illicit use of information and communication technologies (Res. 174)ITU role in organizing the work on technical aspects of telecommunication networks to support the Internet (Res. 178)ITU's role in child online protection (Res. 179)Definitions and terminology relating to building confidence and security in the use of information and communication technologies (Res. 181)
9 Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on ICT securityWorld Telecommunications Standardization Assembly (WTSA-08) mandate for Study Group 17Study Group 17 overviewSecurity CoordinationFuture meetingsUseful references
10 SG 17 mandate established by World Telecommunication Standardization Assembly (WTSA-08) WTSA-08 decided the following for Study Group 17:Title: SecurityResponsible for: studies relating to security including cybersecurity, countering spam and identity management. Also responsible for the application of open system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems.Lead Study Group for:Telecommunication securityIdentity managementLanguages and description techniquesResponsible for specific E, F, X and Z series RecommendationsResponsible for 15 QuestionsChairman: Arkadiy KremerVice chairmen: Jianyong Chen, Mohamed M.K. Elhaj, Antonio Guimaraes, Patrick Mwesigwa, Koji Nakao, Heung Youl Youm
11 Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on ICT securityWorld Telecommunications Standardization Assembly (WTSA-08) mandate for Study Group 17Study Group 17 overviewSecurity CoordinationFuture meetingsUseful references
12 Study Group 17 OverviewPrimary focus is to build confidence and security in the use of Information and Communication Technologies (ICTs)Meets twice a year. Last meeting had 171 participants from 21 Member States, 20 Sector Members and 7 Associates.As of 16 October 2011, SG 17 is responsible for 279 approved Recommendations, 11 approved Supplements and 3 approved Implementer’s Guides in the E, F, X and Z series.Large program of work:23 new work items added to work program in 201133 Recommendations, 22 Corrigenda and 3 Supplements approved or entered approval process in 2011143 new or revised Recommendations and other texts are under development for approval in 2012 or laterWork organized into 3 Working Parties with 15 Questions5 Correspondence groupsSee SG 17 web page for more information
13 SG 17, Security WP 1 WP 2 WP 3 Identity management and languages Working Party 1Working Party 2Working Party 3Network and information securityQ10 IdMSecurity projectQ1Application securityUbiquitous servicesQ6Q11 Directory, PKI and PMIQ2 ArchitectureQ7 ApplicationsQ12 ASN.1, OIDQ3 ISMQ13 LanguagesQ8 SOAQ4 CybersecurityQ14 TestingQ9 TelebiometricsCountering spamQ5Q15 OSIWP 1WP 2WP 3
14 Study Group 17 is the Lead Study Group on: ● Telecommunication security ● Identity management (IdM) ● Languages and description techniquesA study group may be designated by WTSA or TSAG as the lead study group for ITU‑T studies forming a defined programme of work involving a number of study groups.This lead study group is responsible for the study of the appropriate core Questions.In addition, in consultation with the relevant study groups and in collaboration, where appropriate, with other standards bodies, the lead study group has the responsibility to define and maintain the overall framework and to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations.* Extracted from WTSA-08 Resolution 1
15 SG 17 is “Parent” for Joint Coordination Activities (JCAs) on: ● Identity management ● Conformance & interoperability testingA joint coordination activity (JCA) is a tool for management of the work programme of ITU-T when there is a need to address a broad subject covering the area of competence of more than one study group. A JCA may help to coordinate the planned work effort in terms of subject matter, time-frames for meetings, collocated meetings where necessary and publication goals including, where appropriate, release planning of the resulting Recommendations.The establishment of a JCA aims mainly at improving coordination and planning. The work itself will continue to be conducted by the relevant study groups and the results are subject to the normal approval processes within each study group. A JCA may identify technical and strategic issues within the scope of its coordination role, but will not perform technical studies nor write Recommendations. A JCA may also address coordination of activities with recognized standards development organizations (SDOs) and forums, including periodic discussion of work plans and schedules of deliverables. The study groups take JCA suggestions into consideration as they carry out their work.* Extracted from Recommendation ITU-T A.1
