Академический Документы
Профессиональный Документы
Культура Документы
ITU-T
TITLE:
Telecommunication Security
AGENDA ITEM:
CONTACT:
Telecommunication Security
Herbert Bertine
Chairman, ITU-T Study Group 17
Standards
Cooperation
Awareness
SG 2*
Network Management
Security
(M.3000-series)
Security Techniques
(X.841,2,3)
Protocols
(X.273,4)
New
Telecommunication
Security
(X.805, X.1000-series)
Systems Management
(X.733,5,6, X.740,1)
Facsimile
(T-series)
New
Directory Services and
Authentication
(X.500-series)
Security
in Frame Relay
(X.272)
NGN Security
(Y.2700-series)
Message Handling
Systems (MHS)
(X.400-series)
Multimedia
Communications
(H-series)
Q.
7/17
Security
Management
* ISMS-T
* Incident
management
* Risk
assessment
methodology
Telecom
Systems
Telebiometrics
Q.8/17
Cyber Security
9/17
6/17
Countering spam by technical
means
* Technical anti-spam measures
Q.
4/17
Communications System Security Project
Q.
5/17
Security
Architecture
and
Framework
* Architecture,
* Model,
* Concepts,
* Frameworks
Q.
17/17
*Vision, Project, Roadmap,
Security for the management plane: Overview, Security requirements, Security services,
Security mechanism, Profile proforma
X.509
X.805
X.893
X.1035
X.1051
X.1081
The telebiometric multimodal model - A framework for the specification of security and
safety aspects of telebiometrics
X.1111
X.1121
X.1122
X.1141
X.1142
Y.2701
Acronym
Title or Subject
X.akm
X.1205
Overview of cybersecurity
X.idmf
X.gopw
X.1051
(Revised)
X.rmg
X.bip
X.tai
X.homesec-2,
3, 4
Certificate profile for the device in the home network, User authentication
mechanisms for home network service, Authorization framework for home
network
X.msec-3
General security value added service (policy) for mobile data communication
X.p2p-1
X.websec-3
17
X.csreq
17
X.fcsip
Y.IdMsec
Y.NGN AAA
Y.NGN
Authentication
NGN Authentication
Y.NGN Certificate
Management
Y.SecMechanisms
Y.SecReqR2
Security standardization
Collaboration is key
Specific Systems, Services, Applications
Security in ITU-T are developed by
SG 2, 3, 4, 5, 6, 9, 11, 13, 15, 16, 19
Core Technology and Common Security
Techniques in ITU-T are developed
by SG 17
JTC 1 SC 27, 37...
IETF
Security standardization
Collaboration is key
World Standards Cooperation (WSC) ISO, IEC, ITU
Global Standards Collaboration (GSC) Regional, National
SDOs and ITU-T, ITU-R
exchange information between participating standards organizations
to facilitate collaboration and to support the ITU as the preeminent
global telecommunication and radiocommunication standards
development organization
Resolution GSC-11/17 Cybersecurity
Security standardization
Collaboration is key
ISO/IEC/ITU-T Strategic Advisory Group on Security (SAG-S)
Terms of Reference
To oversee standardization activities in ISO, IEC and ITU-T
relevant to the field of security
To provide advice and guidance to the ISO Technical
Management Board, the IEC Standardization Management
Board and the ITU-T Telecommunication Standardization
Advisory Group (TSAG) relative to the coordination of work
relevant to security, and in particular to identify areas where new
standardization initiatives may be warranted
To monitor implementation of the SAG-S Recommendations
Achieved
Surveyed network operators by means of a questionnaire
Next step:
Develop text to be proposed to SG 17 for progressing as an ITU-T
publication
Aggressive schedule
ITU-T
ISO/IEC JTC 1
IETF
IEEE
ATIS
ETSI
OASIS
Other projects
Security in Telecommunications and Information
Technology (ITU-T Security manual)
Overview of existing ITU-T Recommendations for secure
telecommunications
Third edition of June 2006 to be available in the six official
languages of the ITU
http://www.itu.int/ITU-T/publications/index.html
Security compendium
Catalogue of approved ITU-T Recommendations related to
telecommunication security
Extract of ITU-T approved security definitions
Summary of ITU-T Study Groups with security-related
activities
http://www.itu.int/ITU-T/studygroups/com17/tel-security.html
Observations
Security is everybody's business
Collaboration with other SDOs is necessary
Security needs to be designed in upfront
