Committed to connecting the world

SDG

Executive Summary

​​Executive Summary

Meeting of ITU-T SG17 'Security', Geneva, 29 August – 6 September 2017

Hot topics:

  • Distributed Ledger Technology (DLT) security
  • IoT security
  • Intelligent Transport System (ITS) security
  • TTCN-3
  • Event Data Recorder
  • Software-defined networking security
  • Big Data security
  • Identity management
  • Security architecture
  • Information Security Management
  • Mobile terminal security
  • Smart-grid security
  • Application security
  • Clouding computing security
  • Advertising spam/fraud

ITU workshop on security aspects of Intelligent Transport System (ITS)  

The event was announced by TSB Circular 34 and was attended by 95 participants from 15 countries. Its outcomes identified next step advices for ITS security related study in Q13/17.

New Question 14/17 DLT security

SG17 agreed to establish a new Question 14/17 on Security Aspects of Distributed Ledger Technologies.

New work items:

26 new work items were agreed to be added to the SG17 work programme. Details are in Annex B.

1 work item was discontinued. Details are in Annex C.

Next SG17 meeting:

SG17 future meetings will be 8 working days.

  • Tuesday 20 – Thursday 29 March 2018, Geneva, Switzerland.
    • Workshop on 5G security on Monday 19 March 2018, Geneva, Switzerland.
  • Wednesday 29 August – Friday 7 September 2018, Geneva, Switzerland.
    • Workshop (subject to be decided) on Tuesday 28 August 2018, Geneva, Switzerland.
  • 14 texts are planned for approval, determination, consent or agreement in March 2018.
  • Interim RGM meetings: 8 Questions plan to hold 8 RGMs. See: http://www.itu.int/net/ITU-T/lists/rgm.aspx?Group=17

Meeting Output:

The SG17 plenary meeting:

  • Approved (TAP) 4 new/revised ITU-T Recommendations. Details are in Annex A a).
  • Agreed 3 new Supplements. Details are in Annex A c).
  • Determined (TAP) 3 draft new ITU-T Recommendations. Details are in Annex A d).
  • Consented (AAP) 22 new/revised texts for Last Call. Details are in Annex A e).

Bridging the Standardization Gap (BSG):

  • Orientation programme for newcomers: welcome and guided tour, SG17 orientation session with SG17 overview presentation given by SG17 Chairman; Special session on addressing contributions from developing countries.
  • BSG hands-on training session for 4 participants from 3 developing countries.

Tutorial presentations:

Seven tutorial presentations received positive feedback on their rich information, including presentations on Financial Inclusion Global Initiative (FIGI), Symantec strategy for information security and perspective for security standardization, Privacy management in a system life cycle, Quantum Safe Cryptography, overview on 5G security standardization, and SG17 overview.

Participation:

  • 134 participants (185 announced): 30 Member States, 18 Sector Members, 2 Associates, and 2 Academia. 9 invited experts.
  • 6 partial fellowships granted: (Afghanistan), Benin, Central Africa, Dem. Rep. of Congo DRC, Guinea, Myanmar, Uganda
  • New Member States participation from: Myanmar, Singapore (,Tajikistan (pre-registered))
  • SG17 vice chairmen absent: Vasiliy DOLMATOV, Russian Federation; Patrick-Kennedy KETTIN ZANGA, Central Africa; Gökhan EVREN, Turkey; and Hugo Darío MIGUEL, Argentina.

Other highlights:

  • SG17 plenary organized 6 special sessions to address topics of broad interest.
  • JCA-IdM held its 23rd meeting on 4 Sept 2017. ITU-T SG17 received updates from OpenID Foundation, ISO/IEC JTC 1/SC 27/WG 5, OASIS Trust Elevation TC, FIDO Alliance, NH-ISAC and ISO/TC 307 (esp. TC 307/SG 4).
  • The ICT Security Standards Roadmap and the Security Compendia were updated.  A seventh edition of the Security Manual is desired to complete in 2018 with the support of the TSB.

