International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Monday, September 16, 2013

ITU members have agreed new international standards (ITU-T Recommendations) outlining security considerations essential to cloud computing and, crucial to the long-term preservation and utility of IP-based resources, a ‘framework for the discovery of identity management information’ to enable interoperability across heterogenous information systems.

Recommendation ITU-T X.1600 “Security framework for cloud computing”, having reached first-stage approval (‘determined’) and now undergoing a final review, describes security threats in the cloud computing environment and, through a framework methodology, matches threats with the security capabilities advised to be specified in mitigating them. ITU-T X.1600 will act as a ‘handbook’ guiding the future standardization of identified threat-mitigation techniques; in addition providing an implementation reference for systems-level cloud security.

Recommendation ITU-T X.1255 “Framework for the discovery of identity management information”, approved and soon to be freely available on ITU’s website, details an open architecture framework in which identity management (IdM) information – identifying ‘digital objects’ and enabling information sharing among entities including subscribers, users, networks, network elements, software applications, services and devices – can be discovered, accessed and represented by heterogenous IdM systems representing IdM information in different ways, supported by a variety of trust frameworks and employing different metadata schemas.

ITU-T X.1255 lays out a framework that enables discovery of identity-related information and its provenance; identity-related information attributes, including but not limited to visual logos and human-readable site names; and attributes and functionality of applications. The framework, in addition, describes a data model and protocol to enable meta-level interoperability in the management of this information across heterogeneous IdM environments.

The Recommendation is a first step towards the Digital Object Architecture (DOA) advocated by the Corporation for National Research Initiatives (CNRI), which is intended to achieve the “universal information access” possible with uniquely identifiable digital objects structured so as to ensure their machine and platform independence.

For a succinct description of the history, motivation and promise of the DOA, see Peter J. Denning & Robert E. Kahn, “The Long Quest for Universal Information Access”, Communications of the ACM, Vol. 53 No. 12, Pages 34-36.

The new Recommendations were agreed at a meeting of ITU-T Study Group 17 (Security) in Geneva, 26 August to 04 September, which also saw the establishment of three new work items, on:

  • high-speed Abstract Syntax Notation (ASN.1) Octet Encoding Rules (OER) needed by the financial services sector to gain milliseconds on the trading floor;
  • updating the Cryptographic Message Syntax (CMS) to eliminate all obsolete ASN.1 features in the interests of making the CMS usable with all ASN.1 standardized encoding rules; and,
  • new challenges for Public-Key Infrastructure (PKI) standardization presented by mobile networks, machine-to-machine (M2M) communication, cloud computing and smart grid.

More information on the work of ITU-T Study Group 17 can be found here.

Bookmark and Share  

Monday, September 16, 2013 2:00:40 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, July 12, 2013

ITU workshops in Durban, South Africa have underlined Africa’s commitment to countering spam and ensuring the eco-friendly management of e-waste, the subjects of new provisions of the revised International Telecommunication Regulations (ITRs).

The events were hosted by South Africa’s Department of Communications at the International Convention Centre in Durban. Two full-day ITU workshops – free of charge and open to all – discussed “Countering and Combating Spam”, 8 July 2013, and “Environmentally Sound Management of e-Waste”, 9 July 2013.

The workshops considered questions of particular relevance to African countries. Spam is said to account for 60-80 per cent of emails in Africa and the continent has become the world’s most prominent importer of used electronic goods.

The spam workshop opened with presentations on the nature and dimensions of the spam challenge, followed by interactive tracks on the roles of policy and standards in combating spam and the associated contributions of government and industry. Targeted sessions presented the outcomes of WTSA-12 and WCIT-12 as they related to spam, with another giving an overview of the standards developed by ITU-T Study Group 17 (Security) under its study of “Countering spam by technical means”.

The workshop’s outcomes, detailed here, propose that the African Telecommunications Union (ATU) partners with the African Union to develop a model law for spam (including SMS spam) and to craft a model programme for cooperation between governments and industry in combatting spam, with components such as mechanisms for inter-agency cooperation to detect and eliminate ‘botnets’. ATU was also invited to collaborate with the African Union, ITU and the Internet Society (ISOC) in creating a programme helping African ISPs to implement effective anti-spam tools and to educate end-users on the safe identification and handling of suspicious messages.

The e-waste workshop highlighted the complexity of the e-waste challenge, hearing the views of government, industry and consumer representatives in analyzing lessons learnt from Africa’s fast-growing volume of experience in managing e-waste. Presentations covered existing policy frameworks and standards relevant to eco-friendly e-waste management, spurring discussions on future e-waste actions in Africa with an emphasis on the establishment of requisite legal and regulatory environments.

The workshop’s outcomes, detailed here, set the tone for African countries to develop and implement e-waste policies, regulations and best practices, pursuant to Article 11 of the ITRs. ATU was encouraged to partner with the African Union, Regional Economic Committees, ITU and other relevant organizations to assist African countries in developing national e-waste regulation. It was in addition asked to work with the African Union to develop a model programme for cooperation between government and industry in managing e-waste through the implementation of international standards (ITU-T Recommendations). Outcomes also called for collaboration between ATU and ITU-T Study Group 5 (Environment and climate change) in exploring the possibility of an ITU project to assist in the establishment of processing and refining/recycling facilities in the region, and SG5 was invited to carry out a survey on the existing e-waste legislation of ITU Member States.

More information on ITU-T, the Environment and Climate Change is available here.

Bookmark and Share  

Friday, July 12, 2013 9:05:43 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, June 14, 2013

An upcoming Joint ATU-ITU Seminar on the outcomes of the World Telecommunication Standardization Assembly (WTSA-12) and the World Conference on International Telecommunications ( WCIT-12) will offer Africa’s ICT executives and policy makers an insight into the meaning and significance of these conference’s outcomes with a view to ensuring their effective implementation. The event will be preceded by two workshops geared towards key directives issued by WTSA-12 and WCIT-12, that of countering spam and ensuring the eco-friendly management of e-waste. The two full-day workshops are free of charge and open to all interested parties, including non-members of ITU.

The three events will be hosted by South Africa’s Department of Communications at the International Convention Centre in Durban, South Africa:

The 2012 meeting of ITU-T’s main decision-making body, WTSA, adopted the first-ever Resolutions on e-health, software-defined networking and e-waste. ITU-T also saw its mandate re-emphasized and strengthened in crucial areas such as accessibility, climate change, and conformity and interoperability, along with encouragement for the greater participation of academia.

WCIT-12’s revision of the International Telecommunication Regulations (ITRs) was especially relevant to ITU-T, with the new treaty requiring Member States to encourage the application of relevant ITU-T Recommendations in areas including Quality of Service (QoS), numbering, international calling line identification, international roaming, emergency communications, countering spam, energy-efficiency, e-waste and accessibility. WCIT-12 also called on ITU-T to study the regulatory, technical and economic issues which need to be addressed in the transition from dedicated phone and data networks to converged IP-based networks.

The workshop on “Countering and Combating Spam” responds to Article 7 of the new ITRs on “unsolicited bulk electronic communications” which encourages Member States to cooperate in taking necessary measures to prevent the propagation of spam and minimize its impact on international telecommunication services.

