[フレーム] [フレーム]

Connecting the world and beyond

Executive Summary

Rollup Image
Page Content 20

​​Executive Summary

Meeting of ITU-T SG17 'Security', Geneva, 29 August – 6 September 2017

Hot topics:

  • Distributed Ledger Technology (DLT) security
  • IoT security
  • Intelligent Transport System (ITS) security
  • TTCN-3
  • Event Data Recorder
  • Software-defined networking security
  • Big Data security
  • Identity management
  • Security architecture
  • Information Security Management
  • Mobile terminal security
  • Smart-grid security
  • Application security
  • Clouding computing security
  • Advertising spam/fraud

ITU workshop on security aspects of Intelligent Transport System (ITS)  

The event was announced by TSB Circular 34 and was attended by 95 participants from 15 countries. Its outcomes identified next step advices for ITS security related study in Q13/17.

New Question 14/17 DLT security

SG17 agreed to establish a new Question 14/17 on Security Aspects of Distributed Ledger Technologies.

New work items:

26 new work items were agreed to be added to the SG17 work programme. Details are in Annex B.

1 work item was discontinued. Details are in Annex C.

Next SG17 meeting:

SG17 future meetings will be 8 working days.

  • Tuesday 20 – Thursday 29 March 2018, Geneva, Switzerland.
    • Workshop on 5G security on Monday 19 March 2018, Geneva, Switzerland.
  • Wednesday 29 August – Friday 7 September 2018, Geneva, Switzerland.
    • Workshop (subject to be decided) on Tuesday 28 August 2018, Geneva, Switzerland.
  • 14 texts are planned for approval, determination, consent or agreement in March 2018.
  • Interim RGM meetings: 8 Questions plan to hold 8 RGMs. See: http://www.itu.int/net/ITU-T/lists/rgm.aspx?Group=17

Meeting Output:

The SG17 plenary meeting:

  • Approved (TAP) 4 new/revised ITU-T Recommendations. Details are in Annex A a).
  • Agreed 3 new Supplements. Details are in Annex A c).
  • Determined (TAP) 3 draft new ITU-T Recommendations. Details are in Annex A d).
  • Consented (AAP) 22 new/revised texts for Last Call. Details are in Annex A e).

Bridging the Standardization Gap (BSG):

  • Orientation programme for newcomers: welcome and guided tour, SG17 orientation session with SG17 overview presentation given by SG17 Chairman; Special session on addressing contributions from developing countries.
  • BSG hands-on training session for 4 participants from 3 developing countries.

Tutorial presentations:

Seven tutorial presentations received positive feedback on their rich information, including presentations on Financial Inclusion Global Initiative (FIGI), Symantec strategy for information security and perspective for security standardization, Privacy management in a system life cycle, Quantum Safe Cryptography, overview on 5G security standardization, and SG17 overview.

Participation:

  • 134 participants (185 announced): 30 Member States, 18 Sector Members, 2 Associates, and 2 Academia. 9 invited experts.
  • 6 partial fellowships granted: (Afghanistan), Benin, Central Africa, Dem. Rep. of Congo DRC, Guinea, Myanmar, Uganda
  • New Member States participation from: Myanmar, Singapore (,Tajikistan (pre-registered))
  • SG17 vice chairmen absent: Vasiliy DOLMATOV, Russian Federation; Patrick-Kennedy KETTIN ZANGA, Central Africa; Gökhan EVREN, Turkey; and Hugo Darío MIGUEL, Argentina.

Other highlights:

  • SG17 plenary organized 6 special sessions to address topics of broad interest.
  • JCA-IdM held its 23rd meeting on 4 Sept 2017. ITU-T SG17 received updates from OpenID Foundation, ISO/IEC JTC 1/SC 27/WG 5, OASIS Trust Elevation TC, FIDO Alliance, NH-ISAC and ISO/TC 307 (esp. TC 307/SG 4).
  • The ICT Security Standards Roadmap and the Security Compendia were updated.  A seventh edition of the Security Manual is desired to complete in 2018 with the support of the TSB.

Correspondence Groups:

  • CG-cybex to continue with updated ToR in TD801
  • 2 new CGs created:
  • CG-ITSsec was created with ToR in TD732 on collaboration with UNECE WP29/TFCS.
  • SG17 decided to create a correspondence group on transformation of security study, with ToR of this CG in TD782.
  • CG-IoTSec (Correspondence Group on Security and Privacy for IoT for ongoing coordination and collaboration, joint with SG20) was terminated.

