Executive Summary
Study Group 17 meeting
(17 - 26 September 2014, Geneva/Switzerland)
Participation:
166 participants (21 more than at the previous SG17 meeting, +14%); 31 Member States, 17 Sector Members, 4 Associates, and 2 Academia participating. Several invited experts. Increased participation of Member States including of Developing Countries.
Organization of the meeting:
Busy and productive 4th meeting in the middle of this study period having 8 working days.
- Many parallel meetings per quarter each day. Many sessions were equipped with AdobeConnect or GotoMeeting teleconferencing.
- Two SG17 open, extended management team meetings held (one late afternoon prior to the opening plenary and the other during the weekend), complemented by the SG17 security coordination meeting.
- Contributions: 80 (63 last time, +27% increase) - from Asia/Pacific: 67 (22 from Korea, 13 from China Unicom, 6 each from China Telecom and China Mobile), USA/CAN: 4, Africa: 1, LAM: 0, CIS: 1, Europe: 6, Arab: 1.
- TDs: 405 (55 more than in the previous meeting). This includes 45 incoming liaison statements, and 66 outgoing liaison statements.
- Two of the nine SG17 vice chairmen again did not attend (unexcused); 6 Associate Rapporteurs also did not attend. The SG17 management team meeting developed a plan for action to contact them.
Recommendations approved (TAP – WTSA-12 Resolution 1):
The SG17 plenary meeting approved the text announced for TAP in accordance with WTSA-12 Resolution 1, Section 9. There is one new Recommendation as listed below:
Q | Acronym | Title | New / Revised | Editor(s) | Location of text | Equivalent e.g., ISO/IEC | Start of work |
4/17 | X.1211 (X.eipwa) | Techniques for preventing web-based attacks | New | Xie Wei, Heung Youl Youm | TD 1293 Rev.5 | | 2009-09 |
Amendment approved, Supplements and Technical Report agreed:
The SG17 plenary meeting approved one new Amendment, agreed two new Supplements to the X-series, and one new Technical Report.
Q(1) | Acronym | Title | New / Revised | Editor(s) | Location of Text | Equivalent e.g., ISO/IEC | Start of work |
2/17, (3/17) | X.mgv6 | Supplement 23 to ITU-T X-series Recommendations – ITU-T X.1037 – Supplement on Security management guideline for the implementation of an IPv6 environment in telecommunications organizations | New | Masashi Eto, Koji Nakao | TD 1399 Rev.3 | | 2011-04 |
4/17 | X.1500 Amd.6 | Overview of cybersecurity information exchange – Amendment 6 – Revised structured cybersecurity information exchange techniques | Note (2) | Youki Kadobayashi | TD 1353 | | 2013-09 |
6/17 | X.msec-8 | Supplement 24 to ITU-T X-series Recommendations – ITU-T X.1120-X.1139 series – Supplement on a secure application distribution framework for communication devices | New | Mijoo Kim, Yutaka Miyake, Heung Youl Youm | TD 1369 Rev.1 | | 2012-03 |
11/17 | TR HBPKI | Technical Report: Current and new challenges for public-key infrastructure standardization | New | Eric Andersen | TD 1336 | | 2013-09 |
Notes:
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
(2) Amendment 6 supersedes Amendment 5.
Recommendations determined (TAP – WTSA-12 Resolution 1):
The SG17 plenary meeting determined (TAP) the following draft new ITU-T Recommendation in accordance with WTSA-12 Resolution 1, Section 9.
