Add to collection(s) Add to saved
  1. Business
  2. Management

ITU standardization for Cybersecurity 12 November 2007 (focus on ITU -

advertisement 
CONNECTING THE WORLD
ITU standardization for Cybersecurity
(focus on ITU-T Study Group 17)
12 November 2007
Xiaoya Yang
International Telecommunication Union (ITU)
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
1
CONNECTING THE WORLD
International Telecommunication Union
Every time someone, somewhere:
ƒ picks up a telephone and dials a number,
ƒ answers a call on a mobile phone,
ƒ sends a fax or receives an e-mail,
ƒ takes a plane or a ship,
ƒ listens to the radio,
ƒ watches a favorite television programme,
ƒ helps a small child master the latest radio-controlled toy,
ƒ access the services of the network,
ƒ is alerted about emergencies
he benefits from the work of the ITU.
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
2
CONNECTING THE WORLD
ITU-T Security Building Blocks
Security Architecture
Framework
(X.800-series)
Network Management
Security
(M.3000-series)
Security Techniques
(X.841,2,3)
Protocols
(X.273,4)
New
Telecommunication
Security
(X.805, X.1000-series)
Systems Management
(X.733,5,6, X.740,1)
Facsimile
(T-series)
New
Directory Services and
Authentication
(X.500-series)
Security
in Frame Relay
(X.272)
NGN Security
(Y.2700-series)
Message Handling
Systems (MHS)
(X.400-series)
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
Televisions and Cable
Systems
(J-series)
Multimedia
Communications
(H-series)
3
CONNECTING THE WORLD
ITU-T Recommendation X.509 (PKI and
PMI)
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
4
CONNECTING THE WORLD
ITU-T Recommendation X.805 (Security
Architecture)
Maintenance
Implementation
Services security
VULNERABILITIES
Definition &Planning
Security
program
Policies &
procedures
Infrastructure security
Access control
Authentication
Non-repudiation
Data confidentiality
Communication security
Data integrity
Availability
Privacy
Securitylayers
Applications security
THREATS
Destruction
Corruption
Removal
Disclosure
Interruption
ATTACKS
Technology
End-user plane
Control plane
8 Security dimensions
Management plane
X.805_F4
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
5
CONNECTING THE WORLD
Study Group 17: Lead Study Group on Telecommunication Security
Specific Systems, Services, Applications
Security in ITU-T are developed by
SG 2, 3, 4, 5, 6, 9, 11, 13, 15, 16, 19
Core Technology and Common Security
Techniques in ITU-T are developed
by SG 17
ISO/IEC SC 27, 37
IETF
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
ANSI, ETSI, OASIS, etc.
6
CONNECTING THE WORLD
Study Group 17 products
ƒ 100+ Recommendations approved on security for
communications; 50+ work items of draft new or
revised Recommendations underway
ƒ Security Manual: Security in Telecommunications and
Information Technology – an overview of existing ITUT Recommendations for secure telecommunications
ƒ Security Compendium
¾ catalogue of approved ITU-T security Recommendations
¾ extract of ITU-T approved security definitions
¾ listing of ITU-T security related Questions
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
7
CONNECTING THE WORLD
Telecom
Systems Users
Q.7/17
Telecom
Systems
Telebiometrics
Q.8/17
* Multimodal model framework
* System mechanism
* Protection procedure
Security
Management
* ISMS-T
Secure Communication Services
* Incident
management
* Risk
assessment
methodology
Cyber Security
Q.4/17
* Secure mobile communications
* Home network security
Q.9/17
* Web services security
* Vulnerability information sharing…
* Incident handling operations
Q.6/17
* Identity management
Countering spam by technical
means
* Technical anti-spam measures
Q.5/17
Security
Architecture
and
Framework
* Architecture,
* Model,
* Concepts,
* Frameworks
Q.17/17
Communications System Security Project *Vision, Project, Roadmap, …
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
8
CONNECTING THE WORLD
Recently approved security Recommendations (Free online!)