The workshop on the “Environmentally Sound Management of e-Waste” responds to Article 8 of the new ITRs which encourages Member States to adopt energy-efficiency and e-waste best practices, taking into account relevant ITU-T Recommendations. WTSA-12 offered another boost to ITU’s mandate in this arena by agreeing a new Resolution on e-waste; giving further impetus to ITU’s standardization work on the subject and requesting ITU’s standardization and development sectors, ITU-T and ITU-D, to assist Member States in instituting policy frameworks that limit e-waste’s negative environmental effects. It also instructs ITU-T Study Group 5 to develop Recommendations, methodologies and other publications relating to handling and controlling e-waste as well as methods of treating it.

Bookmark and Share  

Friday, June 14, 2013 9:16:34 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, May 14, 2012


ITU has established a new Joint Coordination Activity on Child Online Protection (JCA-COP) to coordinate the COP work across ITU’s sectors and Study Groups as well as cooperate with outside stakeholders engaged in COP. ITU-T Study Group 17 is the parent group to JCA-COP, and will leverage its well-developed network of ICT security stakeholders to harmonize these different elements to ensure a unified approach to the creation of global COP standards.
 
JCA-COP is chaired by Ashley Heineman of the National Telecommunications and Information Administration (NTIA), USA.
 
In keeping with its Terms of Reference, JCA-COP will coordinate the COP work already underway within ITU-T (particularly that of SGs 2, 9, 13, 15, 16 and 17), and will liaise with ITU-R, ITU-D and ITU’s Council Working Group on COP.
 
JCA-COP seeks to study and understand the composition of the COP ecosystem as it relates to the most relevant stakeholders, and technical, legal or regulatory questions. It will act as the first point of contact for any organization interested in ITU-T’s work on COP, and will also actively pursue means of collaborating with external bodies working in the field.
 
JCA-COP’s internal coordination mandate is thus accompanied by an external research and outreach capacity; to be carried out in a globally-inclusive manner. Cooperation and collaboration with external bodies is always crucial to ITU-T’s standardization work, and it will ensure that ITU’s forthcoming COP standards are agreed, and consequently implemented, on an international basis.
 
More information:

   •   SG 17’s homepage
   •   The brand-new JCA-COP homepage
   •   ITU's Child Online Protection (COP) initiative, the ITU Secretariat framework for COP activities across ITU-T, ITU-R and ITU-D.

Bookmark and Share

Monday, May 14, 2012 8:09:31 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, March 16, 2012

Following the signing of a Memorandum of Understanding between ITU and the four standardisation bodies of China, Japan and Korea (CJK) last year, see press release here Malcolm Johnson, Director of the ITU’s Telecommunication Standardization Bureau, led a delegation from the ITU Secretariat to the eleventh CJK Meeting (CJK-11) 14-16 March at the Seagaia Convention Centre in Miyazaki Prefecture, Japan. The Indian standards body GISFI also attended the meeting as an observer as it has requested to join the MoU.

The meeting addressed global ICT standardization questions of common interest to the region’s key standards bodies: ARIB, CCSA, TTA and TTC.

In his opening speech Johnson noted that CJK governments together account for 15 per cent of the total financial contributions received by ITU from Member States, and private entities from these nations account for 20 per cent of the contributions ITU-T receives from the private sector. Moreover, CJK makes a significant number contribution to ITU meetings: 38 percent more contributions in 2011 than in 2009.

Full speech can be seen here.

CJK meetings seek to maintain and improve the commitment to mutual understanding and cooperation, and recognise the imperative of coordinated international standards for the sound progression of each of the countries’ ICT industries.  The meeting identified the following topics as candidates for collaboration under the MoU: M2M and Dynamic Spectrum Access; Future IMT; smart grid; cloud computing and security; and the work on environment and climate change.

The Deputy Director of ITU’s Radiocommunication Bureau, Fabio Leite, also participated in the meeting stressing the importance of collaboration with ITU’s Radiocommunication Sector (ITU-R), in particular on M2M access networks where there is a clear need for interoperability between radio-based systems.

Bookmark and Share

Friday, March 16, 2012 9:00:07 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, October 27, 2011
ITU has approved a new protocol to relay biometric information, connecting medical practitioners with the real-time medical data of patients in remote locations. Study Group 17’s Recommendation ITU-T X.1080.1 is the first in a suite of e-health and telemedicine recommendations and supports interactions between a patient’s local medical facility and a remote medical centre.

e-Health technologies have great potential to bridge the service provision inequalities between developed and developing nations, as well as between urban and rural communities. ITU-T X.1080.1 takes into account work in other standards bodies and recognizes and identifies data formats and interactions using Abstract Notation One (ASN.1) object identifiers (OIDs and OID-IRIs). It also provides security features in the form of Cryptographic Message Syntax (CMS), which enables both integrity and encryption.

ITU-T X.1080.1 is designed to provide wide-area communication supporting all health-related activities, where the communication can be usefully undertaken as structured messages. From this base, the X.1080 series will develop into a set of recommendations addressing physical, chemical, biological, culturological and psychological diagnoses, interventions and prescriptions. It aims to remove the need for a co-location of medical practitioners and patients, and will support both multi-party (for audit and training purposes) and one-to-one interaction.

The remaining five parts of the X.1080 series, dealing with the identification of physiological quantities and units, are being constructed in close collaboration with ISO/TC 12, and IEC/TC 25. 
 

Bookmark and Share

Thursday, October 27, 2011 1:52:11 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, May 03, 2011
ITU has adopted a suite of global technical standards that provide a common framework for  exchanging information on cybersecurity. The suite is known as CYBEX and provides for enhancing protection for all kinds of ICT systems, equipment, and software.

CYBEX focuses on the structured exchange of cybersecurity information and provides coherent common specifications allowing different operators, systems, and security communities to communicate vital cybersecurity information to each other, enhance protection, and identify and understand attacks . CYBEX is an important element in ITU’s array of standards improving confidence and security in the use of ICTs.

The first three standards of this suite of standards (known as ITU-T X.1500 Recommendations) consist of: (1) an overview of the model for trusted exchange of cybersecurity information; (2) the exchange of vulnerability information; and (3) "weighing" of vulnerabilities.  

ITU’s security study group (ITU-T Study Group 17) has started new work entitled continuous security monitoring using CYBEX techniques. The work will focus on the use of CYBEX standards by enterprises and network operators to enhance their individual and collective cybersecurity and reduce their risks. Experts say the complexity of existing network infrastructures, equipment, software, and services renders enterprises constantly vulnerable and subject to compromise. The work may also be applicable to cloud computing, virtualization and Smart Grid electrical power management environments.

Bookmark 

and Share

Tuesday, May 03, 2011 3:28:22 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, April 15, 2011
ITU’s Focus Group on Cloud Computing met last week with increased industry support for standards to support worldwide interoperability. Cloud security was also a key topic on the agenda of the group and especially relevant given that subscribing to a cloud model involves complete outsourcing of services and data. The meeting  identified these two topics, intercloud relationships and security, as important study items for ITU-T to take forward.
 