Meeting input and organization:

Contributions: 106 - 36% increase (past meetings: 78, 81, 66, 74, 80)

Contribution# from: Americas (6), AFR (11), APT (75 = China 37, Korea 31, (China & Korea 2), Japan 7, Iran 1, Malaysia 1), ARAB (0), CIS (1), EUR (13), LAM (0)

TDs: 426 – SG17 record (previous meeting: 368, 391, 418, 371, 386), including 49 incoming liaison statements and 40 outgoing liaison statements; 80 sourced from TSB.

204 sessions were organized, many parallel meetings per quarter each day. 11 sessions were equipped with AdobeConnect to allow participation from remote.

Annex A
Actions taken on Recommendations, and other texts at the 6 Sept 2017 SG17 plenary

 

a) TAP Recommendations approved (WTSA-16 Resolution 1):

The SG17 plenary meeting approved (TAP) three draft new and one draft revised ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

Q Acronym Title​ New / Revised Editor(s) Location of text Equivalent
e.g., ISO/IEC Start of work
4/17

X.1213 (X.sbb)

Security Capability Requirements for Countering Smartphone-based Botnets New Junjie Xia,
Bo Yu,
Jae Hoon Nah R5 ​ 2014-01
4/17 X.1541rev Incident Object Description Exchange Format version 2 Revised Youki Kadobayashi,
Takeshi Takahashi TD706 ​ 2017-03
5/17

X.1248 (X.cspim)

Technical Requirements for Countering Instant Messaging Spam (SPIM) New Huamin Jin,
Shuai Wang,
Junjie Xia,
Zhaoji Lin R6 ​ 2014-01
6/17 X.1127 (X.msec-9) Functional security requirements and architecture for mobile phone anti-theft measures New Junjie Xia,
Heung Youl Youm TD771 ​ 2014-09

Approval of the above Recommendations will be announced by TSB Circular in October 2017.

b) TAP Recommendations not approved (WTSA-16 Resolution 1): None.

c) Amendment approved, Supplements agreed, Implementer's guide approved, Technical Report agreed:

The SG17 plenary meeting agreed three new Supplements.

Q Acronym Title New / Revised Editor(s) Location of Text Equivalent
e.g., ISO/IEC Start of work
5/17 X.Suppl 29 (X.sup-gcspi) Supplement to ITU-T X.1242 –Guidelines on countermeasures against short message service (SMS) phishing and smishing attacks New Changjin Lee,
Lijun Liu,
Jae Hoon Nah,
Deawoo Park,
Heung-Youl Youm TD721Rev.1 ​ 2014-09
2/17 X.Suppl 30 (X.sup-sgmvno) Supplement to ITU-T X.805: Security Guideline for Mobile Virtual Network Operator (MVNO) New Laifu Wang, Dongxin Liu, Hongwei Luo TD667 ​ 2014-09
11/17 X.Suppl 31 (X.sup-oid-iot) Supplement to ITU-T X.660 –Guidelines for using object identifiers for the Internet of things New Zhaoji Lin,
Wenjing Ma
Dongya Wu TD774Rev.1   2014-01

 

d) Recommendations determined (TAP – WTSA-16 Resolution 1):

The SG17 plenary meeting determined (TAP) three new draft ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

Q Acronym Title New / Revised Editor(s) Location of text Equivalent
e.g., ISO/IEC Start of work
4/17
X.1214 (X.samtn) Security assessment techniques in telecommunication/ICT networks New Byung-moon Chin,
Vibha Tomar SG17-R12 ​ 2015-04
6/17 X.1331 (X. sgsec-2) Security guidelines for Home Area Network (HAN) devices in Smart Grid systems New Soyoung Jung,
Gunhee Lee,
Haeryong Park SG17-R14 ​ 2016-08
8/17 X.1603 (X.dsms) Data security requirements for the monitoring service of cloud computing New Zhiyuan Hu,
Min Shu, Ye Tao,
Ni Zhang SG17-R16 ​ 2015-09

Information on the Member States consultation is available in TSB Circular 53 of 11 October 2017.

e) AAP Recommendations consented for consented Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to six draft new ITU-T Recommendations, twelve draft revised ITU-T Recommendations and four draft Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:

Q(1) Acronym Title New / Revised Editor(s) Location of text Equivalent
e.g., ISO/IEC Start of work

2/17

(3/17)