Q | Acronym | Title | New / Revised | Editor(s) | Location of text | Equivalent e.g., ISO/IEC | Start of work |
4/17 | X.1525 (X.cwss) | Common weakness scoring system | New | Robert A. Martin | TD 1337 | | 2009-09 |
Recommendations consented for Last Call (AAP – Recommendation ITU-T A.8):
The SG17 plenary meeting gave consent (AAP) to six draft new ITU-T Recommendations, ten draft revised ITU-T Recommendations, and four Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:
Q(1) | Acronym | Title | New / Revised | Editor(s) | Location of Text | Equivalent e.g., ISO/IEC | Start of work |
6/17 | X.1311 Cor.1 | Information technology – Security framework for ubiquitous sensor networks – Technical Corrigendum 1 | | Heung-Youl Youm | TD 1296 Rev.1 | ISO/IEC 29180 Cor.1 | 2014-09 |
6/17 | X.1314 (X.unsec-1) | Security requirements and framework of ubiquitous networking | New | Junjie Xia, Shilin You | TD 1349 | | 2010-12 |
7/17 | X.1157 (X.sap-7) | Technical capabilities of fraud detection and response for services with high assurance level requirements | New | Tae Kyun Kim, Hyung-Jin Lim | TD 1351 Rev1. | | 2011-09 |
7/17 | X.1158 (X.sap-8) | Multi-factor authentication mechanisms using a mobile device | New | Keun Ok Kim, Seong-Hyeon Song, Heung-Youl Youm | TD 1335 Rev.4 | | 2012-09 |
7/17 | X.1159 (X.sap-9) | Delegated non-repudiation architecture based on ITU-T X.813 | New | Keun-ok Kim, Hee-won Shim, Seong-Hyeon Song | TD 1332 Rev.1 | | 2012-09 |
11/17 | X.520 Cor.1 | Information technology – Open Systems Interconnection – The Directory: Selected Attribute Types – Technical Corrigendum 1 | | Eric Andersen | TD 1287 | ISO/IEC 9594-6 Cor.1 | 2014-01 |
11/17 | X.691 Cor.3 | Information technology – Specification of Packed Encoding Rules (PER) – Technical Corrigendum 3 | | Paul. E. Thorpe | TD 1346 Rev.1 | ISO/IEC 8825-2 Cor.3 | 2014-01 |
11/17 | X.691 Cor.4 | Information technology – Specification of Packed Encoding Rules (PER) – Technical Corrigendum 4 | | Paul. E. Thorpe | TD 1347 Rev.1 | ISO/IEC 8825-2 Cor.4 | 2014-01 |
11/17, (7/17) | X.1341 (X.cmail) | Certified mail transport and certified post office protocols | New | David Keller, Laura Prin | TD 1259 Rev.2 Note (3) | | 2013-04 |
12/17 | Z.100 Annex F1 | Specification and Description Language - Overview of SDL-2010 – SDL formal definition: General overview | Revised | Rick Reed | TD 1281 | | 2013-04 Note (2) |
12/17 | Z.100 Annex F2 | Specification and Description Language - Overview of SDL-2010 – SDL formal definition: Static semantics | Revised | Rick Reed | TD 1282 Rev.3 | | 2013-04 Note (2) |
12/17 | Z.100 Annex F3 | Specification and Description Language - Overview of SDL-2010 – SDL formal definition: Dynamic semantics | Revised | Rick Reed | TD 1283 Rev.1 | | 2013-04 Note (2) |
12/17 | Z.161 | Testing and Test Control Notation version 3: TTCN-3 core language | Revised | Dieter Hogrefe | TD 1308 Rev.1 Note (4) | ETSI ES 201 873-1 | 2013-04 |
12/17 | Z.161.1 | Testing and Test Control Notation version 3: TTCN-3 language extensions: Support of interfaces with continuous signals | Revised | Dieter Hogrefe | TD 1309 Rev.1 Note (5) | ETSI ES 202 786 | 2013-04 |
12/17 | Z.161.2 | Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment support | Revised | Dieter Hogrefe | TD 1310 Rev.1 Note (6) | ETSI ES 202 781 | 2013-04 |
12/17 | Z.161.3 | Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced parameterization | Revised | Dieter Hogrefe | TD 1311 Rev.1 Note (7) | ETSI ES 202 784 | 2013-04 |
12/12 | Z.161.5 | Testing and Test Control Notation version 3: TTCN-3 Language extensions: Performance and real time testing | New | Dieter Hogrefe | TD 1312 Rev.1 Note (8) | ETSI ES 202 782 | 2014-01 |
12/17 | Z.165 | Testing and Test Control Notation version 3: TTCN-3 runtime interface (TRI) | Revised | Dieter Hogrefe | TD 1313 Rev.1 Note (9) | ETSI ES 201 873-5 | 2013-04 |
12/17 | Z.165.1 | Testing and Test Control Notation version 3: TTCN-3 extension package: Extended TRI | Revised | Dieter Hogrefe | TD 1314 Rev.1 Note (10) | ETSI ES 202 789 | 2013-04 |
12/17 | Z.166 | Testing and Test Control Notation version 3: TTCN-3 control interface (TCI) | Revised | Dieter Hogrefe | TD 1315 Rev.1 Note (11) | ETSI ES 201 873-6 | 2013-04 |
Notes:
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
(2) AAP Last Call to be delayed.