The Focus Group met at the same time as Google vice president, Vint Cerf addressed US National Institute of Standards and Technology's third cloud computing workshop in Gaithersburg, US telling them that cloud interoperability and security remain serious concerns (see here).
 
Industry experts forming the Focus Group have completed a survey of standards organizations focusing  on cloud and begun the process of identifying gaps that can be filled and where that work can be done. The meeting also saw the appointment of a new Vice-chairman: Olivier Colas, Microsoft.
 
Technical Specifications from the Focus Group are expected by end 2011. The group has identified 15 active organisations in Cloud Computing and established official liaisons with other SDOs including ISO, DMTF, CSA, NIST. The Focus Group has identified several work items to be developed within ITU-T including;  the cloud ecosystem; security; cloud architecture; cloud networking; inter-cloud relationships; eco-friendly cloud; accessibility;  cloud terminal and cloud management.

Bookmark 

and Share

Friday, April 15, 2011 12:28:42 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, March 04, 2011

Standardization experts are being asked to examine security-related guidelines/standards on child online protection issues.

The recent Telecommunication Standardization Advisory Group (TSAG) meeting invited experts in ITU’s security standardization group (Study Group 17) to examine issues including:

  1. The development of interoperable standards and related recommendations to protect children online. The aim would be to develop a widely shared approach which could be promoted across the whole industry.
  2. Evaluating what options and possibilities exist for real global coordinated and consistent action to protect children online. Attention should be given to the elaboration of those capabilities (e.g. watch and warning and incident management) that would facilitate the gathering of threats and information sharing among different players.
  3. Identifying the commonalities that span the different industry sectors  (broadcasters, Internet, mobile) with the purpose of developing Codes of Conduct, or code of practices to help ITU Member States collaborate more effectively with the private sector/industry.
  4. Establish cooperative arrangements between government and the private sector/industry for sharing information and developing specific capabilities aimed at mitigating the risks and extending the potential of ICT usage by children.

ITU’s Child Online Protection (COP) initiative was launched in November 2008 as a multi-stakeholder effort to bring together partners from all sectors of the global community to ensure a safe online experience for children everywhere.

SG17 is expected to play a major role in technical aspects on COP, given that security, cybersecurity and identity management are already now being recognized as key fields of potential interest. Several SG17 work items (in ITU parlance Questions) are relevant, and experts from membership are encouraged to contribute.

 

Bookmark 
and Share

Friday, March 04, 2011 11:57:26 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, January 10, 2011
A meeting of ITU-T’s Security Study Group (Study Group 17) at the end of 2010 saw several new standards (ITU-T Recommendations) approved and progress in several important areas. Immediately prior to the main Study Group meeting a workshop, Addressing security challenges on a global scale, open to members and non-members alike attracted 115 participants from 29 countries. Also open to external experts an Identity Summit succeeded as a new tool to add value to technical discussions in SG17.

Some of the new ITU-T Recommendations facilitate the interconnection of security and management systems and to exchange cyber security information, such as of security events and of security attack incidents. The standards specify how this information can be shared across organizations for enhanced security preparedness and broader and better risk mitigation against vulnerabilities, to allow vulnerability databases and other capabilities to be linked together, and to facilitate the comparison of security tools and service.

In detail, Recommendation ITU-T X.1209 identifies real-life scenarios where cybersecurity information can be exchanged across organizations. The standard specifies the principal technical and organizational capabilities necessary for systems in terms of cyber security information exchange. Related new work includes draft Recommendation  ITU-T X.1500 which surveys the various candidate techniques for cyber information exchange, and draft Recommendation ITU-T X.1520 which identifies the high-level requirements for enumerating common vulnerabilities.

Also during December meeting two new Recommendations were approved (X.1243 and X.1245) that counter spam and other unsolicited communications though an interactive gateway system. In addition the use and application of the extended validation certificates as put forward in new draft Recommendation ITU-T X.1261 will provide enhanced and superior security to users on the Internet with a trustworthy confirmation of the identity of the entity that controls the website or other services that the users are accessing.

Two new draft Recommendations have been matured (X.1311 and X.1312) that address the security aspects of “ubiquitous sensors in networks” – an emerging area of smart internetworked sensors and devices that are expected to increasingly permeate daily life. The new Recommendations identify the specific and typical security threats and specify appropriate security requirements. Draft Recommendation ITU-T X.1312 follows one promising approach where various security functions and security mechanisms are aggregated within a common middleware component of those sensors. Radio frequency identification (RFID) enabled devices are an early incarnation of such ubiquitous sensors where new Recommendation ITU-T X.1275 gives guidelines to vendors and service providers of RFID enabled devices how to protect the privacy of the users his/her specific personally identifiable information (PII).

Study Group 17 also saw new and ongoing security and identity management standardization work in the area of cloud computing and virtual service platforms where challenging security problems remain to be solved and standardized. Another new interesting area of standardization work seeks to define an information security management reference model for small and medium telecommunication organizations.

A series of tutorials were given at the SG17 meeting and presentations can be downloaded here. Topics included:  An update on ICANN activities relating to Security, Stability and Resiliency; Open Identity Trust Frameworks: A Market Solution to Online Identity Trust; Creating a Multilingual Communication Standard for Cross-Border ODR; X.500/LDAP as resolution system and as support provider for RFID; Cybersecurity Information Exchange techniques and their importance for emerging networks.

Bookmark 
and Share

Monday, January 10, 2011 5:22:41 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, April 22, 2010
April’s meeting of ITU-T’s cybersecurity group (SG 17) saw a presentation on progress on the six months of work on the Cybersecurity Information Exchange Framework (CYBEX).

CYBEX imports more than twenty best of breed standards for platforms developed over the past several years by government agencies and industry to enhance cybersecurity.  These platforms capture and exchange information about the security "state" of systems and devices, about vulnerabilities, about incidents such as cyber attacks, and related knowledge "heuristics." The Framework pulls these platforms together in a coherent way to provide for 1) “locking down” on-line systems to minimize vulnerabilities, 2) capturing incident information for analysis when network harmful incidents occur, and 3) facilitating evidence for enforcement action if necessary.

The presentation noted a close collaborative relationship with the Forum of Incident Response and Security Teams (FIRST) - a global organization for coordination and cooperation among Computer Emergency Response Teams.  

A wiki-based initial compilation of discovered CIRTs and related agencies and bodies to the SG17 website at:  
http://www.itu.int/ITU-T/studygroups/com17/nfvo/index.html

See previous newslog entry for more information on CYBEX.

Bookmark and Share

Thursday, April 22, 2010 3:16:43 PM (W. Europe Standard Time, UTC+01:00)  #     | 
ITU-T’s Study Group 17 will hold a workshop Addressing security challenges on a global scale in Geneva, 6 (afternoon)-7 December 2010.  The event will focus on how ITU and other standards developing organizations (SDOs) address the main challenges of information and communication security.