X.1040 (X.salcm) Security reference architecture for lifecycle management of e-commerce business data New Kepeng Li,
Zhaoji Lin,
Junjie Xia,
Feng Zhang TD672Rev. 2 ​ 2016-03
3/17 X.1053
(X.sgsm) Code of practice for information security controls based on ITU-T X.1051 for small and medium-sized telecommunication organizations New Wataru Senga,
ChangOh Kim TD757 ​ 2009-10
7/17 X.1146 (X.websec-8) Security protection guidelines for value-added services provided by telecommunication operators New Lijin Liu,
Zhaoji Lin
Jae Hoon Nah TD718   2015-09
11/17 X.680 Cor.2 Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation;
Technical Corrigendum 2 ​ Jean-Paul Lemaire TD587Rev.1 ISO/IEC 8824-1:2015 Cor.2 2016-09
11/17 X.682 Cor.1 Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification;
Technical Corrigendum 1 ​ Jean-Paul Lemaire TD679Rev.1 ISO/IEC 8824-3 Cor. 1 2016-09
11/17 X.693 Cor.1 Information technology – ASN.1 encoding rules: XML Encoding Rules (XER)
Technical Corrigendum 1   Jean-Paul Lemaire TD588 ISO/IEC 8825-4 Cor.1 2017-09
11/17 X.696 Cor.2 Information technology - ASN.1 encoding rules: Specification of Octet Encoding Rules (OER)
Technical Corrigendum 2   Jean-Paul Lemaire TD589 ISO/IEC 8825-7 Cor.2 2017-09
11/17 X.697 Information Technology – ASN.1 encoding rules: Specification of Javascript Object Notation (JSON) Encoding Rules (JSON/ER) New Paul Thorpe TD769 ISO/IEC 8825-8 2016-03
12/17 Z.161 Testing and Test Control Notation version 3: TTCN-3 core language Revised Dieter Hogrefe TD634 ETSI ES 201 873-1 2016-09
12/17 Z.161.1 Testing and Test Control Notation version 3: TTCN-3 language extensions: Support of interfaces with continuous signals Revised Dieter Hogrefe TD642 ETSI ES 202 786 2015-09
12/17 Z.161.2 Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment support
Revised Dieter Hogrefe TD630 ETSI ES 202 781 2015-09
12/17 Z.161.3 Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced parameterization Revised Dieter Hogrefe TD631 ETSI ES 202 784 2015-09
12/17 Z.161.4 Testing and Test Control Notation version 3: TTCN-3 language extensions: Behaviour types Revised Dieter Hogrefe TD632 ETSI ES 202 785 2015-09
12/17 Z.161.6 Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced Matching New Dieter Hogrefe TD633Rev.1 ETSI ES 203 022 2017-09
12/17 Z.164 Testing and Test Control Notation version 3: TTCN-3 operational semantics Revised Dieter Hogrefe TD635 ETSI ES 201 873-4 2016-09
12/17 Z.165 Testing and Test Control Notation version 3: TTCN-3 runtime interface (TRI) Revised Dieter Hogrefe TD636 ETSI ES 201 873-5 2015-09
12/17 Z.166 Testing and Test Control Notation version 3: TTCN-3 control interface (TCI) Revised Dieter Hogrefe TD637 ETSI ES 201 873-6 2016-09
12/17 Z.167 Testing and Test Control Notation version 3: Using ASN.1 with TTCN-3 Revised Dieter Hogrefe TD638 ETSI ES 201 873-7 2015-09
12/17 Z.168 Testing and Test Control Notation version 3: The IDL to TTCN-3 mapping Revised Dieter Hogrefe TD639 ETSI ES 201 873-8 2015-09
12/17 Z.169 Testing and Test Control Notation version 3: Using XML schema with TTCN-3 Revised Dieter Hogrefe TD640 ETSI ES 201 873-9 2016-09
12/17 Z.170 Testing and Test Control Notation version 3: TTCN-3 documentation comment specification Revised Dieter Hogrefe TD641 ETSI ES 201 873-10 2015-09
12/17 Z.171 Testing and Test Control Notation version 3: Using JSON with TTCN-3 New Dieter Hogrefe TD643Rev.1 ETSI ES 201 873-11 2017-09

Note:

(1)   In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

(2)   A.5 justification information for 14 draft revised Recommendations ITU-T Z.160-Z.171 are found in 14 TDs TD644-TD657 respectively.