(3) COM 17 – R 36 Annex A Attachment 2 contains the A.5 justification information for draft new Rec. ITU-T X.1341.
(4) COM 17 – R 36 Annex B Attachment 1 contains the A.5 justification information for draft revised Rec. ITU-T Z.161.
(5) COM 17 – R 36 Annex B Attachment 2 contains the A.5 justification information for draft revised Rec. ITU-T Z.161.1.
(6) COM 17 – R 36 Annex B Attachment 3 contains the A.5 justification information for draft revised Rec. ITU-T Z.161.2.
(7) COM 17 – R 36 Annex B Attachment 4 contains the A.5 justification information for draft revised Rec. ITU-T Z.161.3.
(8) COM 17 – R 36 Annex B Attachment 5 contains the A.5 justification information for draft new Rec. ITU-T Z.161.5.
(9) COM 17 – R 36 Annex B Attachment 6 contains the A.5 justification information for draft revised Rec. ITU-T Z.165.
(10) COM 17 – R 36 Annex B Attachment 7 contains the A.5 justification information for draft revised Rec. ITU-T Z.165.1
(11) COM 17 – R 36 Annex B Attachment 8 contains the A.5 justification information for draft revised Rec. ITU-T Z.166.
New work items:
The following 20 new work items were agreed to be added to the SG17 work programme:
Q(1) | Acronym | Title | New/ Revised | AAP/TAP/ Agreement | Editor(s) | Documents | Equivalent e.g., ISO/IEC | Timing*** |
1/17 | X.TRSM6ed | Technical Report Security in telecommunications and information technology – An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications; 6th edition | New | Agreement | Michael Harrop | NWI template: TD 1232 Rev.1 | | 2015-09 |
2/17 | X.sgmvno | Supplement to ITU-T X.805 Security guideline for mobile virtual network operator (MVNO) | New | Agreement | Hongwei Luo, China; Laifu Wang, China Telecom | NWI template: TD 1317 Rev.2 | | 2016-03 |
2/17 | X.tigsc | Technical implementation guidelines for ITU-T X.805 | New | AAP | Heung Youl Youm, Korea (Republic of) | NWI template: TD 1359 Rev.3 Base text: TD 1359 Rev.3 Annex 2 | | 2017-03 |
3/17 | X.sup-gpim | Supplement to ITU-T X.gpim Code of practice for personally identifiable information protection for telecommunications organizations | New | Agreement | Lijun Liu, China Mobile; Heung Youl Youm, Korea (Republic of) | NWI template: TD 1328 Rev.4 | | 2016-03 |
4/17 | X.cogent | Design considerations for improved end-user perception of trustworthiness indicators | New | TAP | Youki Kadobayashi, NICT; Daisuke Miyamoto, University of Tokyo | NWI template: TD 1340 Rev.2 | | 2015-09 |
4/17 | X.simef | Session information message exchange format (SIMEF) | New | TAP | Ik-Kyun Kim, ETRI, Korea (Republic of); Jong-Hyun Kim, ETRI, Korea (Republic of) | NWI template: TD 1364 Rev.2 Annex 1 Base text: TD 1364 Rev.2 Annex 2 | | 2015-09 |
5/17 | X.gcspi | Supplement to ITU-T X.1242 Guideline for countermeasures against short message service (SMS) phishing incidents | New | Agreement | Lijun Liu, China Mobile, China (People's Rep. of); Jae Hoon Nah, ETRI/ KISSF, Korea (Republic of); Deawoo Park, Korea (Republic of) | NWI template: TD 1391 Rev.3 Base text: C 0255 | | 2017 |
5/17 | X.ticsc | Supplement to ITU-T X.1245 Technical measures and mechanism on countering the spoofed call in the visited network of VoLTE | New | Agreement | Bo Yu, China Unicom; Jie Yuan, China Mobile; Chen Zhang, China Mobile | NWI template: TD 1359 Rev.2 Base text: C 0289 | | 2016-03 |
6/17 | X.iotsec-1 | Simple encryption procedure for IoT device security | New | TAP | Hirotaka Yoshida, Hitachi | NWI template: TD 1437 Rev.1 Base text: C 0286 Rev.1 | | 2016-03 |
6/17 | X.itssec-1 | Software update capability for ITS communications devices | New | TAP | Masashi Eto, NICT Koji Nakao, NICT / KDDI | NWI template: TD 1409 Rev.3 Annex 1 Base text: TD 1409 Rev.3 Annex 2 | | 2016-03 |