A call for abstracts with a deadline for 15 June 2010 has been issued with suggested topics including:
•    Emerging applications of PKI
•    Collaboration for ICT security standardization
•    Developing countries challenges
•    Cloud computing: Threat or opportunity
•    The cloud in the telecom space
•    Identity in the cloud
•    Smart grid security
•    Assurance, making cybersecurity measurable
•    Identity management (IdM)
•    CIRTs, sharing of information
•    Security awareness
•    IPv6 Security
•    Telebiometrics standardization
•    Meeting regulatory obligations
The workshop is also expected to provide a good opportunity to overview new areas of security studies including Smart Grid and Cloud Computing.

SG 17 aims to hold a similar workshop on annual basis from now on.

Bookmark and Share

Thursday, April 22, 2010 3:13:19 PM (W. Europe Standard Time, UTC+01:00)  #     | 
The recent meeting of ITU-T’s, Study Group 17, saw record attendance with a much increased number of delegates from developing countries. The group’s work programme contains more than sixty work items on topics as diverse as identity management (IdM), IPTV security, object identifiers (OID), formal languages and cybersecurity.

Among the work areas that achieved significant progress at the April meeting were directory services, IdM, and IPTV security.

The heavily deployed directory assistance protocol Recommendation ITU-T E.115 was revised at this meeting. E.115 is used for directory assistance information exchange among service providers. E.115 also gives a description of the principles and procedures to be followed in interconnecting different national computerized directory assistance services.

A key standard (ITU-T Recommendation) on IdM was approved. The Baseline IdM Terms and Definitions is considered one of the basic texts for IdM and provides a solid basis for ensuring interoperability between various emerging IdM solutions.

Other work in the IdM field continues apace with new work items proposed on an open identity trust framework; discovery of identity management information; baseline capabilities and mechanisms of identity management for mobile applications and environment and an identity management roadmap.

Also in the field, EVCert, an important tool in the fight against spam is considered likely for first stage approval (consent/determination) at the next meeting of SG 17. EVCert is a product of the CA Browser Forum and is a digital certificate based specification combined with an array of processes and protocols for significantly enhanced organization/provider trust and related transport layer encryption. Approval as an ITU standard (ITU-T Recommendation) will push EVCert forward as the principal global specification for organization/provider trust. EVcert enables special features in web browsers or other compliant programs.

In IPTV security, work progressed in several areas including a key management framework for secure IPTV services; an algorithm selection scheme for service and content protection (SCP) descrambling and a service and content protection (SCP) interoperability scheme.
 
New work is considered in several new areas:
•    Work will start to develop a new standard outlining the basic rules necessary to build national revenue assurance protection systems. The proposal to start the work notes that last year fraud in telecommunication networks decreased revenue of telecommunication companies by 12-15 per cent.
   
•    A new work item on reducing spam in mobile networks focusing on SMS/MMS was proposed and agreed.
   
•    In the area of cloud computing work will progress in two new areas. Firstly the collection of security requirements and a proposed framework outlining the cloud based telecom environment. In addition security guidelines for cloud computing will be developed to help service providers deploy cloud computing.

Bookmark and Share

Thursday, April 22, 2010 3:06:11 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, December 07, 2009

A new ITU-T Technology Watch Report titled Biometrics and Standards surveys biometric recognition as a key form of authentication made possible by powerful information and communication technologies (ICT).

Biometrics are used in forensics (e.g., for criminal investigations), government applications (more than 60 countries issue electronic passports containing biometric information) and commercial applications. The latter category includes deployments in the banking sector (secure access to ATMs, credit cards, e-Business), with other sectors gaining momentum. For instance, social-networking websites including Facebook and Picasa have integrated face recognition algorithms to make it easier to search and display all photos featuring one’s friends. Biometric systems embedded in cars of a vehicle fleet can help to identify the driver, adjust seat, rear mirrors, and steering wheel to meet individual preferences.

Technologies commonly used in biometrics include recognition of fingerprints, faces, vein patterns, irises, voices and keystroke patterns.

The Report discusses the advantages of biometric authenticators over their knowledge- and possession-based counterparts, describes different physiology- and behavior-related biometric traits and how they are used in biometric systems. A choice of biometric recognition applications is highlighted, and an overview of standardization work in the field of biometrics is given.

"Biometrics and Standards" can be downloaded here.

The authors welcome your feedback on this Report and all other publications of the Technology Watch series. We invite all interested parties to submit paper proposals for future Technology Watch Reports. The Technology Watch secretariat can be contacted at tsbtechwatch@itu.int.

Monday, December 07, 2009 3:44:13 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, October 08, 2009
A September meeting of the ITU’s security standards group saw progress in key areas including identity management and a cybersecurity information exchange. The meeting - of ITU-T’s Study Group 17 saw record attendance signalling the importance attached to ITU’s cybersecurity work in the global ICT community.

A key achievement was the establishment of a Cybersecurity Information Exchange which enables a global communications infrastructure for cybersecurity. The framework imports best-of-breed standards from government agencies and industry. Experts say that it promotes better interoperobility including convergence on a common set of open standards.

Malcolm Johnson, Director of the Telecommunication Standardization Bureau (TSB), ITU: “It is essential that cybersecurity and telecoms infrastructure protection communities worldwide are able to exchange information on network digital forensics and vulnerabilities. The Framework will, for the first time, provide for this exchange globally.”

Without progressing on this Exchange, experts say there is a risk that no coherent common specifications will emerge, with different countries unable to communicate cybersecurity information to each other.

The Cybersecurity Information Exchange focuses on platforms that capture and exchange information about the security state of systems and devices, vulnerabilities, incidents such as cyber attacks, and related knowledge heuristics. It pulls these platforms together to facilitate their global interoperability and use. It does so in a framework that allows for continual evolution to accommodate the significant activities and specification evolution occurring in numerous cybersecurity forums.

Global organization of incident/emergency computer response teams – FIRST contributed its vulnerability enumeration standard to the framework. An agreement was reached to hold joint workshops and ITU and FIRST will work together to implement the first comprehensive web-based directory of cybersecurity organizations and centers worldwide.

The recent meeting of ITU-T’s Study Group 17 also saw approval of a core global identity management (IdM) standard – Recommendation ITU-T X.1250. The agreement signals the start of work on implementation protocols for essential capabilities like trust mechanisms and identity assurance interoperability.

Arkadiy Kremer, Chairman of Study Group 17, said: “Global acceptance of identity management solutions is paramount. The agreement that we have reached here signals an important milestone from where the world’s service providers and users can profit from international standards for IdM capabilities. Industry has put significant weight behind this activity and an IdM framework for global interoperability is emerging.”

The term IdM is understood as "management by providers of trusted attributes of an entity such as a subscriber, a device, or a provider." IdM promises to reduce the need for multiple user names and passwords for each online service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce.

ITU-T X.1250 gives the ability to enhance exchange and trust in the identities used by telecommunication/ICT networks and services. The definitions and need for identity management trust are highly context dependent and often subject to very different policies and practices in different countries. The trust capabilities include the protection and control of personally identifiable information.