Correspondence Groups:

  • CG-cybex to continue with updated ToR in TD801
  • 2 new CGs created:
  • CG-ITSsec was created with ToR in TD732 on collaboration with UNECE WP29/TFCS.
  • SG17 decided to create a correspondence group on transformation of security study, with ToR of this CG in TD782.
  • CG-IoTSec (Correspondence Group on Security and Privacy for IoT for ongoing coordination and collaboration, joint with SG20) was terminated.

Meeting input and organization:

Contributions: 106 - 36% increase (past meetings: 78, 81, 66, 74, 80)

Contribution# from: Americas (6), AFR (11), APT (75 = China 37, Korea 31, (China & Korea 2), Japan 7, Iran 1, Malaysia 1), ARAB (0), CIS (1), EUR (13), LAM (0)

TDs: 426 – SG17 record (previous meeting: 368, 391, 418, 371, 386), including 49 incoming liaison statements and 40 outgoing liaison statements; 80 sourced from TSB.

204 sessions were organized, many parallel meetings per quarter each day. 11 sessions were equipped with AdobeConnect to allow participation from remote.

Annex A
Actions taken on Recommendations, and other texts at the 6 Sept 2017 SG17 plenary

 

a) TAP Recommendations approved (WTSA-16 Resolution 1):

The SG17 plenary meeting approved (TAP) three draft new and one draft revised ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

Q Acronym Title​ New / Revised Editor(s) Location of text Equivalent
e.g., ISO/IEC
Start of work
4/17

X.1213 (X.sbb)

Security Capability Requirements for Countering Smartphone-based BotnetsNewJunjie Xia,
Bo Yu,
Jae Hoon Nah
R52014-01
4/17X.1541revIncident Object Description Exchange Format version 2RevisedYouki Kadobayashi,
Takeshi Takahashi
TD7062017-03
5/17

X.1248 (X.cspim)

Technical Requirements for Countering Instant Messaging Spam (SPIM)NewHuamin Jin,
Shuai Wang,
Junjie Xia,
Zhaoji Lin
R62014-01
6/17X.1127 (X.msec-9)Functional security requirements and architecture for mobile phone anti-theft measuresNewJunjie Xia,
Heung Youl Youm
TD7712014-09

Approval of the above Recommendations will be announced by TSB Circular in October 2017.

b) TAP Recommendations not approved (WTSA-16 Resolution 1): None.

c) Amendment approved, Supplements agreed, Implementer's guide approved, Technical Report agreed:

The SG17 plenary meeting agreed three new Supplements.

Q Acronym Title New / Revised Editor(s) Location of Text Equivalent
e.g., ISO/IEC
Start of work
5/17X.Suppl 29 (X.sup-gcspi)Supplement to ITU-T X.1242 –Guidelines on countermeasures against short message service (SMS) phishing and smishing attacksNewChangjin Lee,
Lijun Liu,
Jae Hoon Nah,
Deawoo Park,
Heung-Youl Youm
TD721Rev.12014-09
2/17X.Suppl 30 (X.sup-sgmvno)Supplement to ITU-T X.805: Security Guideline for Mobile Virtual Network Operator (MVNO)NewLaifu Wang, Dongxin Liu, Hongwei Luo TD6672014-09
11/17X.Suppl 31 (X.sup-oid-iot)Supplement to ITU-T X.660 –Guidelines for using object identifiers for the Internet of thingsNewZhaoji Lin,
Wenjing Ma
Dongya Wu
TD774Rev.1 2014-01

 

d) Recommendations determined (TAP – WTSA-16 Resolution 1):

The SG17 plenary meeting determined (TAP) three new draft ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

Q Acronym Title New / Revised Editor(s) Location of text Equivalent
e.g., ISO/IEC
Start of work
4/17
X.1214 (X.samtn)Security assessment techniques in telecommunication/ICT networksNewByung-moon Chin,
Vibha Tomar
SG17-R122015-04
6/17X.1331 (X. sgsec-2)Security guidelines for Home Area Network (HAN) devices in Smart Grid systemsNewSoyoung Jung,
Gunhee Lee,
Haeryong Park
SG17-R142016-08
8/17X.1603 (X.dsms)Data security requirements for the monitoring service of cloud computingNewZhiyuan Hu,
Min Shu, Ye Tao,
Ni Zhang
SG17-R162015-09