These Recommendations have entered into AAP Last call in September-October 2017 (see AAP-20 and AAP-22) and been approved in October-November 2017 (see AAP-23 and AAP-24).

f) Work items planned for action in next March 2018 SG17 meeting:

 

Q(1) Acronym Title New / Revised Editor(s) Location of text Equivalent
e.g., ISO/IEC Start of work Timing
2/17 (6/17) X.VoLTEsec-1 Security framework for voice-over-long-term-evolution (VoLTE) network operation New HaiTao Du,
Zhaoji Lin,
Jing Shao,
Liang Wei,
Feng Zhang TD743   2016-03 2018-03
3/17 X.sup-gpim** Supplement to ITU-T X.1058
Code of practice for personally identifiable information protection based on ITU-T X.1058 for telecommunications organizations New Heung Youl Youm,
Lijun Liu,
Jaenam Ko.
Seung Woo Yu TD707   2014-09 2018-03
4/17 X.1500 Amd.12  X.1500 (2011) Amendment 12, Overview of cybersecurity information exchange (CYBEX) New Youki Kadobayashi     2017-03 2018-03
5/17 X.tfcma* Technical Framework for Countering Mobile in-application Advertising Spam New Hongwei Luo,
Laifu Wang,
Xin Wang TD699Rev.1   2015-09 2018-03
6/17 X.iotsec-2* Security framework for Internet of Things New Xia Junjie,
Heung-Youl Youm TD720   2015-04 2018-03
​9/17 ​
X.1080.0 Amd. 1* ​X.1080.0 Amendment 1, Access control for telebiometrics data protection ​New ​Erik Andersen ​TD710 Rev.1 ​ ​2017-09 ​2018-03
9/17

X.1080.1rev

X.1080.1, e-Health and world-wide telemedicines – Generic telecommunication protocol Revised

Erik Andersen

 

TD711   2016-09 2018-03
10/17 X.te

Authentication Step-Up Protocol and Metadata

Version 1.0 OASIS Standard published

New Abbie Barbir Sylvan Tran TD785 OASIS 2016-03 2018-03
11/17 X.680 Amd.1 Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation
Amendment 1 New Paul E. Thorpe TD678Rev.1 ISO/IEC 8824-1:2015 Amd.1 2016-09 2018-03
12/17 Z.100 Annex F1 Specification and Description Language - Overview of SDL-2010 - SDL formal definition: General overview Revised Edel Sherratt TD624   2017-03 2018-03
12/17 Z.100 Annex F2 Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Static semantics Revised Edel Sherratt TD625   2017-03 2018-03
12/17 Z.100 Annex F3 Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Dynamic semantics Revised Edel Sherratt TD626   2017-03 2018-03
12/17 Z.109rev Specification and Description Language - Unified modeling language profile for SDL-2010 Revised Alexander Kraas -   2017-03 2018-03
12/17 Z.151rev User Requirements Notation (URN) - Language definition Revised Gunter Mussbacher C104   2015-09 2018-03
12/17 Z.Imp100 Z.Imp100 Specification and Description Language implementer's guide - Version 3.0.2 Revised Rick Reed TD628   2017-09 2018-03

Note:

(1)   In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question. 

Annex B
New work items

The following 26 new work items were agreed to be added to the SG17 work programme:

Q(1) Acronym Title New/ Revised AAP/TAP/ Agreement Editor(s) Location of text Equivalent
e.g., ISO/IEC Timing(2)
2/17 X.ssc Security Service Chain Architecture New AAP Zhiyuan Hu,
Min Zuo,
Ye Tao,
Min Shu TD668   2019-12
2/17 X.srnv Security Requirements of Network Virtualization New TAP Ye Tao,
Di Liu,
Min Zuo,
Min Shu TD674   2019-09
3/17 X.1052-rev Organization information security management guideline Rev AAP Lijun Liu,
Ming Lyu,
Jinghua Min TD688 Rev.2   2018-09
3/17 X.1054-rev Governance of information security Rev TAP Thaib Mustafa,
Anfona Traore,
Jinghua Min TD737   2020
3/17 X.cins Information technology - Security techniques – Guidelines for Cyber Insurance New AAP Miho Naganuma TD738 Rev.1   2020
3/17 X.sup-myuc** Code of practice for information security control base on ITU-T X.1051 for Malaysian telecommunications organizations information and network security management New Agreement Thaib Mustafa,
Rafeah Omar, TD726 Rev.1   2018-09
5/17 X.gcims Guidelines for countering instant messaging spam New TAP