Also agreed was X.1251, a framework for users of digital identity. The standard defines a framework to enhance user control and exchange of their digital identity related information. Two other important Recommendations were progressed to the first stage of approval: X.1252 and X.1275. X.1252 provides a collection of terms and definitions used in identity management (IdM) and it sets the stage for common definition for the whole industry. While, X.1275  provides guidelines and best practices regarding radio frequency identification (RFID) procedures that can be used by service providers to gain the benefits of RFID while attempting to protect personally identifiable information.

Also at the SG 17 meeting new correspondence groups designed to kickstart work in the areas of security for cloud computing, e-health and grid computing were started.


Bookmark and Share
Thursday, October 08, 2009 10:15:24 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, September 24, 2008

Cybersecurity experts in ITU-T’s Study Group 17 are exploring available methodologies to mitigate denial of service (DoS) attacks and short message service (SMS) spam by determining the origin of electronic communications when this becomes necessary. The work will also better enable settlements for carrying traffic over IP networks, and provide consumer protection from cyber crimes such as stalking and child pornography.

Specifically the group is working on a new Recommendation ITU-T Trace back use case and capabilities (temporarily designated X.tb-ucc). The work is in its early stages and collecting use cases and methodologies from which technical needs will be determined.

Currently there are many ways to find out the origin of network traffic, but it is possible to “spoof” source addresses. The new work will examine the diverse R&D accomplished over the past several years in many research institutions and consider the needs for operators and users for a trusted means of determining the source of traffic.

For example, telecoms operators are keen to find trusted trace back mechanisms where phantom traffic could be costing them millions of dollars a year. SMS and VOIP (voice over IP) traffic often comes from Internet gateways, and operators may claim a right to charge the originators for delivering it. Consumers are also seeking trusted CallerID capabilities globally that constitute one form of trusted traceback.

Many companies and institutions have provided input material.

Experts anticipate that the resulting Recommendation should describe a broad array of use-cases, as well as generally support the very substantial body of existing legal, regulatory, and industry business requirements for traceback worldwide, including the protection of personal information. The implementation in individual countries is as always subject to requirements specific to national jurisdiction.

Wednesday, September 24, 2008 4:18:14 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, April 21, 2008

Six new standards enabling a more secure ICT environment have been approved by ITU. Experts say that the standards represent an important achievement reflecting the needs of business in establishing risk management strategies and the protection of consumers.

Three ITU-T Recommendations cover a definition of cybersecurity, a standardized way for vendors to supply security updates and guidelines on spyware. While the other three focus on countering the modern day plague of spam by providing a toolbox of technical measures to help consumers and service providers.

Malcolm Johnson, Director, ITU Telecommunication Standardization Bureau: “In the real – non-virtual – world risk management is well understood and so the infrastructure has been developed to protect against theft, fraud and other kinds of attack. The virtual world should be no different. And standards can provide the backbone for this risk-management infrastructure.”

Standards give businesses the systematic approach to information security that they need to keep network assets safe. The adoption of multiple – proprietary – approaches is, experts agree, an inherently more vulnerable approach.

Recommendations on spam are a direct response to a call from the World Telecommunication Standardization Assembly (WTSA), the quadrennial event that defines study areas for ITU-T. Members asked that ITU-T define technical measures to tackle this plague of the digital world following growing global concern at additional costs and loss of revenue to Internet service providers, telecoms operators and business users.

Herb Bertine, Chairman of ITU-T’s Study Group 17 that looks at cybersecurity: “ITU-T is in a unique position given its international scope and the fact that it brings together the private sector and governments to coordinate work on standards and influence the harmonization of security practices worldwide.”

The Recommendations in brief

ITU-T Rec. X.1205 establishes a definition of cybersecurity noting that this understanding is needed in order to build a foundation of knowledge that can aid securing the networks of tomorrow. Network protocols, it says, were developed in an environment of trust but today cybersecurity threats are growing. ITU-T Rec. X.1205 provides a classification of security threats from an organization’s point of view. It gives a layered approach to security enabling organizations to create multiple levels of defence against threats.

ITU-T Rec. X.1206 is designed to make it easier for systems administrators to manage patches/updates from multiple software vendors. The work was driven by concerns that the number of different methodologies used to deliver software updates was becoming a headache for companies. The Rec. gives a vendor-neutral framework for automatic notification of security related information and dissemination of updates.

ITU-T Rec. X.1207 gives guidelines enabling users to identify spyware and for vendors to avoid their products being mistakenly identified as such. The Recommendation promotes best practices around principles of clear notices, and user’s consents and controls. Authors of the Recommendation say that it develops and promotes best practices to users on PC security, including use of anti-spyware, anti-virus, personal firewall, and security updates of software on client systems.

ITU-T Rec. X.1231 sets out the requirements for combating spam and will serve as the startpoint for all further anti-spam standardization work. It gives an overview of methodologies to counter spam and describes the general characteristics of spam whether for e-mail, SMS, VoIP or other emerging forms of spam. It also outlines key ways to counter spam, and a hierarchical model to establish an efficient and effective anti-spam strategy.

ITU-T Rec. X.1240 is aimed at end users and focusing just on e-mail spam, brings together various mature spam combating technologies in order that users can select the most appropriate.

ITU-T Rec. X.1241 promotes greater cooperation between service providers in tackling spam. In particular the document provides a framework enabling a communication methodology for alerts on identified spam.

Monday, April 21, 2008 2:13:54 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, October 16, 2007

Following completion of four deliverables by The Focus Group on Identity Management, ITU-T's Study Group 17 has recommended to the Telecommunication Standardization Advisory Group (TSAG) that a Global Standards Initiative on Identity Management (IdM-GSI) is established. If the December meeting of TSAG initiates the IdM-GSI and the related Joint Coordination Activity (JCA), a meeting has already been planned for January 2008 to enter into a new phase of work on IdM based on these groups and existing ITU-T studies.

The four IdM deliverables have been transferred to relevant Study Groups via Study Group 17 and also to ISO/IEC JTC 1/SC 27 for further consideration and possible development as ITU-T Recommendations and a potential common text with ISO/IEC on entity authentication assurance. Indeed work on three new ITU-T Recommendations and the ITU-T/ISO common text standard has already begun.

The term IdM is understood as "management by providers of trusted attributes of an entity such as a subscriber, a device, or a provider." IdM promises to reduce the need for multiple user names and passwords for each online service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce. A key issue for the Focus Group was to provide interoperability between existing solutions.

Herb Bertine, Chairman of Study Group 17, lead Study Group on security in ITU-T said: “We are very pleased with the productivity and efficiency of the Focus Group. We now have the building blocks to enter the important next phase where the world’s service providers can profit from international standards for IdM services. Clearly identity management is an important topic and one that industry has put significant weight behind in order to turn out standards that will provide an IdM framework for global interoperability.”

The deliverables were supplied to a meeting of ITU-T’s Study Group 17. Essentially IdM-GSI will be an umbrella title for IdM work that will be distributed across all Study Groups. A joint coordination activity (JCA) will ensure that there is no duplication of work, oversee strategic/planning issues and work assignments and develop a roadmap for the development of a global ID management standards. IdM-GSI will enhance harmonization, in collaboration with other bodies, among the different approaches to IdM frameworks and capabilities worldwide.

The publicly available deliverables are:

  • Report on Identity Management Ecosystem and Lexicon
  • Report on Identity Management Use Cases and Gap Analysis 
  • Report on Requirements for Global Interoperable Identity Management 
  • Report on Identity Management Framework for Global Interoperability

The first meeting of IdM-GSI including the JCA-IdM is planned to be held during the January 2008 NGN-GSI event in Seoul, Korea.

100x20-digg-button.gif

Tuesday, October 16, 2007 3:55:33 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, June 07, 2007
Press release here.

Thursday, June 07, 2007 10:42:21 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, April 05, 2007

Two vice chairs of ITU-T’s IPTV Focus Group will guest edit an upcoming issue of IEEE Communications Magazine. Chae-Sub Lee, of ETRI, Korea and Simon Jones, of BT, UK will edit the issue for publication February 2008.

A call for papers has been issued on the broad topic IPTV Systems, Standards and Architectures. Papers are solicited on topics including IPTV standards progress, architecture for IPTV systems, deployment challenges, performance considerations, content management and security. Articles should be tutorial in nature, further guidelines can be found here.

Thursday, April 05, 2007 1:46:47 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, March 05, 2007
The first steps towards a globally harmonized approach to identity management (IdM) have been taken during a meeting bringing together, for the first time, the world’s key players in the IdM space.

IdM promises to reduce the need for multiple user names and passwords for each service used, while maintaining privacy of personal information. A global IdM solution will help diminish identity theft and fraud. Further, IdM is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce.

Experts at the meeting concurred that interoperability between existing IdM solutions will provide significant benefits such as increased trust by users of on-line services as well as cybersecurity, reduction of SPAM and seamless “nomadic” roaming between services worldwide.

Abbie Barbir, chairman of the Focus Group on Identity Management (FG IdM): “Our main focus is on how to achieve the common goals of the telecommunication and IdM communities. Nobody can go it alone in this space, an IdM system must have global acceptance. There was a very positive feeling at the meeting that we can achieve this and crucially we saw a great level of participation from all key players.”

The meeting of the FG IdM brought together developers, software vendors, standards forums, manufacturers, telcos, solutions providers and academia from around the world to share their knowledge and coordinate their IdM efforts. Interoperability among solutions so far has been minimal. One conclusion of attendees is that cooperation is crucial and that players cannot exist in isolation. The spirit of the meeting was that everyone will gain by providing an open mechanism that will allow different IdM solutions to communicate even as each IdM solution continues to evolve. Such a “trust metric” does not exist today experts say.

Work will continue online and during Focus Group meetings in April, May, and July. An analysis of what IdM is used for will be followed by a gap analysis between existing IdM frameworks now being developed by industry fora and consortiums. These gaps should be addressed before the interworking and interoperability between the various solutions can be achieved. The aim is to provide the basis for a framework which can then be conveyed to the relevant standard bodies including ITU-T Study Groups. The document will include details on the requirements for the additional functionality needed within next generation networks (NGN).

ITU-T has a long history of innovation in this field, with key work on trusted, interoperable identity framework standards including Recommendation X.509 that today serves as the primary “public key” technical mechanism for communications security across all telecom and internet infrastructures.
Monday, March 05, 2007 11:16:08 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, January 08, 2007
Study Group 17 has initiated the approval process for a standard providing an overview of cybersecurity. The work establishes a definition of cybersecurity that is wide enough in scope to cover various and sometimes inconsistent definitions.

The Recommendation (X.1205) provides a taxonomy of security threats from an organization’s point of view. Cybersecurity threats and vulnerabilities including the most common hacker’s tools of the trade are presented. Threats are discussed at various network layers.

Various Cybersecurity technologies to remedy threats are discussed including: routers, firewalls, antivirus protection, intrusion detection systems, intrusion protection systems, secure computing and audit and monitoring. Network protection principles such as defense in depth, access management with application to Cybersecurity are also discussed. Risk management strategies and techniques are discussed including the value of training and education in protecting the network. In addition examples for securing various networks based on the discussed technologies are also discussed.

Monday, January 08, 2007 10:13:03 AM (W. Europe Standard Time, UTC+01:00)  #     | 
Following ITU-T’s Workshop on Digital Identity for NGN Geneva, 5 December 2006 a decision has been made to set up a Focus Group on Identity Management (IdM) under the parentage of Study Group 17.

Digital identity refers to the online representation of a user’s or network element’s identity and the identity of those that the user or network element interacts with. It does not mean the positive validation of a person. Information regarding device identities is becoming an increasingly valuable commodity, and as a consequence, its protection and management are vital to a healthy and inclusive digital world.

There are different approaches for representing identities and different identity management frameworks. The lack of a common view on digital identity and its management has so far resulted in incompatible applications.

The Focus Group will explore mechanisms that allow different frameworks to interoperate together. Experts said there is a need to identify current gaps in proposed solutions. For example, IdM solutions that involve the telecom network level and in general lower layers have not been addressed sufficiently, they said. The Focus Group will act as a platform for an exchange of information in order to bring about necessary harmonisation.

All standards organizations and developer forums involved in identity management worldwide, including institutes, forums, companies, experts and individuals regardless of whether ITU members or not are encouraged to participate.

The first meeting of the FG IdM is scheduled to take place at ITU Headquarters, in Geneva, from 13 to 16 February 2007.

Monday, January 08, 2007 10:11:55 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, November 17, 2006

The Focus Group on Security Baseline for Network Operators has issued a survey, results from which will be used in preparation of a new ITU-T Recommendation “Security Baseline for Network Operators”. Participants are asked about their level of preparedness in case of various security threats.

Once approved the Recommendation will show the readiness and ability of operators to collaborate and coordinate counteraction against security threats arising from interconnected networks.

The Security Baseline will allow network operators to assess their network and information security posture in terms of what security standards are available, which of these standards should be used to meet particular requirements, when they should be used, and how they should be applied. It will also identify security Recommendations and standards to support evaluation of operators’ network security and information security. Development of the first draft of the Recommendation will begin towards the end of 2006.

The online survey is aimed at network and service providers a deadline of 24 November 2006 has been set for responses.

 

Friday, November 17, 2006 4:31:27 PM (W. Europe Standard Time, UTC+01:00)  #     | 

ITU-T will hold a Workshop on Digital Identity for NGN Geneva, 05 December 2006.

In the last few years, the need for digital identity has risen as a strong driving force behind network architecture design, service provisioning, and content handling, billing and charging. Digital identity is expected to be a powerful tool for users to access unlimited digital resources via a limited number of trusted relationships, and for providers to offer these resources across the different layers of communication systems, administrative domains and even legal boundaries. However, the lack of a common view on digital identity across these different layers has so far resulted in independently developed and therefore often inconsistent identity management frameworks as well as incompatible applications.

Key challenges towards the development of a more consistent approach are to tackle the conflicting requirements of privacy, identification and security. This workshop, a Joint ITU-T/EU IST Daidalos Project Workshop, intends to investigate different approaches, analyze gaps in today’s standards, identify future challenges and find common goals which will provide direction to the work currently being undertaken in the different projects and standards development organizations (SDOs).