16 Additional Security Work Cloud Computing SecurityExpected transfer in early 2012 of security work from ITU-T Focus Group on Cloud Computing to SG 17Smart Grid SecurityExpected transfer in early 2012 of security work from ITU-T Focus Group on Smart Grid to SG 17Child Online ProtectionCorrespondence group currently looking at what aspects are appropriate given SG 17 mandate and area of expertiseMoU UNODC-ITUITU-T Secretary General signed MoU with United Nations Office on Drugs and Crime (UNODC) – Role of SG 17 needs further considerationSG 17 has prepared first draft of 17 proposed Questions for the study period
17 Working Party 1/17 Network and information security Chairman: Koji NakaoQ1 Telecommunications systems security projectQ2 Security architecture and frameworkQ3 Telecommunications information security managementQ4 CybersecurityQ5Countering spam by technical means
18 Question 1/17 Telecommunications systems security project Security CoordinationCoordinate security matters within SG 17, with ITU-T SGs, ITU-D and externally with other SDOsMaintain reference information on LSG security webpageICT Security Standards RoadmapSearchable database of approved ICT security standards from ITU-T, ISO/IEC, ETSI and othersSecurity CompendiumCatalogue of approved security-related Recommendations and security definitions extracted from approved RecommendationsITU-T Security Manual4th edition published in 4Q/2009; 5th edition planned for 2012Bridging the standardization gap
19 Question 1/17 (cnt’d) Telecommunications systems security project Security standardization strategy – Define a top-down approach to complement the contribution-driven workto ensure the continued relevance of security standards by keeping them current with rapidly-developing technologies and operators’ trends (in e-commerce, e-payments, e-banking, telemedicine, fraud-monitoring, fraud-management, fraud identification, digital identity, infrastructure creation, billing systems, IPTV, Video-on-demand, grid network computing, ubiquitous networks, etc.)to follow-up on considerable attention recently given to trust between network providers and communication infrastructure vendors, in particular for communication hardware and software security, issues of how trust can be established and/or enhanced would need to be consideredRapporteur: Antonio Guimaraes
20 Question 2/17 Security Architecture and Framework Responsible for general security architecture and framework for telecommunication systemsRecommendation in approval process:X.1037, Architectural systems for security controls for preventing fraudulent activities in public carrier networksRecommendations currently under study include:X.gsiiso, Guidelines on security of the individual information service for operatorsX.ncns-1, National IP-based Public Networks Security Center for Developing CountriesX.ipv6-secguide, Technical guideline on deploying IPv6X.hns, Heterarchic for secure distributed services networks25 Recommendations and 2 Supplements approvedRelationships with ISO/IEC JTC 1 SCs 27 and 37, IEC TC 25, ISO TC 12, IETF, ATIS, ETSI, 3GPP, 3GPP2Rapporteur: Patrick Mwesigwa
21 Question 3/17 Telecommunications information security management Responsible for information security management - X.1051, etc.Recommendations approved May 2011:X.1052, Information security management frameworkX.1057, Asset management guidelines in telecommunication organizationsDeveloping specific guidelines including:X.gpim, Guideline for management of personally identifiable information for telecommunication org.X.isgf, Governance of information security (w/SC 27)X.sgsm, Security management guidelines for small and medium-sized telecommunication organizationsX.mgv6, Security management guideline for implementation of IPv6 environmentSupplement - User guide for X.1051Information security incident management for developing countriesClose collaboration with ISO/IEC JTC 1/SC 27Rapporteur: Miho Naganuma