M.3016.0, 1,
2, 3, 4
Security for the management plane: Overview, Security requirements, Security services, Security mechanism,
Profile proforma
X.509
Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate
frameworks
X.805
Security Architecture for Systems Providing End-to-End Communications
X.893
Information technology – Generic applications of ASN.1: Fast Infoset security
X.1035
Password-authenticated key exchange (PAK) protocol
X.1051
Information security management system - Requirements for telecommunications (ISMS-T)
X.1081
The telebiometric multimodal model - A framework for the specification of security and safety aspects of
telebiometrics
X.1111
Framework for security technologies for home network
X.1121
Framework of security technologies for mobile end-to-end communications
X.1122
Guideline for implementing secure mobile systems based on PKI
X.1141
Security Assertion Markup Language (SAML 2.0)
X.1142
eXtensible Access Control Markup Language (XACML 2.0)
X.1303
Common Alerting Protocol (CAP 1.1)
Y.2701
Security requirements for NGN release 1
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
9
CONNECTING THE WORLD
Work in progress: Extract from the current SG 17 security work
Q.
Acronym
Title or Subject
5
X.akm
Framework for EAP-based authentication and key management
6
X.1205
Overview of cybersecurity
6
X.idmf
Identity management framework
6
X.gopw
Guideline on preventing worm spreading in a data communication network
7
X.1051 (Revised)
Information security management guidelines for telecommunications based on ISO/IEC 27002
7
X.rmg
Risk management guidelines for telecommunications
8
X.bip
BioAPI interworking protocol
8
X.tai
Telebiometrics authentication infrastructure
9
X.homesec-2, 3, 4
Certificate profile for the device in the home network, User authentication mechanisms for
home network service, Authorization framework for home network
9
X.msec-3
General security value added service (policy) for mobile data communication
9
X.p2p-1
Requirements of security for peer-to-peer and peer-to-multi peer communications
9
X.websec-3
Security architecture for message security in mobile web services
17
X.csreq
Requirement on countering spam
17
X.fcsip
Framework of countering IP multimedia spam
Many more in SG 17 work plan … 53 x items (Summaries available online)
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
10
CONNECTING THE WORLD
Work in progress:
NGN, Multimedia, IPTV, digital satellite Security
Y.IdMsec
NGN identity management security
Y.NGN AAA
AAA application for implementation of network and service security
requirements over NGN
Y.NGN
Authentication
NGN Authentication
Y.NGN Certificate
Management
NGN certificate management
Y.SecMechanisms
NGN Security mechanisms and procedures
Y.SecReqR2
Security requirements for NGN release 2
H.235
Security and encryption for H-series multimedia systems
J.170
IPCablecom Security Specification
S.1250
Network management architecture for digital satellite systems
S.1711
Performance enhancements of transmission control protocol over satellite
networks
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
11
CONNECTING THE WORLD
Identity management standards: emerging importance
ƒ
ƒ
ƒ
THE PROBLEM:
Identity theft… security breaches… malware attacks…insider threats…
synthetic identities… phishing…data leakage… Whatever label is attached
to the problem, identity management and information protection are
huge issues with which all of society must grapple. And no one is exempt- from government, law enforcement, business, health care, academe,
non profit to citizens. The problem is ubiquitous.