Security must be an ongoing effort
Systematically addressing vulnerabilities
(intrinsic properties of networks/systems) is key
so that protection can be provided independent of
what the threats (which are constantly changing
and may be unknown) may be
http://www.itu.int/ITU-T
http://www.itu.int/ITU-T/studygroups/com17
tsbsg17@itu.int
Recommendations
ITU-T Lighthouse
http://www.itu.int/ITU-T/publications/recs.html
ITU-T Workshops
http://www.itu.int/ITU-T/worksem
http://www.itu.int/ITU-T/lighthouse
ITU-T SG 17 Question 4
Communications Systems Security Project
Overall Security Coordination
ICT Security Standards Roadmap
Security Compendium
Focus Group on Security Baseline For Network
Operators
ITU-T Security manual
ITU-T SG 17 Question 5
Security Architecture and Framework
Brief description of Q.5
Milestones
Draft Recommendations under development
Major tasks
Development of a comprehensive set of Recommendations for
providing standard security solutions for telecommunications in
collaboration with other Standards Development Organizations and
ITU-T Study Groups.
Maintenance and enhancements of Recommendations in the X.800
series:
X.800, X.802, X.803, X.805, X.810, X.811, X.812, X.813, X.814, X.815, X.816,
X.830, X.831, X.832, X.833, X.834, X.835, X.841, X.842 and X.843
Q.5/17 Milestones
ITU-T Recommendation X.805, Security Architecture for
Systems Providing End-to-end Communications
Approved in 2003
End-user plane
Control plane
Management plane
Destruction
Privacy
Availability
THREATS
Data integrity
Data confidentiality
Non-repudiation
Infrastructure security
Authentication
Services security
VULNERABILITIES
Access control
Security layers
Applications security
Communication security
Corruption
Removal
Disclosure
Interruption
ATTACKS
8 Security dimensions
X.805_F3
ITU-T SG 17 Question 6
Cyber Security
Motivation
Objectives
Scope
Current area of focus
Draft Recommendations under development
Q.6/17 Motivation
Network connectivity and ubiquitous access is central to todays IT
systems
Wide spread access and loose coupling of interconnected IT
systems is a primary source of widespread vulnerability
Threats such as: denial of service, theft of financial and personal
data, network failures and disruption of voice and data
telecommunications are on the rise
Network protocols in use today were developed in an environment
of trust
Most new investments and development is dedicated to building
new functionality and not on securing that functionality
An understanding of cybersecurity is needed in order to build a
foundation of knowledge that can aid in securing the networks of
tomorrow
Q.6/17 Objectives
Perform actions in accordance with Lead Study Group (LSG)
responsibility with the focus on Cybersecurity
Identify and develop standards required for addressing the challenges
in Cybersecurity, within the scope of Q.6/17
Provide assistance to other ITU-T Study Groups in applying relevant
cybersecurity Recommendations for specific security solutions. Review
project-oriented security solutions for consistency
Maintain and update existing Recommendations within the scope of
Q.6/17 (this includes E.409)
Coordinate security activities with other ITU-T SGs, ISO/IEC JTC 1
e.g., SC 6, SC 27 and SC 37), and consortia as appropriate
Provide awareness on new security technologies related to
Cybersecurity
Provide an Identity Management Framework that defines the problem
space, representative use case scenarios and requirements. This
includes leveraging other on-going Identity Management activities
Collaborate with Next Generation Networks activities in ITU-T in the
areas of Cybersecurity and Identity Management
Q.6/17 Scope
Definition of Cybersecurity
Security of Telecommunications Network Infrastructure
Security Knowledge and Awareness of Telecom Personnel and
Users
Security Requirements for Design of New Communications Protocol
and Systems
Communications relating to Cybersecurity
Security Processes Life-cycle Processes relating to Incident and
Vulnerability
Security of Identity in Telecommunication Network
Legal/Policy Considerations
2.