22 Question 4/17 Cybersecurity Cybersecurity by design no longer possible; a new paradigm:know your weaknesses minimize the vulnerabilitiesknow your attacks share the heuristics within trust communitiesCurrent work program (28 Recommendations under development)X.1500 suite: Cybersecurity Information Exchange (CYBEX) – non- prescriptive, extensible, complementary techniques for the new paradigmWeakness, vulnerability and stateEvent, incident, and heuristicsInformation exchange policyIdentification, discovery, and queryIdentity assuranceExchange protocolsNon-CYBEX deliverables include compendiums and guidelines forSIP server protectionAbnormal traffic detectionBotnet mitigationAttack source attribution (including traceback)Trusted standards availabilityExtensive relationships with many external bodies
23 Question 4/17 (cnt’d) Cybersecurity Key achievementsX.1205, Overview of cybersecurity X.1206, A vendor-neutral framework for automatic notification of security related information and dissemination of updates X.1207, Guidelines for telecommunication service providers for addressing the risk of spyware and potentially unwanted softwareX.1209, Capabilities and their context scenarios for cybersecurity information sharing and exchangeX.1303, Common alerting protocolX.1500, Overview of cybersecurity information exchange (CYBEX)X.1520, Common vulnerabilities and exposures (CVE)X.1521, Common vulnerability scoring system (CVSS)X.1570, Discovery mechanisms in the exchange of cybersecurity informationX.Sup.8, Supplement on best practices against botnet threatsX.Sup.9, Guidelines for reducing malware in ICT networksX.Sup.10, Usability of network tracebackRecommendations in approval processX , Procedures for the registration of arcs under OID arc for CYBEXX.1524, Common weakness enumeration (CWE)X.1541, Incident object description exchange formatRapporteur: Anthony Rutkowski
24 Question 5/17 Countering spam by technical means Lead group in ITU-T on countering spam by technical means in support of WTSA-08 Resolution 52 (Countering and combating spam)7 Recommendations and 2 Supplements approved. 3 draft texts under development (see structure in next slide):X.oacms, Overall aspects of countering messaging spam in mobile networksX.ticvs, Technologies involved in countering voice spam in telecommunication organizationsSupplement, Functions and interfaces for countering spam using botnet informationEffective cooperation with ITU-D, IETF, ISO/IEC JTC 1, 3GPP, OECD, MAAWG , ENISA and other organizationsRapporteur: Hongwei Luo
25 Question 5/17 (cnt’d) Countering spam by technical means
26 Working Party 2/17 Application Security Chairman: Heung Youl YoumQ6Security aspects of ubiquitous telecommunication servicesQ7 Secure application servicesQ8 Service oriented architecture securityQ9 Telebiometrics
27 Question 6/17 Security aspects of ubiquitous telecommunication services Multicast securityX.1101, Security requirements and framework for multicast communicationHome network securityX.1111, Framework for security technologies for home networkX.1112, Device certificate profile for the home networkX.1113, Guideline on user authentication mechanism for home network servicesX.1114, Authorization framework for home networkMobile securityX.1121, Framework of security technologies for mobile end-to-end data communications X.1122, Guideline for implementing secure mobile systems based on PKI X.1123, Differentiated security service for secure mobile end-to-end data communication X.1124, Authentication architecture for mobile end-to-end data communication X.1125, Correlative reacting system in mobile data communicationX.msec-5, Security requirements and mechanism for reconfiguration of mobile device with multiple communication interfacesX.msec-6, Security aspects of mobile phonesNetworked ID securityX.1171, Threats and requirements for protection of personally identifiable information in applications using tag-based identificationX.1175, Guidelines on protection of personally identifiable information in the application of RFID technology
