Committed to connecting the world

ITU 150

Executive Summary

​Executive Summary

Study Group 17 meeting

(17 - 26 September 2014, Geneva/Switzerland)

Participation:

166 participants (21 more than at the previous SG17 meeting, +14%); 31 Member States, 17 Sector Members, 4 Associates, and 2 Academia participating. Several invited experts. Increased participation of Member States including of Developing Countries.

Organization of the meeting:

Busy and productive 4th meeting in the middle of this study period having 8 working days.

  • Many parallel meetings per quarter each day. Many sessions were equipped with AdobeConnect or GotoMeeting teleconferencing.
  • Two SG17 open, extended management team meetings held (one late afternoon prior to the opening plenary and the other during the weekend), complemented by the SG17 security coordination meeting.
  • Contributions: 80 (63 last time, +27% increase) - from Asia/Pacific: 67 (22 from Korea, 13 from China Unicom, 6 each from China Telecom and China Mobile), USA/CAN: 4, Africa: 1, LAM: 0, CIS: 1, Europe: 6, Arab: 1.
  • TDs: 405 (55 more than in the previous meeting). This includes 45 incoming liaison statements, and 66 outgoing liaison statements.
  • Two of the nine SG17 vice chairmen again did not attend (unexcused); 6 Associate Rapporteurs also did not attend. The SG17 management team meeting developed a plan for action to contact them.

Recommendations approved (TAP – WTSA-12 Resolution 1):

The SG17 plenary meeting approved the text announced for TAP in accordance with WTSA-12 Resolution 1, Section 9. There is one new Recommendation as listed below:

QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of work
4/17X.1211
(X.eipwa)
Techniques for preventing web-based attacksNewXie Wei,
Heung Youl Youm
TD 1293 Rev.52009-09

Amendment approved, Supplements and Technical Report agreed:

The SG17 plenary meeting approved one new Amendment, agreed two new Supplements to the X-series, and one new Technical Report.

Q(1)AcronymTitleNew / RevisedEditor(s)Location of TextEquivalent
e.g., ISO/IEC
Start of work
2/17, (3/17)X.mgv6Supplement 23 to ITU-T X-series Recommendations – ITU-T X.1037 – Supplement on Security management guideline for the implementation of an IPv6 environment in telecommunications organizationsNewMasashi Eto,
Koji Nakao
TD 1399 Rev.3 2011-04
4/17X.1500
Amd.6
Overview of cybersecurity information exchange – Amendment 6 – Revised structured cybersecurity information exchange techniquesNote (2)Youki KadobayashiTD 1353 2013-09
6/17X.msec-8Supplement 24 to ITU-T X-series Recommendations – ITU-T X.1120-X.1139 series – Supplement on a secure application distribution framework for communication devicesNewMijoo Kim,
Yutaka Miyake,
Heung Youl Youm
TD 1369 Rev.1 2012-03
11/17TR HBPKITechnical Report: Current and new challenges for public-key infrastructure standardizationNewEric AndersenTD 1336 2013-09

Notes:

(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

(2) Amendment 6 supersedes Amendment 5.

Recommendations determined (TAP – WTSA-12 Resolution 1):

The SG17 plenary meeting determined (TAP) the following draft new ITU-T Recommendation in accordance with WTSA-12 Resolution 1, Section 9.

QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of work
4/17X.1525
(X.cwss)
Common weakness scoring systemNewRobert A. MartinTD 13372009-09

Recommendations consented for Last Call (AAP – Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to six draft new ITU-T Recommendations, ten draft revised ITU-T Recommendations, and four Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:

Q(1)AcronymTitleNew / RevisedEditor(s)Location of TextEquivalent
e.g., ISO/IEC
Start of work
6/17X.1311 Cor.1Information technology – Security framework for ubiquitous sensor networks – Technical Corrigendum 1 Heung-Youl YoumTD 1296 Rev.1ISO/IEC 29180 Cor.12014-09
6/17X.1314
(X.unsec-1)
Security requirements and framework of ubiquitous networkingNewJunjie Xia,
Shilin You
TD 1349 2010-12
7/17X.1157
(X.sap-7)
Technical capabilities of fraud detection and response for services with high assurance level requirementsNewTae Kyun Kim,
Hyung-Jin Lim
TD 1351 Rev1. 2011-09
7/17X.1158
(X.sap-8)
Multi-factor authentication mechanisms using a mobile deviceNewKeun Ok Kim,
Seong-Hyeon Song,
Heung-Youl Youm
TD 1335 Rev.4 2012-09
7/17X.1159
(X.sap-9)
Delegated non-repudiation architecture based on ITU-T X.813NewKeun-ok Kim,
Hee-won Shim,
Seong-Hyeon Song
TD 1332 Rev.1 2012-09
11/17X.520 Cor.1Information technology – Open Systems Interconnection – The Directory: Selected Attribute Types – Technical Corrigendum 1 Eric AndersenTD 1287ISO/IEC 9594-6 Cor.12014-01
11/17X.691 Cor.3Information technology – Specification of Packed Encoding Rules (PER) – Technical Corrigendum 3 Paul. E. ThorpeTD 1346 Rev.1ISO/IEC 8825-2 Cor.32014-01
11/17X.691 Cor.4Information technology – Specification of Packed Encoding Rules (PER) – Technical Corrigendum 4 Paul. E. ThorpeTD 1347 Rev.1ISO/IEC 8825-2 Cor.42014-01
11/17, (7/17)X.1341
(X.cmail)
Certified mail transport and certified post office protocolsNewDavid Keller,
Laura Prin

TD 1259 Rev.2

Note (3)

 2013-04
12/17Z.100
Annex F1
Specification and Description Language - Overview of SDL-2010 – SDL formal definition: General overviewRevisedRick ReedTD 1281 2013-04
Note (2)
12/17Z.100
Annex F2
Specification and Description Language - Overview of SDL-2010 – SDL formal definition: Static semanticsRevisedRick ReedTD 1282 Rev.3 2013-04
Note (2)
12/17Z.100
Annex F3
Specification and Description Language - Overview of SDL-2010 – SDL formal definition: Dynamic semanticsRevisedRick ReedTD 1283 Rev.1 2013-04
Note (2)
12/17Z.161Testing and Test Control Notation version 3: TTCN-3 core languageRevisedDieter Hogrefe

TD 1308 Rev.1

Note (4)

ETSI ES 201 873-12013-04
12/17Z.161.1Testing and Test Control Notation version 3: TTCN-3 language extensions: Support of interfaces with continuous signalsRevisedDieter Hogrefe

TD 1309 Rev.1

Note (5)

ETSI ES 202 7862013-04
12/17Z.161.2Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment supportRevisedDieter Hogrefe

TD 1310 Rev.1

Note (6)

ETSI ES 202 7812013-04
12/17Z.161.3Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced parameterizationRevisedDieter Hogrefe

TD 1311 Rev.1

Note (7)

ETSI ES 202 7842013-04
12/12Z.161.5Testing and Test Control Notation version 3: TTCN-3 Language extensions: Performance and real time testingNewDieter Hogrefe

TD 1312 Rev.1

Note (8)

ETSI ES 202 7822014-01
12/17Z.165Testing and Test Control Notation version 3: TTCN-3 runtime interface (TRI)RevisedDieter Hogrefe

TD 1313 Rev.1

Note (9)

ETSI ES 201 873-52013-04
12/17Z.165.1Testing and Test Control Notation version 3: TTCN-3 extension package: Extended TRIRevisedDieter Hogrefe

TD 1314 Rev.1

Note (10)

ETSI ES 202 7892013-04
12/17Z.166Testing and Test Control Notation version 3: TTCN-3 control interface (TCI)RevisedDieter Hogrefe

TD 1315 Rev.1

Note (11)

ETSI ES 201 873-62013-04

Notes:

(1)     In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

(2)     AAP Last Call to be delayed.

(3)     COM 17 – R 36 Annex A Attachment 2 contains the A.5 justification information for draft new Rec. ITU-T X.1341.

(4)     COM 17 – R 36 Annex B Attachment 1 contains the A.5 justification information for draft revised Rec. ITU-T Z.161.