4.
6.
8.
ITU-T SG 17 Question 7
Security Management
Tasks
Plan on Recommendations
Revised Recommendation X.1051
Q.7/17 Tasks
Information Security Management Guidelines for
telecommunications
(Existing X.1051, Information security management system
Requirements for telecommunications (ISMS-T))
Maintain and revise Recommendation X.1051, Information Security
Management Guidelines for telecommunications based on
ISO/IEC27002.
Jointly develop a guideline of information security management with
ISO/IEC JTC 1/SC 27 (ISO/IEC 27031 =.Recommendation X.1051).
Incident Management
Study and develop a handling and response procedure on security
incidents for the telecommunications in line with Recommendation
X.1051.
Produce and consent a new ITU-T Recommendation for incident
management methodology and procedures.
Information Assets
for Telecom
ISMS Process
CONTROL
CONTROL
CONTROL
Implementation
guidance
Implementation
guidance
for Telecom
Implementation
requirements
for Telecom
Other
information
ISO/IEC 17799
(2005)
Other
information
Revised
X.1051
Existing
X.1051
(2004)
ITU-T SG 17 Question 8
Telebiometrics
Objectives
Study areas on biometric processes
Recommendations
Q.8/17 Objectives
X.1081
X.Physiol
Safety conformity
Biometric
Sensors
Acquisition
(capturing)
NW
NW
NW
Matching
Extraction
Score
N
W
NW:Network
Decision
NW
Yes/No
Application
2)
3)
5)
6)
8)
ITU-T SG 17 Question 9
Secure Communication Services
Focus
Position of each topic
Mobile security
Home network security
Web services security
Secure applications services
Q.9/17 Focus
Develop a set of standards of secure application
services, including
Mobile Network
Open Network
Home
Network
Home network
security
Mobile security
Approved 2004
ITU-T SG 17 Question 17
Countering Spam by Technical
Means
Objectives
Recommendations
Q.17/17 Objectives
The aim of this Question is to develop a set of
Recommendations on countering spam by
technical means for ITU-T, taking into account
the need for collaboration with ITU-T other Study
Groups and cooperation with other SDOs. The
Question focuses particularly on technical
requirement, frameworks and new technologies
for countering spam. Guidelines on countering
spam by technical means are also studied.
Framework Recommendations:
Technology Recommendations:
Technology Recommendations:
Other SDOs
SG 4: Security Management
Systems
To complement the M.3016 series on Security of the
Management Plane which is focused on interfaces, SG 4
has initiated new work on Security Management Systems
(SMS). It is viewed as a key addition to support NGN
Management.
Based on equivalent work in ATIS TMOC, M.sec-mgmt-sys
is expected to
Draw on security concepts from X.800 and X.805
Describe the logical SMS architecture to be realized in one or
more physical systems
Describe the managed network elements supported by SMS
Specify the SMS functional requirements
H.323/H.248-based systems
H.235 sub-series Recommendations provide a framework and a
set of requirements for multimedia systems
Evolution of H.235
Core Security
Framework
Engineering
1st Deployment
Consolidation
Reorganization
H.235V4
H.235.0
~
H.235.9
approved
H.235V2
H.235V1
approved
Initial
Draft
H.323V1
1996
Security
Profiles
Annex D
Annex E
started
H.323V2
1997
1998
Annex D
Annex F
H.530
consent
Annex E
approved
H.323V4
1999
2000
H.323V5
2001
2002
2003
H.323V6
2004
2005
2006
H.235 V4 sub-series
Recommendations
H.323 Security
Recommendations 1/4
H.323 Security
Recommendations 2/4
enhanced
extended
H.323 Security
Recommendations 3/4
enhanced
modified
H.323 Security
Recommendations 4/4
NEW
NEW
Draft H.proxy
SG 16: Summary
Multimedia systems and applications as
being studied by SG 16 face important
security challenges: