Committed to connecting the world

Search for:

Executive Summary

Executive Summary

Meeting of ITU-T SG17 'Security', Geneva, 29 August – 6 September 2017

Hot topics:

Distributed Ledger Technology (DLT) security
IoT security
Intelligent Transport System (ITS) security
TTCN-3
Event Data Recorder
Software-defined networking security
Big Data security
Identity management
Security architecture
Information Security Management
Mobile terminal security
Smart-grid security
Application security
Clouding computing security
Advertising spam/fraud

ITU workshop on security aspects of Intelligent Transport System (ITS)

The event was announced by TSB Circular 34 and was attended by 95 participants from 15 countries. Its outcomes identified next step advices for ITS security related study in Q13/17.

New Question 14/17 DLT security

SG17 agreed to establish a new Question 14/17 on Security Aspects of Distributed Ledger Technologies.

New work items:

26 new work items were agreed to be added to the SG17 work programme. Details are in Annex B.

1 work item was discontinued. Details are in Annex C.

Next SG17 meeting:

SG17 future meetings will be 8 working days.

Tuesday 20 – Thursday 29 March 2018, Geneva, Switzerland.

Workshop on 5G security on Monday 19 March 2018, Geneva, Switzerland.

Wednesday 29 August – Friday 7 September 2018, Geneva, Switzerland.

Workshop (subject to be decided) on Tuesday 28 August 2018, Geneva, Switzerland.

14 texts are planned for approval, determination, consent or agreement in March 2018.
Interim RGM meetings: 8 Questions plan to hold 8 RGMs. See: http://www.itu.int/net/ITU-T/lists/rgm.aspx?Group=17.

Meeting Output:

The SG17 plenary meeting:

Approved (TAP) 4 new/revised ITU-T Recommendations. Details are in Annex A a).
Agreed 3 new Supplements. Details are in Annex A c).
Determined (TAP) 3 draft new ITU-T Recommendations. Details are in Annex A d).
Consented (AAP) 22 new/revised texts for Last Call. Details are in Annex A e).

Bridging the Standardization Gap (BSG):

Orientation programme for newcomers: welcome and guided tour, SG17 orientation session with SG17 overview presentation given by SG17 Chairman; Special session on addressing contributions from developing countries.
BSG hands-on training session for 4 participants from 3 developing countries.

Tutorial presentations:

Seven tutorial presentations received positive feedback on their rich information, including presentations on Financial Inclusion Global Initiative (FIGI), Symantec strategy for information security and perspective for security standardization, Privacy management in a system life cycle, Quantum Safe Cryptography, overview on 5G security standardization, and SG17 overview.

Participation:

134 participants (185 announced): 30 Member States, 18 Sector Members, 2 Associates, and 2 Academia. 9 invited experts.
6 partial fellowships granted: (Afghanistan), Benin, Central Africa, Dem. Rep. of Congo DRC, Guinea, Myanmar, Uganda
New Member States participation from: Myanmar, Singapore (,Tajikistan (pre-registered))
SG17 vice chairmen absent: Vasiliy DOLMATOV, Russian Federation; Patrick-Kennedy KETTIN ZANGA, Central Africa; Gökhan EVREN, Turkey; and Hugo Darío MIGUEL, Argentina.

Other highlights:

SG17 plenary organized 6 special sessions to address topics of broad interest.
JCA-IdM held its 23^rd meeting on 4 Sept 2017. ITU-T SG17 received updates from OpenID Foundation, ISO/IEC JTC 1/SC 27/WG 5, OASIS Trust Elevation TC, FIDO Alliance, NH-ISAC and ISO/TC 307 (esp. TC 307/SG 4).
The ICT Security Standards Roadmap and the Security Compendia were updated. A seventh edition of the Security Manual is desired to complete in 2018 with the support of the TSB.

Correspondence Groups:

CG-cybex to continue with updated ToR in TD801
2 new CGs created:
CG-ITSsec was created with ToR in TD732 on collaboration with UNECE WP29/TFCS.

SG17 decided to create a correspondence group on transformation of security study, with ToR of this CG in TD782.
CG-IoTSec (Correspondence Group on Security and Privacy for IoT for ongoing coordination and collaboration, joint with SG20) was terminated.

Meeting input and organization:

Contributions: 106 - 36% increase (past meetings: 78, 81, 66, 74, 80)

Contribution# from: Americas (6), AFR (11), APT (75 = China 37, Korea 31, (China & Korea 2), Japan 7, Iran 1, Malaysia 1), ARAB (0), CIS (1), EUR (13), LAM (0)

TDs: 426 – SG17 record (previous meeting: 368, 391, 418, 371, 386), including 49 incoming liaison statements and 40 outgoing liaison statements; 80 sourced from TSB.

204 sessions were organized, many parallel meetings per quarter each day. 11 sessions were equipped with AdobeConnect to allow participation from remote.

Annex A
Actions taken on Recommendations, and other texts at the 6 Sept 2017 SG17 plenary

a) TAP Recommendations approved (WTSA-16 Resolution 1):

The SG17 plenary meeting approved (TAP) three draft new and one draft revised ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work
4/17	X.1213 (X.sbb)	Security Capability Requirements for Countering Smartphone-based Botnets	New	Junjie Xia, Bo Yu, Jae Hoon Nah	R5		2014-01
4/17	X.1541rev	Incident Object Description Exchange Format version 2	Revised	Youki Kadobayashi, Takeshi Takahashi	TD706		2017-03
5/17	X.1248 (X.cspim)	Technical Requirements for Countering Instant Messaging Spam (SPIM)	New	Huamin Jin, Shuai Wang, Junjie Xia, Zhaoji Lin	R6		2014-01
6/17	X.1127 (X.msec-9)	Functional security requirements and architecture for mobile phone anti-theft measures	New	Junjie Xia, Heung Youl Youm	TD771		2014-09

Approval of the above Recommendations will be announced by TSB Circular in October 2017.

b) TAP Recommendations not approved (WTSA-16 Resolution 1): None.

c) Amendment approved, Supplements agreed, Implementer's guide approved, Technical Report agreed:

The SG17 plenary meeting agreed three new Supplements.

Q	Acronym	Title	New / Revised	Editor(s)	Location of Text	Equivalent e.g., ISO/IEC	Start of work
5/17	X.Suppl 29 (X.sup-gcspi)	Supplement to ITU-T X.1242 –Guidelines on countermeasures against short message service (SMS) phishing and smishing attacks	New	Changjin Lee, Lijun Liu, Jae Hoon Nah, Deawoo Park, Heung-Youl Youm	TD721Rev.1		2014-09
2/17	X.Suppl 30 (X.sup-sgmvno)	Supplement to ITU-T X.805: Security Guideline for Mobile Virtual Network Operator (MVNO)	New	Laifu Wang, Dongxin Liu, Hongwei Luo	TD667		2014-09
11/17	X.Suppl 31 (X.sup-oid-iot)	Supplement to ITU-T X.660 –Guidelines for using object identifiers for the Internet of things	New	Zhaoji Lin, Wenjing Ma Dongya Wu	TD774Rev.1		2014-01

d) Recommendations determined (TAP – WTSA-16 Resolution 1):

The SG17 plenary meeting determined (TAP) three new draft ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work
4/17	X.1214 (X.samtn)	Security assessment techniques in telecommunication/ICT networks	New	Byung-moon Chin, Vibha Tomar	SG17-R12		2015-04
6/17	X.1331 (X. sgsec-2)	Security guidelines for Home Area Network (HAN) devices in Smart Grid systems	New	Soyoung Jung, Gunhee Lee, Haeryong Park	SG17-R14		2016-08
8/17	X.1603 (X.dsms)	Data security requirements for the monitoring service of cloud computing	New	Zhiyuan Hu, Min Shu, Ye Tao, Ni Zhang	SG17-R16		2015-09

Information on the Member States consultation is available in TSB Circular 53 of 11 October 2017.

e) AAP Recommendations consented for consented Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to six draft new ITU-T Recommendations, twelve draft revised ITU-T Recommendations and four draft Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:

Q⁽¹⁾	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work
2/17 (3/17)	X.1040 (X.salcm)	Security reference architecture for lifecycle management of e-commerce business data	New	Kepeng Li, Zhaoji Lin, Junjie Xia, Feng Zhang	TD672Rev.2		2016-03
3/17	X.1053 (X.sgsm)	Code of practice for information security controls based on ITU-T X.1051 for small and medium-sized telecommunication organizations	New	Wataru Senga, ChangOh Kim	TD757		2009-10
7/17	X.1146 (X.websec-8)	Security protection guidelines for value-added services provided by telecommunication operators	New	Lijin Liu, Zhaoji Lin Jae Hoon Nah	TD718		2015-09
11/17	X.680 Cor.2	Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation; Technical Corrigendum 2		Jean-Paul Lemaire	TD587Rev.1	ISO/IEC 8824-1:2015 Cor.2	2016-09
11/17	X.682 Cor.1	Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification; Technical Corrigendum 1		Jean-Paul Lemaire	TD679Rev.1	ISO/IEC 8824-3 Cor. 1	2016-09
11/17	X.693 Cor.1	Information technology – ASN.1 encoding rules: XML Encoding Rules (XER) Technical Corrigendum 1		Jean-Paul Lemaire	TD588	ISO/IEC 8825-4 Cor.1	2017-09
11/17	X.696 Cor.2	Information technology - ASN.1 encoding rules: Specification of Octet Encoding Rules (OER) Technical Corrigendum 2		Jean-Paul Lemaire	TD589	ISO/IEC 8825-7 Cor.2	2017-09
11/17	X.697	Information Technology – ASN.1 encoding rules: Specification of Javascript Object Notation (JSON) Encoding Rules (JSON/ER)	New	Paul Thorpe	TD769	ISO/IEC 8825-8	2016-03
12/17	Z.161	Testing and Test Control Notation version 3: TTCN-3 core language	Revised	Dieter Hogrefe	TD634	ETSI ES 201 873-1	2016-09
12/17	Z.161.1	Testing and Test Control Notation version 3: TTCN-3 language extensions: Support of interfaces with continuous signals	Revised	Dieter Hogrefe	TD642	ETSI ES 202 786	2015-09
12/17	Z.161.2	Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment support	Revised	Dieter Hogrefe	TD630	ETSI ES 202 781	2015-09
12/17	Z.161.3	Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced parameterization	Revised	Dieter Hogrefe	TD631	ETSI ES 202 784	2015-09
12/17	Z.161.4	Testing and Test Control Notation version 3: TTCN-3 language extensions: Behaviour types	Revised	Dieter Hogrefe	TD632	ETSI ES 202 785	2015-09
12/17	Z.161.6	Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced Matching	New	Dieter Hogrefe	TD633Rev.1	ETSI ES 203 022	2017-09
12/17	Z.164	Testing and Test Control Notation version 3: TTCN-3 operational semantics	Revised	Dieter Hogrefe	TD635	ETSI ES 201 873-4	2016-09
12/17	Z.165	Testing and Test Control Notation version 3: TTCN-3 runtime interface (TRI)	Revised	Dieter Hogrefe	TD636	ETSI ES 201 873-5	2015-09
12/17	Z.166	Testing and Test Control Notation version 3: TTCN-3 control interface (TCI)	Revised	Dieter Hogrefe	TD637	ETSI ES 201 873-6	2016-09
12/17	Z.167	Testing and Test Control Notation version 3: Using ASN.1 with TTCN-3	Revised	Dieter Hogrefe	TD638	ETSI ES 201 873-7	2015-09
12/17	Z.168	Testing and Test Control Notation version 3: The IDL to TTCN-3 mapping	Revised	Dieter Hogrefe	TD639	ETSI ES 201 873-8	2015-09
12/17	Z.169	Testing and Test Control Notation version 3: Using XML schema with TTCN-3	Revised	Dieter Hogrefe	TD640	ETSI ES 201 873-9	2016-09
12/17	Z.170	Testing and Test Control Notation version 3: TTCN-3 documentation comment specification	Revised	Dieter Hogrefe	TD641	ETSI ES 201 873-10	2015-09
12/17	Z.171	Testing and Test Control Notation version 3: Using JSON with TTCN-3	New	Dieter Hogrefe	TD643Rev.1	ETSI ES 201 873-11	2017-09

Note:

(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

(2) A.5 justification information for 14 draft revised Recommendations ITU-T Z.160-Z.171 are found in 14 TDs TD644-TD657 respectively.

These Recommendations have entered into AAP Last call in September-October 2017 (see AAP-20 and AAP-22) and been approved in October-November 2017 (see AAP-23 and AAP-24).

f) Work items planned for action in next March 2018 SG17 meeting:

Q⁽¹⁾	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
2/17 (6/17)	X.VoLTEsec-1	Security framework for voice-over-long-term-evolution (VoLTE) network operation	New	HaiTao Du, Zhaoji Lin, Jing Shao, Liang Wei, Feng Zhang	TD743		2016-03	2018-03
3/17	X.sup-gpim**	Supplement to ITU-T X.1058 Code of practice for personally identifiable information protection based on ITU-T X.1058 for telecommunications organizations	New	Heung Youl Youm, Lijun Liu, Jaenam Ko. Seung Woo Yu	TD707		2014-09	2018-03
4/17	X.1500 Amd.12	X.1500 (2011) Amendment 12, Overview of cybersecurity information exchange (CYBEX)	New	Youki Kadobayashi			2017-03	2018-03
5/17	X.tfcma*	Technical Framework for Countering Mobile in-application Advertising Spam	New	Hongwei Luo, Laifu Wang, Xin Wang	TD699Rev.1		2015-09	2018-03
6/17	X.iotsec-2*	Security framework for Internet of Things	New	Xia Junjie, Heung-Youl Youm	TD720		2015-04	2018-03
9/17	X.1080.0 Amd. 1*	X.1080.0 Amendment 1, Access control for telebiometrics data protection	New	Erik Andersen	TD710Rev.1		2017-09	2018-03
9/17	X.1080.1rev	X.1080.1, e-Health and world-wide telemedicines – Generic telecommunication protocol	Revised	Erik Andersen	TD711		2016-09	2018-03
10/17	X.te	Authentication Step-Up Protocol and Metadata Version 1.0 OASIS Standard published	New	Abbie Barbir Sylvan Tran	TD785	OASIS	2016-03	2018-03
11/17	X.680 Amd.1	Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation Amendment 1	New	Paul E. Thorpe	TD678Rev.1	ISO/IEC 8824-1:2015 Amd.1	2016-09	2018-03
12/17	Z.100 Annex F1	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: General overview	Revised	Edel Sherratt	TD624		2017-03	2018-03
12/17	Z.100 Annex F2	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Static semantics	Revised	Edel Sherratt	TD625		2017-03	2018-03
12/17	Z.100 Annex F3	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Dynamic semantics	Revised	Edel Sherratt	TD626		2017-03	2018-03
12/17	Z.109rev	Specification and Description Language - Unified modeling language profile for SDL-2010	Revised	Alexander Kraas	-		2017-03	2018-03
12/17	Z.151rev	User Requirements Notation (URN) - Language definition	Revised	Gunter Mussbacher	C104		2015-09	2018-03
12/17	Z.Imp100	Z.Imp100 Specification and Description Language implementer's guide - Version 3.0.2	Revised	Rick Reed	TD628		2017-09	2018-03

Note:

Annex B
New work items

The following 26 new work items were agreed to be added to the SG17 work programme:

Q⁽¹⁾	Acronym	Title	New/ Revised	AAP/TAP/ Agreement	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Timing⁽²⁾
2/17	X.ssc	Security Service Chain Architecture	New	AAP	Zhiyuan Hu, Min Zuo, Ye Tao, Min Shu	TD668		2019-12
2/17	X.srnv	Security Requirements of Network Virtualization	New	TAP	Ye Tao, Di Liu, Min Zuo, Min Shu	TD674		2019-09
3/17	X.1052-rev	Organization information security management guideline	Rev	AAP	Lijun Liu, Ming Lyu, Jinghua Min	TD688 Rev.2		2018-09
3/17	X.1054-rev	Governance of information security	Rev	TAP	Thaib Mustafa, Anfona Traore, Jinghua Min	TD737		2020
3/17	X.cins	Information technology - Security techniques – Guidelines for Cyber Insurance	New	AAP	Miho Naganuma	TD738 Rev.1		2020
3/17	X.sup-myuc**	Code of practice for information security control base on ITU-T X.1051 for Malaysian telecommunications organizations information and network security management	New	Agreement	Thaib Mustafa, Rafeah Omar,	TD726 Rev.1		2018-09
5/17	X.gcims	Guidelines for countering instant messaging spam	New	TAP	Shuai Wang, Laifu Wang, Yanbin Zhang, ChangOh Kim, Huamin Jin,	TD778		2020-09
6/17	X.secup-iot	Secure Software Update Procedure for IoT Devices	New	TAP	Takeshi Takahashi, Koji Nakao	TD736 Rev.1		2019-03
6/17	X.nb-iot	Security Requirements and Framework for Narrow Band Internet of Things	New	TAP	Junjie Xia, Feng Gao, Heung Youl Youm, Bo Yu	TD770		2019-09
6/17	X.ibc-iot	Security Requirements and Framework of Using Identity-Based Cryptography Mechanism in Internet of Things	New	TAP	Jiang Yu, Yixiang Zhu, Haiguang Wang, Zhaohui Cheng, Zhaoji Lin	TD775 Rev.2		2019-09
7/17	X.sfop	Security framework of open platform for FinTech services	New	AAP	Jae Hoon Nah, Feng Gao, Xin Wang, HyungJin Lim	TD692Rev.1		2019-12
7/17	X.tfss	Technical Framework for Security Services Provided by Operators	New	AAP	Junjie Xia, Feng Gao, Jae Hoon Nah, Arnaud Taddei, Yu Jiang, Yexia Cheng	C158		2019-12
8/17	X.sgtBD	Security guidelines of lifecycle management for telecom Big Data	New	AAP	Min Zuo, Feng Gao	TD764		2019-10
11/17 (10/17)	X.509 Amd.1	First Amendment to Rec. ITU-T X.509(2016) \| ISO/IEC 9594-8 (2017)	New	AAP	Erik Andersen	TD758	ISO/IEC 9594-8	2018-09
11/17 (10/17)	X.520 Amd.1	First Amendment to Rec. ITU-T X.520(2016) \| ISO/IEC 9594-6 (2017)	New	AAP	Erik Andersen	TD759	ISO/IEC 9594-6	2018-09
11/17 (10/17)	X.509prot	Information technology - Open Systems Interconnection - The Directory: Protocol specifications for public-key infrastructure and privilege management infrastructure	New	AAP	Erik Andersen	TD760	ISO/IEC 9594-x	2018-09
13/17	X.itssec-3	Security requirements for vehicle accessible external devices	New	AAP	Seungwook Park, Aram Cho, Sang-Woo Lee	TD747 Rev.1		2019-09
13/17	X.itssec-4	Methodologies for intrusion detection system on in-vehicle system	New	AAP	Huy Kang Kim, ChangOh Kim, Sang-Woo Lee, Seungwook Park	TD748 Rev.1		2020-03
13/17	X.itssec-5	Security guidelines for vehicular edge computing	New	TAP	Sang-Woo Lee	TD749 Rev.1		2020-03
14/17	X.sar-dlt	Security architecture for Distributed Ledger Technology	New	AAP	Kepeng Li, Petr Kalambet, Kirill Ivkushkin, Bilyk Tatiana, Min Shu	TD686rev.1		2019-09
14/17	X.dlt-sec	Privacy and security considerations for using DLT data in Identity Management	New	TAP	Abbie Barbir	TD698Rev.2		2019-09
14/17	X.ss-dlt	Security services based on distributed ledger technology	New	AAP	Min Zuo, Ke Wang, Junjie Xia, Zhaoji Lin, Kai Wei, Ramy Ahmed Fathy	TD697Rev.3		2019-10
14/17	X.str-dlt	Security threats and requirements of digital payment services based on distributed ledger technology	New	AAP	Kyeong Hee Oh, ChangOh Kim	TD693Rev.1		2020-03
14/17	X.sa-dlt	Security assurance for distributed ledger technology	New	AAP	Mee Yeon Kim, Heung Youl Youm	TD709Rev.2		2020-09
14/17	X.stov	Security threats to online voting using distributed ledger technology	New	AAP	Keundug Park, ChangOh Kim, Heung Youl Youm	TD729Rev.2		2020-03
14/17	X.sct-dlt	Security Capabilities of and Threats to Distributed Ledger Technology	New	AAP	Min Zuo, Ke Wang, Junjie Xia, Zhaoji Lin, Kai Wei, Heung Youl Youm, Ramy Ahmed Fathy	TD 696 Rev.3		2019-10

Note:

Annex C
Work items discontinued

Q	Acronym	Title	Action
11/17	X.pki-prof	Information Technology - Public-Key Infrastructure: Profile	Discontinue and delete from the work programme

Committed to connecting the world

Executive Summary

Hot topics:​

ITU workshop on security aspects of Intelligent Transport System (ITS)

New Question 14/17 DLT security

New work items:

Next SG17 meeting:

Meeting Output:

Bridging the Standardization Gap (BSG):

Tutorial presentations:

Participation:

Other highlights:

Correspondence Groups:

Meeting input and organization:

Annex A Actions taken on Recommendations, and other texts at the 6 Sept 2017 SG17 plenary

a) TAP Recommendations approved (WTSA-16 Resolution 1):

c) Amendment approved, Supplements agreed, Implementer's guide approved, Technical Report agreed:

d) Recommendations determined (TAP – WTSA-16 Resolution 1):

e) AAP Recommendations consented for consented Last Call (Recommendation ITU-T A.8):

f) Work items planned for action in next March 2018 SG17 meeting:

Annex B New work items

Annex C Work items discontinued

Hot topics:

Annex A
Actions taken on Recommendations, and other texts at the 6 Sept 2017 SG17 plenary

Annex B
New work items

Annex C
Work items discontinued