Committed to connecting the world

Search for:

1901-summary

Executive Summary

Meeting of ITU-T SG17 'Security', Geneva, 22-30 January 2019

Hot topics:

Quantum Key Distribution Networks
Artificial Intelligence/Machine Learning and Security
Edge computing security
5G security
Post-quantum PKI
Cloud-based platform (industrial Internet, etc) security
Distributed identity management
Malware Analysis
Data de-identification

ITU Workshop on Artificial Intelligence, Machine Learning and Security

The event was announced by TSB Circular 116 and was attended by 71 participants (including remote participation) from 17 countries. Outcome of this workshop identified next step advices for SG17 is found at: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20190121/Documents/Outcome Report.pdf.

Meeting Output:

Approved (TAP) 3 new ITU-T Recommendations. Details are in Annex A a).
Agreed 1 new Supplement. Details are in Annex A c).
Consented (AAP) 3 new Recommendation/Corrigendum for Last Call. Details are in Annex A e).
10 new work items were agreed to be added to the SG17 work programme. Details are in Annex B.
Q2/17 Text revised to highlight new working areas on foundations on AI/ML for ICT security.

Next SG17 meeting:

Tuesday 27 August – Thursday 5 September 2019, Geneva, Switzerland (8 working days).

Workshop on FinTech security on Monday 26 August 2019, Geneva, Switzerland.

Tuesday 17 – Thursday 26 March 2020 in Geneva (8 Working days) (to be confirmed)
Tuesday 25 August – Thursday 3 September 2020 in Geneva (8 Working days) (to be confirmed)
53 texts are candidate for action in next SG17 meeting, see in Annex A f).
Interim RGMs: 8 Questions plan to hold 9 RGMs.

	Q	Date	Place/Host	Subject/objective
1.	3/17	In the week of 17 June 2019	e-meeting	To address all work items of Q3/17
2.	6/17	tbd (May or June 2019)	tbd	To address all work items and identify future topics for Q6/17
3.	7/17	18-19 June 2019	ChongQing, China	To address all items of Q7/17
4.	8/17	11-12 or 13-14 June 2019 (tbd)	Beijing, China	To address all items of Q8/17
5.	10/17	April 2019	e-meeting	tbd
6.	10/17	June 2019	e-meeting	tbd
7.	11/17	22-26 April 2019	Beijing, China	Collaborative meeting ITU-T Q11/17 and ISO/IEC/JTC 1/SC 6/WG 10
8.	13/17	11-12 June 2019 (tbd)	Beijing, China	To address all work items of Q13/17
9.	14/17	May-June 2019　(tbd)	e-meeting	To address all issue and to identify future topics.

Bridging the Standardization Gap (BSG):

Welcome and guided tour for newcomers;
SG17 orientation session with SG17 overview presentation given by SG17 Chairman;
SG17 Counsellor's clinic to answer questions from delegates on ITU-T (SG17) working methods
Informal gatherings of SG17RG-AFR and SG17RG-ARB
Trial on use of a daily 'check-in' sheet to track and evaluate participation of delegates attending this SG17 meeting on an ITU fellowship

Tutorial presentations:

A half-day mini-workshop/showcase (TD1837) on QKD on 23 Jan 2019 for 7 new members who joined SG17 for this subject to explain this new work area
Q1-14/17 tutorials (TD1793) to initiate SG17 preparation for WTSA-2020.

Participation:

178 participants (182 announced): 36 countries, 21 Sector Members, 4 Associates, and 2 Academia. 8 invited experts.
8 partial fellowships granted: Comoros, Congo DRC, Mali, Niger, Palestine, Senegal, Sudan, Syria
3 new associates (Hudson Institue (USA), Quantum Xchange (USA), Cambridge Quantum Computing (UK))
2 new Sector Members from China (QuantumCTek, CAS Quantum Network)
1 New Member State participation: Liberia
SG17 vice chairmen absent (6/9): Vasiliy DOLMATOV (Russia), Gökhan EVREN (Turkey), Juan GONZALEZ (USA), Patrick-Kennedy KETTIN ZANGA (Central Africa) and Hugo Darío MIGUEL (Argentina) (Muataz Elsadig ISHAG (Sudan) participated 3 days)

Correspondence Groups:

CG-xss (correspondence group on transformation of security study) will continue.
CG-sg17-wtsa20-prep (Correspondence Group on SG17 preparation for WTSA-20) was established.

Meeting input and organization:

Contributions: 118 - stable (past meetings: 144, 113, 106, 78, 81, 66, 74, 80)
Contribution# from: APT (98 (83%) (= China 49 (42%), Korea 41, Japan 7, Malaysia 2)), Americas (12), EUR (9), AFR (3), ARAB (1), LAM (0).
TDs: 380 (previous meeting: 420, 395, 426, 368, 391, 418, 371, 386), including 47 incoming liaison statements and 30 outgoing liaison statements; 80+ prepared by SG17 secretary.
240 sessions (previous meeting: 252, 249, 204) were organized, up to 12 parallel meetings per quarter.
29 sessions (previous meeting: 27, 25, 11) used remote participation

Annex A
Actions taken on Recommendations, and other texts at the 7 September 2018 SG17 plenary

a) TAP Recommendations approved (WTSA-16 Resolution 1):

The SG17 plenary meeting approved (TAP) the following three draft new ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing of approval
1.	4	X.1215 (X.ucstix)	Use cases for structured threat information expression	New	Ik-Kyun Kim, Jihye Kim, Jong-Hyun Kim, Heung Youl Youm	R29		2017-03	2019-01
2.	5	X.1249 (X.tfcma)	Technical framework for countering mobile in-application advertising spam	New	Hongwei Luo, Laifu Wang, Xin Wang	TD1869R1		2015-09	2019-01
3.	6 (,2)	X.1042 (X.sdnsec-1)	Security services using the software-defined networking	New	Hyoungshick Kim, JungSoo Park	TD1873R1		2014-09	2019-01

Approval of the above Recommendations will be announced by TSB Circular in Feb 2019.

b) TAP Recommendations not approved (WTSA-16 Resolution 1):

None.

c) Amendment approved, Corrigendum approved, Supplements agreed:

The SG17 plenary meeting agreed the following new Supplement:

	Q	Acronym	Title	New / Revised	Editor(s)	Location of Text	Equivalent e.g., ISO/IEC	Start of work	Timing
	3	X.Suppl.34 (ex X.sup-myuc)	Supplement to ITU-T X.1051 Code of practice for information security controls based on ITU-T X.1051 for telecommunication organizations information and network security management	New	Thaib Mustafa, Rafeah Omar	TD1966		2017-09	2019-01

d) Recommendations determined (TAP – WTSA-16 Resolution 1):

None.

e) AAP Recommendations consented for Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to the following three new ITU-T Recommendations and Technical Corrigendum for Last Call according to Recommendation ITU-T A.8:

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	2	X.1043 (ex X.sdnsec-3)	Security framework and requirements of service function chain based on software-defined networking	New	Zhiyuan Hu, JungSoo Park, Junjie Xia, Feng Zhang, Xiaojun Zhuang, Min Zuo	TD1903R4		2017-03	2019-01
2.	9	X.1094 (ex X.tab)	Telebiometric authentication using bio-signals	New	Jason Kim, Sam Lee	TD1975		2016-08	2019-01
3.	11	X.894 Cor.1	Cryptographic Message Syntax (CMS) profile	New	Jean-Paul Lemaire	TD1867	ISO/IEC 24824-4 2019?	2019-01	2019-01

These Recommendations will enter AAP Last call in Feb 2019.

f) Work items planned for action in next SG17 meeting:

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	2	X.ssc	Security service chain architecture and its application	New	Zhiyuan Hu, Min Shu, Ye Tao, Xiaojun Zhuang, Min Zuo	TD1909R2		2017-09	2019-09
2.	2	X.srnv	Security requirements of network virtualization	New	Di Liu, Min Shu, Ye Tao, Min Zuo	TD1919		2017-09	2019-09
3.	3	X.grm	Risk management implementation guidance on the assets of telecommunication organizations accessible by global IP-based networks	New	Yunbo Feng, Bo Yu, Chen Zhang	TD1491R1		2014-09	2019-09
4.	4	X.qrng-a	Quantum Noise Random Number Generator Architecture	New	Matthieu Legré, Zhangchao Ma, Hao Qin, Dong-Hi Sim	TD1979R2		2018-09	2019-09
5.	4	TR.sec-qkd**	Security framework for Quantum Key Distribution in Telecom network	New	Dong-Hi Sim	TD1950R1			2019-09
6.	5	X.tfcas	Technical framework for countering advertising spam in user generated information"	New	Kepeng Li, Zhaoji Lin, Keundug Park, Feng Zhang	TD1922R1		2017-03	2019-09
7.	6	X.1197 Amd.1**	Amendment 1 of ITU-T Recommendation X.1197, Guidelines on criteria for selecting cryptographic algorithms for IPTV service and content protection	New	Stiepan Kovac	TD1930R1		2019-01	2019-09
8.	6	X.sgsec-3*	Security guidelines for smart metering service in smart grids	New	Gunhee Lee	TD1879		2016-09	2019-09
9.	6	X.nb-iot*	Security requirements and framework for narrow band internet of things	New	Feng Gao, Junjie Xia, Heung Youl Youm, Bo Yu	TD1883		2017-09	2019-09
10.	6	X.ibc-iot*	Security framework for use of identity-based cryptography in support of IoT services over telecom networks	New	Zhaohui Cheng, Haiguang Wang, Jiang Yu,	TD1874R2		2017-09	2019-09
11.	6	X.secup-iot*	Secure software update procedure for IoT devices	New	Yunchul Choi, Koji Nakao, Takeshi Takahashi	TD1959R1		2017-09	2019-09
12.	6	X.iotsec-3*	Technical framework of PII (Personally Identifiable Information) handling system in IoT environment	New	Yutaka Miyake, Bo Yu	TD1942R1		2017-03	2019-09
13.	7	X.fdip*	Framework of de-identification processing service for telecommunication service providers	New	Ye Won Lee, Hyungjin, Lim, Lijun Liu,Jongyoul Park, Heung Youl Youm	TD1974R1			2019-09
14.	7	X.sfop	Security framework of open platform for FinTech services	New	Feng Gao, HyungJin Lim, Jae Hoon Nah, Wesley Wang	TD1897R1			2019-09
15.	8	X.SRIaaS*	Security Requirements of Public Infrastructure as a Service (IaaS) in Cloud Computing	New	Huamin Jin, Laifu Wang, Mengxi Wang, Shuai Wang	TD1920R2			2019-09
16.	8	X.GSBDaaS*	Guidelines on security of Big Data as a Service	New	Mark McFadden, Nan Meng, Chen Zhang	TD1941			2019-09
17.	8	X.SRNaaS*	Security Requirements of Network as a Service (NaaS) in Cloud Computing	New	Zhiyuan Hu, Ye Tao, Chen Zhang, Ni Zhang	TD1895			2019-09
18.	8	X.sgtBD*	Security guidelines of lifecycle management for telecom Big Data	New	Feng Gao, Jin Peng, Lanfang Ren	TD1936R1			2019-09
19.	10	X.eaasd*	Framework of enhanced authentication in telebiometric environments using anti-spoofing detection mechanisms	New	Xiaoyuan Bai, Hongwei Luo	TD1955			2019-08
20.	10	X.Sup-1254**	Supplement to X.1254 on use cases and high level abstract implementations	New	Junjie Xia, Bo Yu, Feng Zhang	TD1958			2019-08
21.	11	X.uav-oid	Identification mechanism for unmanned aerial vehicles using object identifiers	New	Wenjing Ma	TD1887R4			2019-08
22.	11	X.500rev	Information technology – The Directory – Overview of concepts, models and services	Rev	Erik Andersen		ISO/IEC 9594-1		2019-08
23.	11	X.501rev	Information technology – The Directory – Models	Rev	Erik Andersen		ISO/IEC 9594-2		2019-08
24.	11	X.509rev	Information technology – The Directory – Public-key and attribute certificate frameworks	Rev	Erik Andersen		ISO/IEC 9594-8		2019-08
25.	11	X.511rev	Information technology – The Directory – Abstract service definition	Rev	Erik Andersen		ISO/IEC 9594-3		2019-08