6/17 | X.itssec-2 | Security guidelines for V2X communication systems | New | TAP | Sang-Woo Lee, ETRI; Jae-Hoon Nah, ETRI | NWI template: TD 1405 Rev.1 | | 2016-03 |
6/17 | X.sgsec-2 | Security guidelines for home area network (HAN) devices in smart grid systems | New | TAP | Woong Go, KISA; Haeryong Park, KISA; Jeong-Jun Suh, KISA | NWI template: TD 1386 Rev.2 Base text: TD 1386 Rev.2 | | 2017-03 |
6/17 | X.msec-9 | Functional security requirements and architecture for mobile phone anti-theft measures | New | TAP | Xia Junjie, China Unicom; Heung Youl Youm, Korea (Republic of) | NWI template: TD 1348 Rev.4 Base text: TD 1348 Rev.4 Annex 1 | | 2017-03 |
6/17 | X.sdnsec-1 | Requirements for security services based on software-defined networking | New | TAP | Hyoungshick Kim, Korea (Republic of); JungSoo Park, ETRI | NWI template: TD 1371 Base text: TD 1371 Annex 1 | | 2017-03 |
7/17 | X.websec-6 | Security framework and requirements for open capabilities of telecommunication services | New | AAP | Feng Gao, China Unicom; Jae Hoon Nah, ETRI; Junjie Xia, China Unicom | NWI template: TD 1368 Rev.1 Base text: C 0303 Rev.2 | | 2016-09 |
7/17 | X.websec-7 | Reference monitor for online analytics services | New | AAP | Hyungjin Lim, Korea (Republic of); Jongyoul Park, ETRI; Junjie Xia, China Unicom | NWI template: TD 1327 Rev.2 Base text: C 0253 | | 2017 |
8/17 | X.CSCDataSec | Guidelines for cloud service customer data security | New | TAP | Nan Meng, MIIT/China | NWI template: TD 1422 Rev.2 Base text: TD 1422 Rev.2 Annex I | | 2017 |
10.17, (7/17) | X.eaaa | Enhanced entity authentication based on aggregated attributes | New | TAP | Tae Kyung Kim, Korea (Republic of) Jae Hoon Nah, ETRI, Korea (Republic of); Junjie Xia, China Unicom, P.R.China | NWI template: TD 1350 Rev.3 | | 2016 |
10/17 | X.1255sup | Supplement to Recommendation ITU-T X.1255 Proposed conceptual models based on ITU-T X.1255 frameworks | New | Agreement | Abbie Barbir, MBNA | NWI template: TD 1411 Rev.2 | | 2015-04 |
11/17 | X.oiddev | Information technology – Use of object identifiers to identify devices in the Internet of Things | New | AAP | Jun Seob LEE, ETRI | NWI template: TD 1427 Rev.1 Base text: TD 1363 Rev.2 | yes | 2016 |
Notes:
*** Target date for consent or determination of Recommendations or for approval of appendices,
supplements or implementers' guides.
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
Work items discontinued:
The following two work items were agreed to be deleted from the work programme:
Q | Acronym | Title | Action |
4/17 | X.cybex-beep | Use of BEEP for cybersecurity information exchange | delete |
10/17 | X.giim | Mechanisms to support interoperability across different IdM services | delete |
Coordination and promotion activities:
- A fruitful joint meeting between SG17 and ITU-D SG2 Question 3/2 took place, which mutually envisioned further strengthened collaboration.
- SG17 reviewed the established liaison relationships between ITU-T and ISO TCs, SCs and JTC1/SCs, and checked if the Category A, B, C, or D designations still apply (for SG17).
- Two Joint Coordination Activity meetings under the SG17 parent-ship were held, JCA-IdM and JCA-COP.
- Updates were made to the Security Compendium, and to the ICT Security Roadmap.
Correspondence Groups:
Three new Correspondence Groups and one continued CG were agreed.
- CG-investigate: New Correspondence Group on investigation for new topics for SG17 standardization; convened by all 8 session chairmen of the ITU security workshop.