Information on the Member States consultation is available in TSB Circular 53 of 11 October 2017.

e) AAP Recommendations consented for consented Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to six draft new ITU-T Recommendations, twelve draft revised ITU-T Recommendations and four draft Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:

Q(1) Acronym Title New / Revised Editor(s) Location of text Equivalent
e.g., ISO/IEC
Start of work

2/17

(3/17)

X.1040 (X.salcm)Security reference architecture for lifecycle management of e-commerce business dataNewKepeng Li,
Zhaoji Lin,
Junjie Xia,
Feng Zhang
TD672Rev.22016-03
3/17X.1053
(X.sgsm)
Code of practice for information security controls based on ITU-T X.1051 for small and medium-sized telecommunication organizationsNewWataru Senga,
ChangOh Kim
TD7572009-10
7/17X.1146 (X.websec-8)Security protection guidelines for value-added services provided by telecommunication operatorsNewLijin Liu,
Zhaoji Lin
Jae Hoon Nah
TD718 2015-09
11/17X.680 Cor.2Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation;
Technical Corrigendum 2
Jean-Paul Lemaire TD587Rev.1ISO/IEC 8824-1:2015 Cor.22016-09
11/17X.682 Cor.1Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification;
Technical Corrigendum 1
Jean-Paul Lemaire TD679Rev.1ISO/IEC 8824-3 Cor. 12016-09
11/17X.693 Cor.1Information technology – ASN.1 encoding rules: XML Encoding Rules (XER)
Technical Corrigendum 1
 Jean-Paul Lemaire TD588ISO/IEC 8825-4 Cor.12017-09
11/17X.696 Cor.2 Information technology - ASN.1 encoding rules: Specification of Octet Encoding Rules (OER)
Technical Corrigendum 2
 Jean-Paul Lemaire TD589ISO/IEC 8825-7 Cor.22017-09
11/17X.697Information Technology – ASN.1 encoding rules: Specification of Javascript Object Notation (JSON) Encoding Rules (JSON/ER)NewPaul Thorpe TD769ISO/IEC 8825-82016-03
12/17Z.161Testing and Test Control Notation version 3: TTCN-3 core languageRevisedDieter Hogrefe TD634ETSI ES 201 873-12016-09
12/17Z.161.1Testing and Test Control Notation version 3: TTCN-3 language extensions: Support of interfaces with continuous signalsRevisedDieter Hogrefe TD642ETSI ES 202 7862015-09
12/17Z.161.2Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment support
RevisedDieter Hogrefe TD630ETSI ES 202 7812015-09
12/17Z.161.3Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced parameterizationRevisedDieter Hogrefe TD631ETSI ES 202 7842015-09
12/17Z.161.4Testing and Test Control Notation version 3: TTCN-3 language extensions: Behaviour typesRevisedDieter Hogrefe TD632ETSI ES 202 7852015-09
12/17Z.161.6Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced MatchingNewDieter Hogrefe TD633Rev.1ETSI ES 203 0222017-09
12/17Z.164Testing and Test Control Notation version 3: TTCN-3 operational semanticsRevisedDieter Hogrefe TD635ETSI ES 201 873-42016-09
12/17Z.165Testing and Test Control Notation version 3: TTCN-3 runtime interface (TRI)RevisedDieter Hogrefe TD636ETSI ES 201 873-52015-09
12/17Z.166Testing and Test Control Notation version 3: TTCN-3 control interface (TCI)RevisedDieter Hogrefe TD637ETSI ES 201 873-62016-09
12/17Z.167Testing and Test Control Notation version 3: Using ASN.1 with TTCN-3RevisedDieter Hogrefe TD638ETSI ES 201 873-72015-09
12/17Z.168Testing and Test Control Notation version 3: The IDL to TTCN-3 mappingRevisedDieter Hogrefe TD639ETSI ES 201 873-82015-09
12/17Z.169Testing and Test Control Notation version 3: Using XML schema with TTCN-3RevisedDieter Hogrefe TD640ETSI ES 201 873-92016-09
12/17Z.170Testing and Test Control Notation version 3: TTCN-3 documentation comment specificationRevisedDieter Hogrefe TD641ETSI ES 201 873-102015-09
12/17Z.171Testing and Test Control Notation version 3: Using JSON with TTCN-3NewDieter Hogrefe TD643Rev.1ETSI ES 201 873-112017-09

Note:

(1)   In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

(2)   A.5 justification information for 14 draft revised Recommendations ITU-T Z.160-Z.171 are found in 14 TDs TD644-TD657 respectively.