(5)     COM 17 – R 36 Annex B Attachment 2 contains the A.5 justification information for draft revised Rec. ITU-T Z.161.1.

(6)     COM 17 – R 36 Annex B Attachment 3 contains the A.5 justification information for draft revised Rec. ITU-T Z.161.2.

(7)     COM 17 – R 36 Annex B Attachment 4 contains the A.5 justification information for draft revised Rec. ITU-T Z.161.3.

(8)     COM 17 – R 36 Annex B Attachment 5 contains the A.5 justification information for draft new Rec. ITU-T Z.161.5.

(9)     COM 17 – R 36 Annex B Attachment 6 contains the A.5 justification information for draft revised Rec. ITU-T Z.165.

(10)  COM 17 – R 36 Annex B Attachment 7 contains the A.5 justification information for draft revised Rec. ITU-T Z.165.1

(11)  COM 17 – R 36 Annex B Attachment 8 contains the A.5 justification information for draft revised Rec. ITU-T Z.166.

New work items:

The following 20 new work items were agreed to be added to the SG17 work programme:

Q(1)AcronymTitleNew/ RevisedAAP/TAP/ AgreementEditor(s)Documents

Equivalent

e.g., ISO/IEC

Timing***
1/17X.TRSM6ed

Technical Report

Security in telecommunications and information technology – An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications; 6th edition

NewAgreementMichael HarropNWI template:
TD 1232 Rev.1
 2015-09
2/17X.sgmvno

Supplement to ITU-T X.805

Security guideline for mobile virtual network operator (MVNO)

NewAgreement

Hongwei Luo, China;

Laifu Wang, China Telecom

NWI template:
TD 1317 Rev.2
 2016-03
2/17X.tigscTechnical implementation guidelines for ITU-T X.805NewAAPHeung Youl Youm, Korea (Republic of)

NWI template:
TD 1359 Rev.3

Base text:
TD 1359 Rev.3 Annex 2

 2017-03
3/17X.sup-gpim

Supplement to ITU-T X.gpim

Code of practice for personally identifiable information protection  for telecommunications organizations

NewAgreement

Lijun Liu, China Mobile;

Heung Youl Youm, Korea (Republic of)

NWI template:
TD 1328 Rev.4
 2016-03
4/17X.cogentDesign considerations for improved end-user perception of trustworthiness indicatorsNewTAP

Youki Kadobayashi, NICT;

Daisuke Miyamoto, University of Tokyo

NWI template:
TD 1340 Rev.2
 2015-09
4/17X.simefSession information message exchange format (SIMEF)NewTAP

Ik-Kyun Kim, ETRI, Korea (Republic of);

Jong-Hyun Kim, ETRI, Korea (Republic of)

NWI template:
TD 1364 Rev.2 Annex 1

Base text:
TD 1364 Rev.2 Annex 2

 2015-09
5/17X.gcspi

Supplement to ITU-T X.1242

Guideline for countermeasures against short message service (SMS) phishing incidents

NewAgreement

Lijun Liu, China Mobile, China (People's Rep. of);

Jae Hoon Nah, ETRI/ KISSF, Korea (Republic of);

Deawoo Park, Korea (Republic of)

NWI template:
TD 1391 Rev.3

Base text:
C 0255

 2017
5/17X.ticsc

Supplement to ITU-T X.1245

Technical measures and mechanism on countering the spoofed call in the visited network of VoLTE

NewAgreement

Bo Yu, China Unicom;

Jie Yuan, China Mobile;

Chen Zhang, China Mobile

NWI template:
TD 1359 Rev.2

Base text:
C 0289

 2016-03
6/17X.iotsec-1Simple encryption procedure for IoT device securityNewTAPHirotaka Yoshida, Hitachi

NWI template:
TD 1437 Rev.1

Base text:
C 0286 Rev.1

 2016-03
6/17X.itssec-1Software update capability for ITS communications devicesNewTAP

Masashi Eto, NICT

Koji Nakao, NICT / KDDI

NWI template:
TD 1409 Rev.3 Annex 1

Base text:
TD 1409 Rev.3 Annex 2

 2016-03
6/17X.itssec-2Security guidelines for V2X communication systemsNewTAP

Sang-Woo Lee, ETRI;