ADDRESSED TO:
Fraud investigators…information officers…security officers…fraud
managers…law enforcement…corporate security…internal
auditors…information managers…management consultants…standards
organizations
FOR:
Managing data, storage, register, authorize, individuate,…
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
12
CONNECTING THE WORLD
Expansive ecosystem on IdM standardization
Discovery Centric
Broad IdM Centric
ITU-T
FG IdM
CNRI XDI.ORG
handles
OASIS
XRI
Yaddis
ISO
SC27WG5
IETF
IRIS
ITU
ITU E.115v2
X.500
ITU-IETF
LDAP
ITU-T
SG17
3GPP
GBA
ITU-T
SG2
OSGi
Object-Identifier Centric
CNRI
ITU-T OID/OHN
DOI JCA-NID
EPC
UID
ONS
W3C/IETR
URI
ITU-T
SG13
ITU-T
SG4
OASIS
SPML
NetMesh
LID
MAGNET
Identy
Passel
MetaSystem
Source
ID
Pub
cookie
TCG
App Service Provider Centric
NIST
FIPS201
WS
Federation
SXIP
Liberty
WSF
ANSI
IDSP
VIP/PIP
Eclipse
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
Modinis
User Centric
ETSI
ETSI
Parlay
TISPAN IdM STF
PAM
ETSI
ETSI
LI-RDH
UCI
ANSI
OASIS HSSP
SAML
Daidalos
FIDIS
ITU-T
SG11
ZKP
ANSI
Z39.50
OMA
RD-IMF
ITU-T
SG16
Authentication Centric
IETF
OSCP
Project Centric
3GPP
IMS
Network Operator Centric
Attribute Centric
ITU/IETF
E.164ENUM
Mobile Operator Centric
Liberty
I*
IBM
Higgins
OpenID
Msoft
Cardspace
CoSign
OASIS OpenGroupShibboleth
IMF
xACML
Oracle
IGF
13
CONNECTING THE WORLD
Collaboration is key factor for standardization
ƒ Identity Management:
¾ Focus Group on Identity Management (Dec 06- Sept 07)
¾ Work continues in SG 17; New phase of cooperation will start Jan 08
ƒ World Standards Cooperation (WSC) ISO, IEC, ITU
¾ ISO IEC ITU-T Strategic Advisory Group on Security
ƒ Global Standards Collaboration (GSC) Regional, National
SDOs and ITU-T, ITU-R
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
14
CONNECTING THE WORLD
ICT security standards roadmap: a collaboration tool
ƒ Part 1 contains information about organizations working on
ICT security standards
ƒ Part 2 is a searchable database of existing security
standards, currently includes ITU-T, ISO/IEC JTC 1, IETF, IEEE,
ATIS, ETSI and OASIS security standards
ƒ Part 3 will be a list of standards in development
ƒ Part 4 will identify future needs and proposed new standards
ƒ Part 5 is now being built and includes Security Best Practices
ENISA and Network and Information Security Steering Group
(NISSG) are now collaborating with ITU-T in the development
of the Roadmap
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
15
CONNECTING THE WORLD
Conclusions
‰ Security is everybody’s business, and an ongoing effort
‰ Standards are key building blocks for cybersecurity
‰ Security needs to be designed in upfront
‰ ITU is uniquely positioned to lead the security
standardization work:
¾ Industry-government partnership
¾ Taking into account the needs of developing countries
¾ Collaboration with other SDOs
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
16
CONNECTING THE WORLD
Some useful web resources
ƒ
ITU-T Home page
www.itu.int/ITU-T
ƒ
Study Group 17
www.itu.int/ITU-T/studygroups/com17
e-mail:
tsbsg17@itu.int
ƒ
Recommendations
www.itu.int/ITU-T/publications/recs.html
ƒ
ITU-T Lighthouse
www.itu.int/ITU-T/lighthouse
ƒ
ITU-T Workshops
www.itu.int/ITU-T/worksem
ƒ
Security Roadmap
www.itu.int/ITU-T/studygroups/com17/index
ƒ
Contribution to IGF
http://www.intgovforum.org/Substantive_2nd_IGF/ITU_TSB_4_Security%20initiatives.pdf
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
17
CONNECTING THE WORLD
Thank you
杨晓雅 (Xiaoya Yang)
Telecommunication Standardization Bureau
International Telecommunication Union
xiaoya.yang@itu.int
Can We Win the War Against Cyber-Threats?, IGF, 12 Nov 2007
18
Related documents
Document No ___ 21-22 May 2008 Original:________ TELECOMMUNICATION
Document No ___ 21-22 May 2008 Original:________ TELECOMMUNICATION
SE– x October 2012 English only Original: English
SE– x October 2012 English only Original: English
FG-FN TD/C-XXX F G O
FG-FN TD/C-XXX F G O
Download
advertisement