 

Friday, November 17, 2006 9:15:35 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, November 07, 2006

ITU-T will host the annual Broadband Europe conference 11-14 Dec 2006.

BBEurope is an annual event which was initiated by the FP6-BREAD-project (broadband for all in Europe: a multi-disciplinary approach), part of the "BroadBand for All"-strategic objective of the European Commission.

Peter Van Daele, Project Leader BREAD: “The concept of “Broadband For All” refers to a situation in which broadband is not only available to every citizen, but is actually used by all of them. In that respect it is a more demanding concept than the traditional universal service obligation in telephony, which merely stipulates the availability, at certain conditions, of a given service. The usage of information and communication technologies via broadband infrastructures by all citizens is a policy objective because it is considered to be a key component of transforming Europe into a knowledge-based society, thus enhancing economic growth and increasing employment.”

The BREAD project has amongst its objectives to develop a holistic vision encompassing technical, as well as economical and regulatory aspects. Another important aspect is of identifying roadblocks on European, national/regional level and share visions and best practices on national level to EU level.

BBEurope brings together on an international level all the BroadBand players, researchers, service providers, content providers, operators, manufacturers, policy makers, standardisation bodies, professional organisations.

A diverse agenda will cover topics including NGN, IPTV, wireless access, powerline, security, QoS, and broadband in rural areas. The event will conclude with a panel discussion titled: Future Perspectives in Broadband. A ‘full preliminary’ programme is available from the event’s website, with the call for papers ending November 10 when a programme committee will make a final selection of the papers.

 

Tuesday, November 07, 2006 9:18:59 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, June 05, 2006

As part of celebrations for the 50th anniversary of ITU-T, you are invited to vote for the most influential standards work from ITU-T.

ITU work is behind many of the worlds most prevalent information and communications technologies. Choose here from our shortlist which you think has best shaped the ICT world of today, or feel free to suggest your own idea.

 

 

Monday, June 05, 2006 8:05:08 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, May 11, 2006

The Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (XACML) authored by OASIS (Organization for the Advancement of Structured Information Standards) have been consented as internationally recognised ITU-T Recommendations. The announcement is the first result of the formal relationship between the standardization sector of ITU and OASIS.

The standards (ITU-T Recommendations X.1141 (SAML) and X.1142 (XACML)) address the concern of how to allow safe single sign-on, a system that enables a user to authenticate once and gain access to the resources of multiple software systems. While solutions existed in this space, all were proprietary, and therefore not addressing the problem on a global level.

SAML and XACML are designed to control access to devices and applications on a network. The need for standards in this area has become more of an issue as business networks increasingly use the public Internet.

SAML addresses authentication and provides a mechanism for transferring authentication and authorization decisions between cooperating entities, XACML leverages this information to determine access to resources by focusing on the mechanism for arriving at those authorization decisions.

An additional feature of SAML is that it allows organizations to communicate information without any change to their own internal security architectures.

Thursday, May 11, 2006 8:44:29 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, January 25, 2006

This ICT Security Standards Roadmap has been developed to assist in the development of security standards by bringing together information about existing standards and current standards work in key standards development organizations.

In addition to aiding the process of standards development, the Roadmap will provide information that will help potential users of security standards, and other standards stakeholders, gain an understanding of what standards are available or under development as well as the key organizations that are working on these standards.

The Roadmap is in four parts:

  • Part 1: ICT Standards Development Organizations and Their Work

    Part 1 contains information about the Roadmap structure and about each of the listed standards organizations, their structure and the security standards work being undertaken. In addition it contains information on terminology by providing links to existing security glossaries and vocabularies.

  • Part 2: Approved ICT Security Standards

    Part 2 contains a summary catalogue of approved standards.

  • Part 3: Security standards under development

    Part 3 is structured with the same taxonomy as Part 2 but contains work in progress, rather than standards that have already been approved and published. Part 3 will also contain information on inter-relationships between groups undertaking the work and on potential overlaps between existing projects.

  • Part 4: Future needs and proposed new security standards

    Part 4 is intended to capture possible future areas of security standards work where gaps or needs have been identified as well as areas where proposals have been made for specific new standards work.

It is important to note that the Roadmap is a work-in-progress. It is intended that it be developed and enhanced to include other standards organizations as well as a broader representation of the work from organizations already included. It is hoped that standards organizations whose work is not represented in this version of the Roadmap will provide information to ITU-T about their work so that it may be included in future editions.

In the near future provision will be made to allow each organization to manage its own data within the Roadmap. This will enable more timely updating of the information.

More on the ICT Security Standards Roadmap

Wednesday, January 25, 2006 5:16:44 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, September 15, 2005

Leaders from the leading national and regional telecommunications and radio standards organizations and a delegation from ITU consisting of both high-level secretariat staff and Study Group chairs met 28 August - 2 September, at The Tenth Global Standards Collaboration meeting (GSC-10).

The mission of the GSC is to exchange information between participating standards organizations to facilitate collaboration and to support the process of global telecommunication standardization in the ITU. The event was hosted by ETSI in Sophia Antipolis, France.

Participants at GSC-10 included the Australian Communications Industry Forum (ACIF), Association of Radio Industries and Businesses (ARIB) of Japan, the European Telecommunications Standards Institute (ETSI), the Alliance for Telecommunications Industry Solutions (ATIS) and Telecommunications Industry Association (TIA) from the US, the China Communications Standards Association (CCSA), the Telecommunication Technology Committee (TTC) of Japan, the Telecommunications Technology Association (TTA) of Korea, the ICT Standards Advisory Council of Canada (ISACC), and the International Telecommunication Union (ITU).

Guests and observers included representatives from the American National Standards Institute (ANSI), the Asia Pacific Telecommunity (APT), the Open Mobile Alliance (OMA) and: the Sector Board 4 of International Electrotechnical Commission (IEC).

Specific resolutions on the following topics were agreed at the meeting:

  • Next-Generation Networks
  • Mapping Standards for "Systems Beyond IMT 2000"
  • Cybersecurity
  • Home Networking
  • Emergency Communications
  • Broadband Services in Rural and Remote Areas
  • Open Standards
  • Facilitating Liaison in relation to Measurement Methodologies for Assessing Human Exposure to RF Energy
  • Wireless access including RLANs, Ad-Hoc Networking and Broadband Wireless Access
  • Supporting Automotive Crash Notification ("ACN") by Public Wireless Communications Networks
  • Radio Microphones and Cordless Audio Devices
  • RFID Systems, Services and Networking
  • Public Protection & Disaster Relief
  • Ultra Wide Band
  • Intellectual Property Rights Policies
  • User Interest Working Group

 
Other areas discussed were:

  • Location-based Services
  • Internet Protocol over Wireless
  • Software defined radio & Cognitive radio
  • Digital Broadcasting including mobile multimedia applications
  • Satellite services

ITU maintains a repository of documents relating to this and all past GSC meetings.