Jae-Hoon Nah, ETRI

NWI template:
TD 1405 Rev.1
 2016-03
6/17X.sgsec-2Security guidelines for home area network (HAN) devices in smart grid systemsNewTAP

Woong Go, KISA;

Haeryong Park, KISA;

Jeong-Jun Suh, KISA

NWI template:
TD 1386 Rev.2

Base text:
TD 1386 Rev.2

 2017-03
6/17X.msec-9Functional security requirements and architecture for mobile phone anti-theft measuresNewTAP

Xia Junjie, China Unicom;

Heung Youl Youm, Korea (Republic of)

NWI template:
TD 1348 Rev.4

Base text:
TD 1348 Rev.4 Annex 1

 2017-03
6/17X.sdnsec-1Requirements for security services based on software-defined networkingNewTAP

Hyoungshick Kim, Korea (Republic of);

JungSoo Park, ETRI

NWI template:
TD 1371

Base text:
TD 1371 Annex 1

 2017-03
7/17X.websec-6Security framework and requirements for open capabilities of telecommunication servicesNewAAP

Feng Gao, China Unicom;

Jae Hoon Nah, ETRI;

Junjie Xia, China Unicom

NWI template:
TD 1368 Rev.1

Base text:
C 0303 Rev.2

 2016-09
7/17X.websec-7Reference monitor for online analytics servicesNewAAP

Hyungjin Lim, Korea (Republic of);

Jongyoul Park, ETRI;

Junjie Xia, China Unicom

NWI template:
TD 1327 Rev.2

Base text:
C 0253

 2017
8/17X.CSCDataSecGuidelines for cloud service customer data securityNewTAPNan Meng, MIIT/China

NWI template:
TD 1422 Rev.2

Base text:
TD 1422 Rev.2 Annex I

 2017
10.17, (7/17)X.eaaaEnhanced entity authentication based on aggregated attributesNewTAP

Tae Kyung Kim, Korea (Republic of)

Jae Hoon Nah, ETRI, Korea (Republic of);

Junjie Xia, China Unicom, P.R.China

NWI template: TD 1350 Rev.3 2016
10/17X.1255sup

Supplement to Recommendation ITU-T X.1255

Proposed conceptual models based on ITU-T X.1255 frameworks

NewAgreementAbbie Barbir, MBNANWI template:
TD 1411 Rev.2
 2015-04
11/17X.oiddevInformation technology – Use of object identifiers to identify devices in the Internet of ThingsNewAAPJun Seob LEE, ETRI

NWI template:
TD 1427 Rev.1

Base text:
TD 1363 Rev.2

yes2016

Notes:

***      Target date for consent or determination of Recommendations or for approval of appendices,
supplements or implementers' guides.

(1)        In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

Work items discontinued:

The following two work items were agreed to be deleted from the work programme:

QAcronymTitleAction
4/17X.cybex-beepUse of BEEP for cybersecurity information exchangedelete
10/17X.giimMechanisms to support interoperability across different IdM servicesdelete

Coordination and promotion activities:

  • A fruitful joint meeting between SG17 and ITU-D SG2 Question 3/2 took place, which mutually envisioned further strengthened collaboration.
  • SG17 reviewed the established liaison relationships between ITU-T and ISO TCs, SCs and JTC1/SCs, and checked if the Category A, B, C, or D designations still apply (for SG17).
  • Two Joint Coordination Activity meetings under the SG17 parent-ship were held, JCA-IdM and JCA-COP.
  • Updates were made to the Security Compendium, and to the ICT Security Roadmap.

Correspondence Groups:

Three new Correspondence Groups and one continued CG were agreed.