Shuai Wang,
Laifu Wang, Yanbin Zhang,
ChangOh Kim,

Huamin Jin,

TD778   2020-09
6/17 X.secup-iot Secure Software Update Procedure for IoT Devices New TAP Takeshi Takahashi,
Koji Nakao TD736 Rev.1   2019-03
6/17 X.nb-iot Security Requirements and Framework for Narrow Band Internet of Things New TAP Junjie Xia,
Feng Gao,
Heung Youl Youm,
Bo Yu TD770   2019-09
6/17 X.ibc-iot Security Requirements and Framework of Using Identity-Based Cryptography Mechanism in Internet of Things New TAP Jiang Yu,
Yixiang Zhu, Haiguang Wang,
Zhaohui Cheng, Zhaoji Lin TD775 Rev.2   2019-09
7/17 X.sfop Security framework of open platform for FinTech services New AAP Jae Hoon Nah,
Feng Gao,
Xin Wang,
HyungJin Lim TD692Rev.1   2019-12
 7/17 ​X.tfss ​Technical Framework for Security Services Provided by Operators ​New ​AAP ​Junjie Xia,
Feng Gao,
Jae Hoon Nah,
Arnaud Taddei,
Yu Jiang,
Yexia Cheng ​C158 ​ ​2019-12
8/17 X.sgtBD Security guidelines of lifecycle management for telecom Big Data New AAP Min Zuo,
Feng Gao TD764   2019-10
11/17
(10/17) X.509 Amd.1 First Amendment to Rec. ITU-T X.509(2016) | ISO/IEC 9594-8 (2017) New AAP Erik Andersen TD758 ISO/IEC 9594-8 2018-09
11/17
(10/17) X.520 Amd.1 First Amendment to Rec. ITU-T X.520(2016) | ISO/IEC 9594-6 (2017) New AAP Erik Andersen TD759 ISO/IEC 9594-6 2018-09
11/17 (10/17) X.509prot Information technology - Open Systems Interconnection - The Directory: Protocol specifications for public-key infrastructure and privilege management infrastructure New AAP

Erik Andersen

TD760 ISO/IEC 9594-x 2018-09
13/17 X.itssec-3 Security requirements for vehicle accessible external devices New AAP Seungwook Park,
Aram Cho,
Sang-Woo Lee TD747 Rev.1   2019-09
13/17 X.itssec-4 Methodologies for intrusion detection system on in-vehicle system New AAP Huy Kang Kim,
ChangOh Kim,
Sang-Woo Lee,
Seungwook Park TD748 Rev.1   2020-03
13/17 X.itssec-5 Security guidelines for vehicular edge computing New TAP Sang-Woo Lee TD749 Rev.1   2020-03
14/17 X.sar-dlt Security architecture for Distributed Ledger Technology New AAP Kepeng Li,
Petr Kalambet,
Kirill Ivkushkin,
Bilyk Tatiana,
Min Shu TD686rev.1   2019-09
14/17 X.dlt-sec Privacy and security considerations for using DLT data in Identity Management New TAP Abbie Barbir TD698Rev.2   2019-09
14/17 X.ss-dlt Security services based on distributed ledger technology New AAP Min Zuo,
Ke Wang,
Junjie Xia,
Zhaoji Lin,
Kai Wei,
Ramy Ahmed Fathy TD697Rev.3   2019-10
14/17 X.str-dlt Security threats and requirements of digital payment services based on distributed ledger technology New AAP Kyeong Hee Oh,
ChangOh Kim TD693Rev.1   2020-03
14/17 X.sa-dlt Security assurance for distributed ledger technology New AAP Mee Yeon Kim,
Heung Youl Youm TD709Rev.2   2020-09
14/17 X.stov Security threats to online voting using distributed ledger technology New AAP Keundug Park,
ChangOh Kim,
Heung Youl Youm TD729Rev.2   2020-03
14/17 X.sct-dlt Security Capabilities of and Threats to Distributed Ledger Technology New AAP Min Zuo,
Ke Wang,
Junjie Xia,
Zhaoji Lin,
 Kai Wei,
Heung Youl Youm,
Ramy Ahmed Fathy TD 696 Rev.3   2019-10

Note:

(1)   In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

 

Annex C
Work items discontinued

Q Acronym Title Action
11/17 X.pki-prof Information Technology - Public-Key Infrastructure: Profile Discontinue and delete from the work programme

 

Page Content 9
Page Content 10
Page Content 18
Page Content 19
Page Content 6
Page Content 7
Page Content 11
Page Content 12
Page Content 2
Page Content 3
Page Content 4
Page Content 5
Page Content 13
Page Content 14
Page Content 15
Page Content 16

Content Editor

AltStyle によって変換されたページ (->オリジナル) /