The CG will investigate any considerable topics from the results of the workshop, and to collect and analysis the further information related to the new topics for the purpose of identifying a set of new work items for SG17 near future. Envisioned topics are for example: Big Data security, IoT security, smart home/city (including smart-grid), CII resilience (CIIR)). - CG-rapp-guidelines, New Correspondence Group on guidelines for organizing Rapporteur Group meetings and meetings of Questions; convened by Mr. Jiang Hua. This CG will discuss a) review and provide comments to SG17 on the ITU-T SG16 guidelines for organizing Rapporteur Group meetings (TSAG TD 150); and b) provide to SG17 a proposal for unifying the agendas of meetings of Questions held during working party or study group meetings, in particular unifying the time table for taking up agendas items.
- CG-coll-strengthening, New Correspondence Group on strengthening collaboration between ITU-T SG17 and ITU-D SG2 Q3/2 on security. This new ITU intersectoral CG between the T- and the D- Sectors will identify areas for collaboration. Exact details of the technical implementation and convernership of this CG are subject for further coordination between TSB and BDT.
- CG-CYBEX, Continued Correspondence Group on cybersecurity information exchange capabilities.
Other highlights:
- Four special sessions were held to off-load the plenaries from debates: on bridging the standardization gap (with live interpretation); on outcomes of the ITU-T security workshop; on preparing for the joint meeting between SG17 and D-Q3/2; and the joint meeting with D-3/2. The meeting confirmed to continue organizing a BSG session at every SG17 meeting.
- SG17 agreement on the A.4 and A.5 qualification of the OpenID Foundation with SG17's expectation to receive their IdM specifications for standardization in SG17.
- SG17 agreement on the A.4 or A.6 qualification of GSMA for X.msec-9.
- SG17 invited the Fast Identity Online (FIDO) alliance to consider initiating a qualification according to Recs. ITU-T A.4 and A.5.
- SG17 initiated collaboration with OASIS TC IBOPS (Identity Based Attestation and Open Exchange Protocol Specification, i.e. IdM using telebiometrics).
- Due to procedural constraints imposed by Rec. ITU-T A.7 (12 days deadline for submission of proposals), a new Focus Group on Critical Infrastructure Protection and ICT Security (FG-CIPIS) with proposed terms of reference could not be established at this meeting.
- WP2/17 considered the few (2), non-representative responses to the questionnaire on spam and agreed that some other means should be tried instead to gather the desired information than using questionnaires.
Associated events:
Associated events below assisted in identifying new actions for the study group and leverage the collaboration with other organizations and hopefully attract new experts to the ITU-T and SG17 community.
- A successful, well attended ITU workshop on ICT Security Standardization Challenges for Developing Countries - Geneva, Switzerland, 15 – 16 September 2014 took place before the SG17 meeting.
- Mentoring programme for newcomers: Comprehensive programme through tutorials (see below), welcome, feedback session and guided tour, all attended with interest.
- Reception and social networking event sponsored by RANS with live harp music performance by artist Mr. Alexander Boldachev.
Tutorial presentations:
Seven tutorial presentations were given at this Study Group 17 meeting and found quite some positive interest.
- "SG17 orientation session for newcomers",
Arkadiy Kremer, SG17 Chairman. - "ENISA and standards",
Mr. Slawomir Gorniak, ENISA. - "Security aspects on Intelligent Transportation Systems (ITS) and how to keep cars secure",
Mr. Juergen Frank, Freescale Halbleiter Deutschland GmbH. - "Multinational Alliance for Collaborative Cyber Situational Awareness (MACCSA): Accelerating Information Sharing for Collaborative Cyber Situational Awareness (CCSA)",
Mr. Patrick Curry, CEO of MACCSA
This tutorial was further discussed by Q4/17. - "New SharePoint collaboration site created for SG17 work",
Mr. Al Dayao, TSB. - "Massive PII leak incident and national-level countermeasures in Korea",
Mr. Heung-Youl Youm, Soonchunhyang University, Korea. - "ITU's engagement in the Internet Governance Forum (IGF)",
Ms. Jeoung Hee Kim, ITU GenSec SPM; Mr. Chengetai Masango, IGF Secretariat.
Next SG17 meeting:
- WED 8 – FRI 17 April 2015, Geneva, Switzerland.
- Eight interim Rapporteur Group meetings (some of them virtual e-meetings) are planned until April 2015.