  • CG-investigate: New Correspondence Group on investigation for new topics for SG17 standardization; convened by all 8 session chairmen of the ITU security workshop.
    The CG will investigate any considerable topics from the results of the workshop, and to collect and analysis the further information related to the new topics for the purpose of identifying a set of new work items for SG17 near future. Envisioned topics are for example: Big Data security, IoT security, smart home/city (including smart-grid), CII resilience (CIIR)).
  • CG-rapp-guidelines, New Correspondence Group on guidelines for organizing Rapporteur Group meetings and meetings of Questions; convened by Mr. Jiang Hua. This CG will discuss a) review and provide comments to SG17 on the ITU-T SG16 guidelines for organizing Rapporteur Group meetings (TSAG TD 150); and b) provide to SG17 a proposal for unifying the agendas of meetings of Questions held during working party or study group meetings, in particular unifying the time table for taking up agendas items.
  • CG-coll-strengthening, New Correspondence Group on strengthening collaboration between ITU-T SG17 and ITU-D SG2 Q3/2 on security. This new ITU intersectoral CG between the T- and the D- Sectors will identify areas for collaboration. Exact details of the technical implementation and convernership of this CG are subject for further coordination between TSB and BDT.
  • CG-CYBEX, Continued Correspondence Group on cybersecurity information exchange capabilities.

Other highlights:

  • Four special sessions were held to off-load the plenaries from debates: on bridging the standardization gap (with live interpretation); on outcomes of the ITU-T security workshop; on preparing for the joint meeting between SG17 and D-Q3/2; and the joint meeting with D-3/2. The meeting confirmed to continue organizing a BSG session at every SG17 meeting.
  • SG17 agreement on the A.4 and A.5 qualification of the OpenID Foundation with SG17's expectation to receive their IdM specifications for standardization in SG17.
  • SG17 agreement on the A.4 or A.6 qualification of GSMA for X.msec-9.
  • SG17 invited the Fast Identity Online (FIDO) alliance to consider initiating a qualification according to Recs. ITU-T A.4 and A.5.
  • SG17 initiated collaboration with OASIS TC IBOPS (Identity Based Attestation and Open Exchange Protocol Specification, i.e. IdM using telebiometrics).
  • Due to procedural constraints imposed by Rec. ITU-T A.7 (12 days deadline for submission of proposals), a new Focus Group on Critical Infrastructure Protection and ICT Security (FG-CIPIS) with proposed terms of reference could not be established at this meeting.
  • WP2/17 considered the few (2), non-representative responses to the questionnaire on spam and agreed that some other means should be tried instead to gather the desired information than using questionnaires.

Associated events:

Associated events below assisted in identifying new actions for the study group and leverage the collaboration with other organizations and hopefully attract new experts to the ITU-T and SG17 community.

  • A successful, well attended ITU workshop on ICT Security Standardization Challenges for Developing Countries - Geneva, Switzerland, 15 – 16 September 2014 took place before the SG17 meeting.
  • Mentoring programme for newcomers: Comprehensive programme through tutorials (see below), welcome, feedback session and guided tour, all attended with interest.
  • Reception and social networking event sponsored by RANS with live harp music performance by artist Mr. Alexander Boldachev.

Tutorial presentations:

Seven tutorial presentations were given at this Study Group 17 meeting and found quite some positive interest.

  •  "SG17 orientation session for newcomers",
    Arkadiy Kremer, SG17 Chairman.
  • "ENISA and standards",
    Mr. Slawomir Gorniak, ENISA.
  • "Security aspects on Intelligent Transportation Systems (ITS) and how to keep cars secure",
    Mr. Juergen Frank, Freescale Halbleiter Deutschland GmbH.
  • "Multinational Alliance for Collaborative Cyber Situational Awareness (MACCSA): Accelerating Information Sharing for Collaborative Cyber Situational Awareness (CCSA)",
    Mr. Patrick Curry, CEO of MACCSA
    This tutorial was further discussed by Q4/17.
  • "New SharePoint collaboration site created for SG17 work",
    Mr. Al Dayao, TSB.
  • "Massive PII leak incident and national-level countermeasures in Korea",
    Mr. Heung-Youl Youm, Soonchunhyang University, Korea.
  • "ITU's engagement in the Internet Governance Forum (IGF)",
    Ms. Jeoung Hee Kim, ITU GenSec SPM; Mr. Chengetai Masango, IGF Secretariat.

Next SG17 meeting:

  • WED 8 – FRI 17 April 2015, Geneva, Switzerland.
  • Eight interim Rapporteur Group meetings (some of them virtual e-meetings) are planned until April 2015.

 

​ ​