28 Question 6/17 (cnt’d) Security aspects of ubiquitous telecommunication services IPTV securityX.1191, Functional requirements and architecture for IPTV security aspectsX.1192, Functional requirements and mechanisms for secure transcodable scheme of IPTVX.1193, Key management framework for secure IPTV servicesX.1195, Service and content protection (SCP) interoperability schemeX.iptvsec-4, Algorithm selection scheme for service and content protection (SCP) descramblingX.iptvsec-6, Framework for the downloadable service and content protection (SCP) system in the mobile IPTV environmentX.iptvsec-7, Guidelines on criteria for selecting cryptographic algorithms for the IPTV service and content protection (SCP)X.iptvsec-8, Virtual machine-based security platform for renewable service and content protection (SCP)Ubiquitous sensor network security X.1311, Information technology – Security framework for ubiquitous sensor network (w/SC 6)X.1312, Ubiquitous sensor network (USN) middleware security guidelinesX.usnsec-3, Secure routing mechanisms for wireless sensor networkX.unsec-1, Security requirements and framework of ubiquitous networkingClose relationship with JCA-IPTV and ISO/IEC JTC 1/SC 6/WG 7Rapporteur: Jonghyun Baek
29 Question 7/17 Secure application services Web securityX.1141, Security Assertion Markup Language (SAML 2.0)X.1142, eXtensible Access Control Markup Language (XACML 2.0)X.1143, Security architecture for message security in mobile web servicesX.websec-4, Security framework for enhanced web based telecommunication servicesSecurity protocolsX.1151, Guideline on secure password-based authentication protocol with key exchangeX.1152, Secure end-to-end data communication techniques using trusted third party servicesX.1153, A management framework of an one time password-based authentication serviceX.sap-4, The general framework of combined authentication on multiple identity service provider environmentX.sap-5, Guideline on anonymous authentication for e-commerce serviceX.sap-6, An One Time Password-based non-repudiation frameworkX.sap-7, The requirements of fraud detection and response services for sensitive Information Communication TechnologyPeer-to-peer securityX.1161, Framework for secure peer-to-peer communications X.1162, Security architecture and operations for peer-to-peer networksX.p2p-3, Security requirements and mechanisms of peer-to-peer-based telecommunication networkX.p2p-4, Use of service providers’ user authentication infrastructure to implement PKI for peer- to-peer networksRelationships include: OASIS, OMA, W3C, ISO/IEC JTC 1/SC 27, Kantara InitiativeRapporteur: Jae Hoon Nah
30 Question 8/17 Service oriented architecture security Current focus:Security aspects of cloud computingX.ccsec, Security guideline for cloud computing in telecommunication areaX.srfctse, Security requirements and framework of cloud based telecommunication service environmentSecurity aspects of service oriented architectureX.fsspvn, Framework of the secure service platform for virtual networkX.sfcsc, Security functional requirements for software as a service (SaaS) application environmentWorking closely with FG on Cloud computingRapporteur: Liang Wei
31 Question 9/17 Telebiometrics Current focus:Security requirements and guidelines for applications of telebiometricsRequirements for evaluating security, conformance and interoperability with privacy protection techniques for applications of telebiometricsRequirements for telebiometric applications in a high functionality networkRequirements for telebiometric multi-factor authentication techniques based on biometric data protection and biometric encryptionRequirements for appropriate generic protocols providing safety, security, privacy protection, and consent “for manipulating biometric data” in applications of telebiometrics, e.g., e-health, telemedicineApproved RecommendationsX , e-Health and world-wide telemedicines - Generic telecommunication protocolX.1081, The telebiometric multimodal model – A framework for the specification of security and safety aspects of telebiometricsX.1082, Telebiometrics related to human physiologyX.1083, Information technology – Biometrics – BioAPI interworking protocol (w/SC 37)X.1084, Telebiometrics system mechanism – Part 1: General biometric authentication protocol and system model profiles for telecommunications systemsX.1086, Telebiometrics protection procedures – Part 1: A guideline to technical and managerial countermeasures for biometric data security