26.	11	X.518rev	Information technology – The Directory – Procedures for distributed operation	Rev	Erik Andersen		ISO/IEC 9594-4		2019-08
27.	11	X.519rev	Information technology – The Directory – Protocol specifications	Rev	Erik Andersen		ISO/IEC 9594-5		2019-08
28.	11	X.520rev	Information technology – The Directory – Selected attribute types	Rev	Erik Andersen		ISO/IEC 9594-6		2019-08
29.	11	X.521rev	Information technology – The Directory – Selected object classes	Rev	Erik Andersen		ISO/IEC 9594-7		2019-08
30.	11	X.525rev	Information technology – The Directory – The Directory: Replication	Rev	Erik Andersen		ISO/IEC 9594-9		2019-08
31.	11	X.509 Cor. 1	Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks	Rev	Erik Andersen		ISO/IEC 9594-8 Cor 1		2019-08
32.	11	X.694 Cor. 1	Information technology - ASN.1 encoding rules: Mapping W3C XML schema definitions into ASN.1	Rev	Paul Thorpe		ISO/IEC 8825-5 Cor 1		2019-08
33.	11	X.893 Cor.1	Information technology - Generic applications of ASN.1: Fast infoset security	Rev	Paul Thorpe		ISO/IEC 24824-3 Cor 1		2019-08
34.	12	Z.100rev	Specification and Description Language - Overview of SDL-2010	Rev	Rick Reed	TD1801R1		2017-09	2019-09
35.	12	Z.100 Annex F1-rev	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: General overview	Rev	Rick Reed, Edel Sherratt	TD1809R1		2018-09	2019-09
36.	12	Z.100 Annex F2-rev	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Static semantics	Rev	Rick Reed, Edel Sherratt	TD1810R1		2018-09	2019-09
37.	12	Z.100 Annex F3-rev	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Dynamic semantics	Rev	Rick Reed, Edel Sherratt	TD1811R1		2018-09	2019-09
38.	12	Z.101rev	Specification and Description Language - Basic SDL-2010	Rev	Rick Reed	TD1802R1		2017-09	2019-09
39.	12	Z.102rev	Specification and Description Language - Comprehensive SDL-2010	Rev	Rick Reed	TD1803R1		2017-09	2019-09
40.	12	Z.103rev	Specification and Description Language - Shorthand notation and annotation in SDL-2010	Rev	Rick Reed	TD1804R1		2017-09	2019-09
41.	12	Z.104rev	Specification and Description Language - Data and action language in SDL-2010	Rev	Rick Reed	TD1805R1		2017-09	2019-09
42.	12	Z.105rev	Specification and Description Language - SDL-2010 combined with ASN.1 modules	Rev	Rick Reed	TD1806R1		2017-09	2019-09
43.	12	Z.106rev	Specification and Description Language - Common interchange format for SDL-2010	Rev	Rick Reed	TD1807R1		2017-09	2019-09
44.	12	Z.107rev	Specification and Description Language - Object-oriented data in SDL-2010	Rev	Rick Reed	TD1808R1		2017-09	2019-09
45.	12	Z.161	Testing and Test Control Notation version 3: TTCN-3 core language	Rev	Dieter Hogrefe		ETSI ES 201 873-1	2018-09	2019-09
46.	12	Z.161.2rev	Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment support	Rev	Dieter Hogrefe		ETSI ES 202 781	2018-09	2019-09
47.	12	Z.161.6rev	Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced Matching	Rev	Dieter Hogrefe		ETSI ES 203 022	2018-09	2019-09
48.	12	Z.166rev	Testing and Test Control Notation version 3: TTCN-3 control interface (TCI)	Rev	Dieter Hogrefe		ETSI ES 201 873-6	2018-09	2019-09
49.	12	Z.169rev	Testing and Test Control Notation version 3: Using XML schema with TTCN-3	Rev	Dieter Hogrefe		ETSI ES 201 873-9	2018-09	2019-09
50.	12	Z.Imp100-rev**	Z.Imp100 Specification and Description Language Implementer's guide – Version 4.0	Rev	Rick Reed	TD1813		2018-09	2019-09
51.	13	X.itssec-2*	Security guidelines for V2X communication systems	New	ChangOh Kim, Sang-Woo Lee, Jae-Hoon Nah, Seungwook Park	TD1913R1		2014-09	2019-09
52.	13	X.stcv*	Security threats in connected vehicles	New	ChangOh Kim, Sang-Woo Lee, Koji Nakao, Seungwook Park	TD1949R1		2018-03	2019-09
53.	14	X.sct-dlt	X.sct-dlt, Security threats to Distributed Ledger Technology	New	Zhaoji Lin, Ke Wang, Kai Wei, Junjie Xia, Heung Youl Youm, Min Zuo	TD1891R1		2017-09	2019-09