 

Thursday, September 15, 2005 9:01:36 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, September 09, 2005

The recent Asia Pacific Telecommunity (APT) Symposium on Network Security and SPAM presented background information, detailed the current situation, new developments and steps ahead on network security and fighting spam in the Asia-Pacific region.

TSB presented highlights of ITU-T work on security, also detailing the level of participation of the AP region in Study Group 17, the ITU-T group that looks at security issues. Mr Jianyong Chen (ITU-T SG 17 Vice Chair from China) also attended the event and made a detailed presentation on current SG 17 work. He also chaired two sessions. In addition TSB presented the results of the ITU WSIS Thematic Meeting on Cybersecurity held in Geneva, 28 June – 1 July 2005.

The meeting was organized in three full-day sessions and was attended by some 70 representatives from the Asia-Pacific area. The first day was dedicated to cybersecurity, the second to countering spam, and the third to cooperation initiatives. The complete set of presentations at the meeting can be downloaded here.

The meeting invited AP countries to step-up their capability building initiatives and encouraged APT to increase its collaboration on network security and spam with international organizations working in the area, ITU-T in particular.

 

Friday, September 09, 2005 1:07:36 PM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, August 24, 2005

A suite of ten new standards that provide security for IP media communications such as VoIP or videoconferencing got an update at the last meeting of ITU-T’s Study Group 16

The security framework outlined in the H.235 series of ITU-T Recommendations provides the protocols necessary for these media to be authorised and routed. Equipment using these standards can deliver connectivity without compromising security. 

With the help of the Recommendations, users communicating through IP media are authenticated and authorized so that their communications are protected against various security threats. Real-time multimedia encryption adds a further layer of security, protecting against call interception. The security countermeasures are designed to thwart service fraud, avoid service misuse and detect malicious message tampering. H.235 also gives the ability to provide a greater level of security using public key infrastructure (PKI) certificates. 

Additionally, two new security profiles were added to provide [H.235.8] key exchange using the secure real-time transport protocol (SRTP) in H.323 networks and [H.235.9] to allow discovery of security gateways in the signalling path between communicating H.323 entities, in order to preserve signalling integrity and privacy.

Wednesday, August 24, 2005 8:33:13 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Standards that may accelerate the adoption of VoIP in corporate environments and resolve an issue that has slowed down the adoption of videoconferencing have been completed by ITU-T.

The standards from ITU-T’s multimedia Study Group (Study Group 16) provide a robust and easy to implement solution that will allow any H.323 based system communicating on an IP network to more easily communicate across the boundary imposed by NAT or firewalls (FW).

Videoconferencing and VoIP have long been plagued with problems when trying to work across network address translation (NAT) and firewall boundaries. Despite previous attempts to address the issue, no standardized way of dealing with the problem has emerged until now. 

Without the ITU solution many network managers and operators have found that the only way to allow inbound VoIP calls in a firewall-protected environment is to leave a permanent hole from the outside world, open a range of port numbers for VoIP use, or locate devices outside of the firewall. Clearly, these solutions violate even the most basic security policies. 

Recommendation H.460.18 enables H.323 devices to exchange signalling and establish calls, even when they are placed inside a private network behind NAT/FW devices. These extensions, when used together with Recommendation H.460.19, which defines NAT/FW traversal for media, enable upgraded H.323 endpoints to traverse NAT/FW installations with no additional equipment on the customer premises. Alternatively, the H.460.18 and H.460.19 functionality may be implemented in a proxy server, so that unmodified H.323 endpoints can also benefit from it.

Work on the related Recommendation H.248.37 was also finished at the Study Group meeting. Session border controllers (SBCs) are becoming an important part of the Internet infrastructure, and some SBCs are being split into media gateway controller (MGC) and media gateway (MG) components. One important function of a SBC is to perform network address and port translation (NAPT). H.248.37 allows the MGC to instruct a MG to latch to an address provided by an incoming Internet Protocol (IP) application data stream, rather than the address provided by the call/bearer control. This enables the MG to open a pinhole for data flow, and hence allow connections to be established. 

As well as these ITU-T Recommendations, Study Group 16 will shortly publish two technical papers on the topic: The Requirements for Network Address Translator and Firewall Traversal of H.323 Multimedia Systems and Firewall and NAT traversal Problems in H.323 Systems.

Wednesday, August 24, 2005 8:31:10 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, June 22, 2005

Two technical sessions were given at the last meeting of Study Group 5 in Geneva. Study Group 5 is the ITU-T group that looks at protection against electromagnetic environment effects. Technical sessions are tutorials on a specific subject that aim to provide background for the preparation of new standards (ITU-T Recommendations) on these topics.

The first session was on security, and was presented by William Radasky, Chairman of IEC SC 77C (high power transient phenomena). Radasky’s lectures dealt with electromagnetic threats such as high power electromagnetic phenomena and its effect on systems and mitigation methods. This will help SG5 prepare recommendations  to protect telecommunication systems against malicious man-made high power transient phenomena. Radasky also detailed IEC’s work which will help ITU-T experts avoid duplication of their work.

The second session was on home networking and was in collaboration with Study Group 9. The SG 9 contribution was in the areas of architecture, transport technology, security, quality of service and management of home networks. SG 5’s contributions were in the areas of electromagnetic compatibility (EMC), electromagnetic security and electromagnetic emission issues in the home environment.

 

Wednesday, June 22, 2005 11:25:50 AM (W. Europe Standard Time, UTC+01:00)  #     | 

Workshop on "New Horizons for Security Standardization"
Geneva, 3 - 4 October 2005
 
Introduction

An ITU-T workshop - New Horizons for Security Standardization - will take place at ITU Headquarters, in Geneva, 3 - 4 October 2005, prior to a meeting of Study Group 17.

Objectives

The overall objectives of the workshop are to help address information and communications security issues and promote increased cooperation between organizations engaged in security standardization work. Consideration will also be given to issues of adoption and implementation of security standards. In particular, the workshop will:

  • seek to find out from stakeholders (e.g., network operators, system developers, users etc.) what are their primary security concerns/issues?
  • determine where ITU-T and other standards development organizations (SDOs) can most effectively play a role in helping address the issues (i.e., which issues are amenable to a standards solution?);
  • identify which SDOs are working on these issues or are best equipped to do so; and
  • agree on next steps for security standardization.

More

Wednesday, June 22, 2005 8:36:05 AM (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, May 12, 2005

Following the success of the Cybersecurity Symposium held in Florianópolis, Brazil, October 2004, ITU has decided to hold another event.

Cybersecurity Symposium II will be held on the first day of the Russian Association for Networks and Services (RANS) conference - Security and Trust for Infocommunication Networks Deployment, Moscow.

The symposium will highlight the importance of cybersecurity as an essential part of information and communication technologies (ICT). There will be discussion on international cooperation, which is increasingly becoming the decisive issue in coordinating the efforts of state institutions and business for the harmonized development of normative, legal, technological and organizational aspects of an effective cybersecurity infrastructure. Additionally there will be a review of the necessary standards development.

Thursday, May 12, 2005 6:39:20 PM (W. Europe Standard Time, UTC+01:00)  #     |