32 Question 9/17 (cnt’d) Telebiometrics Approved Recommendations (continued)X.1088, Telebiometrics digital key framework (TDK) – A framework for biometric digital key generation and protectionX.1089, Telebiometrics authentication infrastructure (TAI)X.1090, Authentication framework with one-time telebiometric templatesRecommendations under development:X.bhsm, Telebiometric authentication framework using biometric hardwareX.gep, A guideline for evaluating telebiometric template protectionX.tam, Guideline to technical and operational countermeasurers for telebiometric applications using mobile devicesX.th-series, e-Health and world-wide telemedicinesX.th2, Telebiometrics related to physicsX.th3, Telebiometrics related to chemistryX.th4, Telebiometrics related to biologyX.th5, Telebiometrics related to culturologyX.th6, Telebiometrics related to psychologyX.tif, Integrated framework for telebiometric data protectionClose working relationship with ISO/IEC JTC 1/SCs 17, 27 and 37, ISO TCs 12, 68 and 215, IEC TC 25, IETF, IEEERapporteur: Hale Kim
33 Working Party 3/17 Identity management and languages Chairman: Jianyong ChenQ10 Identity management architecture and mechanismsQ11 Directory services, Directory systems, and public-key/attribute certificatesQ12 ASN.1, Object Identifiers (OIDs) and associated registrationQ13 Formal languages and telecommunication softwareQ14 Testing languages, methodologies and frameworkQ15 Open Systems Interconnection (OSI)
34 Question 10/17 Identity Management (IdM) IdM is a security enabler by providing trust in the identity of both parties to an e- transactionIdM also provides network operators an opportunity to increase revenues by offering advanced identity-based servicesThe focus of ITU-T’s IdM work is on global trust and interoperability of diverse IdM capabilities in telecommunication.Work is focused on leveraging and bridging existing solutionsThis Question is dedicated to the vision setting and the coordination and organization of the entire range of IdM activities within ITU-TApproved RecommendationsX.1250, Baseline capabilities for enhanced global identity management trust and interoperabilityX.1251, A framework for user control of digital identityX.1252, Baseline identity management terms and definitionsX.1253, Security guidelines for identity management systemsX.1275, Guidelines on protection of personally identifiable information in the application of RFID technologyX.Sup.7, Overview of identity management in the context of cybersecurity
35 Question 10/17 (cnt’d) Identity Management (IdM) Key focusAdoption of interoperable federated identity frameworks that use a variety of authentication methods with well understood security and privacyEncourage the use of authentication methods resistant to known and projected threatsProvide a general trust model for making trust-based authentication decisions between two or more partiesEnsure security of online transactions with focus on end-to-end identification and authentication of the participants and components involved in conducting the transaction, including people, devices, and servicesEngagementJCA-IdM11 Recommendations under developmentCollaborative work with JTC 1/SC27 on X.eaa, Entity authentication assurance frameworkCollaborative work with CA/Browser Forum on X.EVcert, Extended validation certificate frameworkRelated standardization bodies: ISO/IEC JTC 1 SCs 6, 27 and 37; IETF; ATIS; ETSI/TISPAN; OASIS; Kantara Initiative; OMA; NIST; 3GPP; 3GPP2; Eclipse; OpenID Foundation; OIX etc.Rapporteur: Abbie Barbir
36 Question 11/17 Directory services, Directory systems, and Public-key/attribute certificates Three Directory Projects:ITU-T X.500 Series of Recommendations | ISO/IEC all parts – The DirectoryITU-T F.5xx - Directory Service - Support of tag-based identification servicesITU-T E Computerized directory assistanceX.500 series is a specification for a highly secure, versatile and distributed directoryThe X.500 series is under continuous enhancementPassword policySupport of RFIDInterworking with LDAPSupport for Identity ManagementX.500 work is collaborative with ISO/IEC JTC 1/SC 6/WG 8