Annex B
New work items

The following 11 new work items were agreed to be added to the SG17 Work Programme:

	Q	Acronym	Title	New/ Revised	AAP/TAP/ Agreement	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Timing⁽¹⁾
1.	3	X.ciag	Cyber insurance acquisition guideline for Information and Communication Technologies (ICT) services provider	New	AAP	Thaib Mustafa, Ong Yew Seng	TD1963R1		2021-09
2.	4	X.sec-QKDN-ov	Security Requirements for QKD Networks - Overview	New	AAP	Matthieu Legré, Zhangchao Ma, Hao Qin, Dong-Hi Sim	TD1904R7		2019-09
3.	4	X.sec_QKDN-km	Security Requirements for QKD Networks - Key Management	New	AAP	Kaoru Kenyoshi, Jiajun Ma, Zhangchao Ma, Dong-Hi Sim	TD1900R3		2019-09
4.	4	X.cf-QKDN	Use of cryptographic functions on a key generated in Quantum Key Distribution networks	New	AAP	Matthieu Legré, Dong-Hi Sim	TD1953R2		2019-09
5.	4	X.rdmase	Requirements and Guidelines for Dynamic Malware Analysis in a Sandbox Environment	New	AAP	Sheng Gao, Zhaoji Lin,Tian Tian, Jigang Wang, Hanbing Yan	TD1880R1		2020-09
6.	4	TP.inno	Description of the incubation mechanism and ways to improve it	New	Agreement	Youki Kadobayashi, Zhaoji Lin, Kyeong Hee Oh, Arnaud Taddei	TD1981R2		2020-09
7.	4	TP.sgstruct	Strategic approaches to the transformation of security studies	New	Agreement	Youki Kadobayashi, Zhaoji Lin, Kyeong Hee Oh, Arnaud Taddei	TD1982R2		2020-09
8.	6	X.1197Amd.1	Amendment 1 of ITU-T Recommendation X.1197, Guidelines on criteria for selecting cryptographic algorithms for IPTV service and content protection	New	Agreement	Stiepan Kovac	TD1930R1		2019-09
9.	6	X.5Gsec-ecs*	Security framework for 5G edge computing services	New	TAP	Feng Gao, Jae Hoon Nah, Junjie Xia, Bo Yu, Xiaojun Zhuang	TD1928R1		2021-03
10.	6	X.5Gsec-guide*	Security guidelines for 5G communication system based on ITU-T X.805	New	TAP	Mee Yeon Kim, Keundug Park, Heung Youl Youm	TD1939R2		2021-09
11.	7	X.rdda*	Requirements for data de-identification assurance	New	TAP	Feng Gao, Yewon Lee, Hyungjin Lim	TD2000R1		2021-Q1
12.	8	X.sgdc*	Security guidelines for distributed cloud	New	TAP	Jinfeng Kou, Mark Mcfadden, Ye Tao, Lei Xu, Laifu Wang	TD1921R2		2021-1Q
13.	8	X.sr_cphr	Security specification for Industrial Internet Cloud-based Platform	New	AAP	Jie Ma, Nan Meng,Yaping Sun, Huirong Tian	TD1937R4		2021-1Q

Notes:

(1) Target date for consent or determination of Recommendations or for agreement of Supplements or non-normative text.
*: for determination, **: for agreement

Annex C
Work items Removed

The following work item was agreed to be removed (discontinued) from the SG17 work programme:

Q	Acronym	Title
12/17	Z.109rev	Specification and Description Language - Unified modeling language profile for SDL-2010