37 Question 11/17 (cnt’d) Directory services, Directory systems, and Public-key/attribute certificates ITU-T X.509 on public-key/attribute certificates is the cornerstone for security:Base specification for public-key certificates and for attribute certificatesHas a versatile extension feature allowing additions of new fields to certificatesBasic architecture for revocationBase specification for Public-Key Infrastructure (PKI)Base specifications for Privilege Management Infrastructure (PMI)ITU-T X.509 is used in many different areas:Basis for eGovernment, eBusiness, etc. all over the worldUsed for IPsec, cloud computing, and many other areasIs the base specification for many other groups (PKIX in IETF, ESI in ETSI, CA Browser Forum, etc.)Rapporteur: Erik Andersen
38 Question 12/17 Abstract Syntax Notation One (ASN Question 12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers (OIDs) and associated registrationDeveloping and maintaining the heavily used Abstract Syntax Notation One (ASN.1) and Object Identifier (OID) specificationsGiving advice on the management of OID Registration Authorities, particularly within developing countries, through the ASN.1 and OID Project Leader Olivier DubuissonApproving new top arcs of the Object Identifier tree as necessaryPromoting use of OID resolution system by other groups such as SG 16Repository of OID allocations and a database of ASN.1 modulesRecommendations are in the X.680 (ASN.1), X.690 ( ASN.1 Encoding Rules), X.660/X.670 (OID Registration), and X.890 (Generic Applications, such as Fast Infoset, Fast Web services, etc) seriesASN.1 Packed Encoding Rules reduces the bandwidth required for communication thus conserving energy (e.g., compared with XML)Work is collaborative with ISO/IEC JTC 1/SC 6/WG 9Rapporteur: John Larmouth
39 Question 12/17 (cnt’d) Definition and encoding of structured data This is what ASN.1 has always been about, since about 1984, but the terminology is fairly recent.A Tutorial on this topic, giving history and comparisons of different approaches will be given at the Feb 2012 SG 17 meeting, and will be available as a TD shortly before the meeting.ASN.1 (Abstract Syntax Notation One) – is just another way of saying “description of structured data”, and its notation and its encoding rules have been the primary ITU-T recommended means for describing and encoding structured data since about 1984.It is not appropriate to describe this further here, but Q12/17 is actively promoting the term “description and encoding of structured data” as what ASN.1 is actually about and continues to recommend it for all use by ITU-T Recommendations in all Study Groups with such requirements. Q12/17 is always prepared to provide assistance to other Study Groups in this area.
40 Question 13/17 Formal languages and telecommunication software Languages and methods for requirements, specification implementation, and Open Distributed Processing (ODP)Recommendations for ODP (X.900 series in collaboration with JTC 1/SC 7/WG 19), Specification and Description Language (Z.100 series), Message Sequence Chart (Z.120 series), User Requirements Notation (Z.150 series), framework and profiles for Unified Modeling Language, as well as use of languages (Z.110, Z.111, Z.400, Z.450).Updates of Z.100 and Z.150 series are being progressedThese techniques enable high quality Recommendations to be written from which formal tests can be derived, and products to be cost effectively developed.Relationship with SDL Forum SocietyRapporteur: Rick Reed
41 Question 14/17 Testing languages, methodologies and framework Interoperability and conformance testing languages, methodologies and frameworkResponsible for Testing and Test Control Notation version 3 (TTCN-3) Recommendations: Z.161, Z.162, Z.163, Z.164, Z.165, Z.166, Z.167, Z.168, Z.169, Z.170Further updates on the Z series will be produced in 2012Also responsible for conformance testing methodology and framework for protocol Recommendations: X.290, X.291, X.292, X.293, X.294, X.295, X.296, X.Sup4 and X.Sup5Provides support for WTSA-08 Resolution 78 on conformance and interoperability testingClose liaisons with ETSI, SG 11, JCA-CITRapporteur: Dieter Hogrefe
42 Question 15/17 Open Systems Interconnection (OSI) Ongoing maintenance of the OSI X-series Recommendations and the OSI Implementer’s Guide:OSI ArchitectureMessage HandlingTransaction ProcessingCommitment, Concurrency and Recovery (CCR)Remote OperationsReliable TransferQuality of ServiceUpper layers – Application, Presentation, and SessionLower Layers – Transport, Network, Data Link, and Physical109 approved RecommendationsWork is carried out in collaboration with ISO/IEC JTC 1
43 Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on ICT securityWorld Telecommunications Standardization Assembly (WTSA-08) mandate for Study Group 17Study Group 17 overviewSecurity CoordinationFuture meetingsUseful references
44 Security Coordination Security activities in other ITU-T Study Groups ITU-T SG 2 Operation aspects & TMNQ3 International Emergency Preference Scheme , ETS/TDRQ5 Network and service operations and maintenance procedures , E.408Q11 TMN security, TMN PKIITU-T SG 9 Integrated broadband cable and TVQ3 Conditional access, copy protection, HDLC privacy,Q7, Q8 DOCSIS privacy/securityQ9 IPCablecom 2 (IMS w. security), MediaHomeNet security gateway, DRM,ITU-T SG 11 Signaling ProtocolsQ7 EAP-AKA for NGNITU-T SG 13 Future networkQ16 Security and identity management for NGNQ17 Deep packet inspectionITU-T SG 15 Optical Transport & AccessReliability, availability, Ethernet/MPLS protection switchingITU-T SG 16 MultimediaSecure VoIP and multimedia security (H.233, H.234, H.235, H.323, JPEG2000)
45 Coordination with other bodies Study Group 17ITU-D, ITU-R, xyz…
46 SG 17 collaborative work with ISO/IEC JTC 1 Existing relationships having collaborative (joint) projects:JTC 1SG 17 QuestionSubjectSC 6/WG 7Q6/17Ubiquitous networkingSC 6/WG 8Q11/17DirectorySC 6/WG 9Q12/17ASN.1, OIDs, and Registration AuthoritiesSC 7/WG 19Q13/17Open Distributed Processing (ODP)SC 27/WG 1Q3/17Information Security Management System (ISMS)SC 27/WG 3Q2/17Security architectureSC 27/WG 5Q10/17Identity Management (IdM)SC 37Q9/17TelebiometricsNote – In addition to collaborative work, extensive communications and liaison relationships exist with the following JTC 1 SCs: 6, 7, 17, 22, 27, 31, 37 and 38 on a wide range of topics. All SG 17 Questions are involved.
47 SG 17 collaborative work with ISO/IEC JTC 1 (cnt’d) Guide for ITU-T and ISO/IEC JTC 1 CooperationListing of common text and technically aligned Recommendations | International StandardsMapping between ISO/IEC International Standards and ITU-T RecommendationsRelationships of SG 17 Questions with JTC 1 SCs that categorizes the nature of relationships as:joint work (e.g., common texts or twin texts)technical collaboration by liaison mechanisminformational liaison
48 Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on ICT securityWorld Telecommunications Standardization Assembly (WTSA-08) mandate for Study Group 17Study Group 17 overviewSecurity CoordinationFuture meetingsUseful references
49 Study Group 17 MeetingsThis meeting:Monday, 20 February – Friday, 2 March 2012 (10 days), Geneva, SwitzerlandFinal meeting in study period:Monday, 3 September – Friday 7, September 2012 (5 days), Geneva, Switzerland. Note: may be extended to 8 daysNext study period starts following WTSA-12
50 Importance of ICT security standardization ITU Plenipotentiary Conference (PP-10) actions on ICT securityWorld Telecommunications Standardization Assembly (WTSA-08) mandate for Study Group 17Study Group 17 overviewSecurity CoordinationFuture meetingsUseful references
51 Reference links Webpage for ITU-T Study Group 17 Webpage on ICT security standard roadmapWebpage on ICT cybersecurity organizationsWebpage for JCA on Identity managementWebpage for JCA on Conformance and interoperability testingWebpage on lead study group on telecommunication securityWebpage on lead study group on identity managementWebpage on lead study group on languages and description techniquesWebpage for security workshop on Addressing security challenges on a global scale
Your consent to our cookies if you continue to use this website.