These Recommendations have entered into AAP Last call in September-October 2017 (see AAP-20 and AAP-22) and been approved in October-November 2017 (see AAP-23 and AAP-24).

f) Work items planned for action in next March 2018 SG17 meeting:

 

Q(1) Acronym Title New / Revised Editor(s) Location of text Equivalent
e.g., ISO/IEC
Start of work Timing
2/17 (6/17)X.VoLTEsec-1Security framework for voice-over-long-term-evolution (VoLTE) network operationNewHaiTao Du,
Zhaoji Lin,
Jing Shao,
Liang Wei,
Feng Zhang
TD743 2016-032018-03
3/17X.sup-gpim**Supplement to ITU-T X.1058
Code of practice for personally identifiable information protection based on ITU-T X.1058 for telecommunications organizations
NewHeung Youl Youm,
Lijun Liu,
Jaenam Ko.
Seung Woo Yu
TD707 2014-092018-03
4/17X.1500 Amd.12 X.1500 (2011) Amendment 12, Overview of cybersecurity information exchange (CYBEX)NewYouki Kadobayashi  2017-032018-03
5/17X.tfcma*Technical Framework for Countering Mobile in-application Advertising SpamNewHongwei Luo,
Laifu Wang,
Xin Wang
TD699Rev.1 2015-092018-03
6/17X.iotsec-2*Security framework for Internet of ThingsNewXia Junjie,
Heung-Youl Youm
TD720 2015-042018-03
​9/17
X.1080.0 Amd. 1*
​X.1080.0 Amendment 1, Access control for telebiometrics data protection​New​Erik Andersen TD710Rev.1​2017-09​2018-03
9/17

X.1080.1rev

X.1080.1, e-Health and world-wide telemedicines – Generic telecommunication protocolRevised

Erik Andersen

 

TD711 2016-092018-03
10/17X.te

Authentication Step-Up Protocol and Metadata

Version 1.0 OASIS Standard published

NewAbbie Barbir Sylvan Tran TD785OASIS 2016-032018-03
11/17X.680 Amd.1Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation
Amendment 1
NewPaul E. Thorpe TD678Rev.1ISO/IEC 8824-1:2015 Amd.12016-092018-03
12/17Z.100 Annex F1Specification and Description Language - Overview of SDL-2010 - SDL formal definition: General overviewRevisedEdel Sherratt TD624 2017-032018-03
12/17Z.100 Annex F2Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Static semanticsRevisedEdel Sherratt TD625 2017-032018-03
12/17Z.100 Annex F3Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Dynamic semanticsRevisedEdel Sherratt TD626 2017-032018-03
12/17Z.109revSpecification and Description Language - Unified modeling language profile for SDL-2010RevisedAlexander Kraas- 2017-032018-03
12/17Z.151revUser Requirements Notation (URN) - Language definitionRevisedGunter Mussbacher C104 2015-092018-03
12/17Z.Imp100Z.Imp100 Specification and Description Language implementer's guide - Version 3.0.2RevisedRick Reed TD628 2017-092018-03

Note:

(1)   In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question. 

Annex B
New work items

The following 26 new work items were agreed to be added to the SG17 work programme:

Q(1) Acronym Title New/ Revised AAP/TAP/ Agreement Editor(s) Location of text Equivalent
e.g., ISO/IEC
Timing(2)
2/17X.sscSecurity Service Chain ArchitectureNewAAPZhiyuan Hu,
Min Zuo,
Ye Tao,
Min Shu
TD668 2019-12
2/17X.srnvSecurity Requirements of Network VirtualizationNewTAPYe Tao,
Di Liu,
Min Zuo,
Min Shu
TD674 2019-09
3/17X.1052-revOrganization information security management guidelineRevAAPLijun Liu,
Ming Lyu,
Jinghua Min
TD688 Rev.2 2018-09
3/17X.1054-revGovernance of information securityRevTAPThaib Mustafa,
Anfona Traore,
Jinghua Min
TD737 2020
3/17X.cinsInformation technology - Security techniques – Guidelines for Cyber InsuranceNewAAPMiho Naganuma TD738 Rev.1 2020
3/17X.sup-myuc**Code of practice for information security control base on ITU-T X.1051 for Malaysian telecommunications organizations information and network security managementNewAgreementThaib Mustafa,
Rafeah Omar,
TD726 Rev.1 2018-09
5/17X.gcimsGuidelines for countering instant messaging spamNewTAP

Shuai Wang,
Laifu Wang, Yanbin Zhang,
ChangOh Kim,

Huamin Jin,

TD778 2020-09
6/17X.secup-iotSecure Software Update Procedure for IoT DevicesNewTAPTakeshi Takahashi,
Koji Nakao
TD736 Rev.1 2019-03
6/17X.nb-iotSecurity Requirements and Framework for Narrow Band Internet of ThingsNew TAPJunjie Xia,
Feng Gao,
Heung Youl Youm,
Bo Yu
TD770 2019-09
6/17X.ibc-iotSecurity Requirements and Framework of Using Identity-Based Cryptography Mechanism in Internet of ThingsNewTAPJiang Yu,
Yixiang Zhu, Haiguang Wang,
Zhaohui Cheng, Zhaoji Lin
TD775 Rev.2 2019-09
7/17X.sfopSecurity framework of open platform for FinTech servicesNewAAPJae Hoon Nah,
Feng Gao,
Xin Wang,
HyungJin Lim
TD692Rev.1 2019-12
 7/17​X.tfss​Technical Framework for Security Services Provided by Operators​New​AAP​Junjie Xia,
Feng Gao,
Jae Hoon Nah,
Arnaud Taddei,
Yu Jiang,
Yexia Cheng
C158 ​2019-12
8/17X.sgtBDSecurity guidelines of lifecycle management for telecom Big DataNewAAPMin Zuo,
Feng Gao
TD764 2019-10
11/17
(10/17)
X.509 Amd.1First Amendment to Rec. ITU-T X.509(2016) | ISO/IEC 9594-8 (2017)NewAAPErik Andersen TD758ISO/IEC 9594-82018-09
11/17
(10/17)
X.520 Amd.1First Amendment to Rec. ITU-T X.520(2016) | ISO/IEC 9594-6 (2017)NewAAPErik Andersen TD759ISO/IEC 9594-62018-09
11/17 (10/17)X.509protInformation technology - Open Systems Interconnection - The Directory: Protocol specifications for public-key infrastructure and privilege management infrastructureNewAAP

Erik Andersen

TD760ISO/IEC 9594-x2018-09
13/17X.itssec-3Security requirements for vehicle accessible external devicesNewAAPSeungwook Park,
Aram Cho,
Sang-Woo Lee
TD747 Rev.1 2019-09
13/17X.itssec-4Methodologies for intrusion detection system on in-vehicle systemNewAAPHuy Kang Kim,
ChangOh Kim,
Sang-Woo Lee,
Seungwook Park
TD748 Rev.1 2020-03
13/17X.itssec-5Security guidelines for vehicular edge computingNewTAPSang-Woo Lee TD749 Rev.1 2020-03
14/17X.sar-dltSecurity architecture for Distributed Ledger TechnologyNewAAPKepeng Li,
Petr Kalambet,
Kirill Ivkushkin,
Bilyk Tatiana,
Min Shu
TD686rev.1 2019-09
14/17X.dlt-secPrivacy and security considerations for using DLT data in Identity ManagementNewTAPAbbie Barbir TD698Rev.2 2019-09
14/17X.ss-dltSecurity services based on distributed ledger technologyNewAAPMin Zuo,
Ke Wang,
Junjie Xia,
Zhaoji Lin,
Kai Wei,
Ramy Ahmed Fathy
TD697Rev.3 2019-10
14/17X.str-dltSecurity threats and requirements of digital payment services based on distributed ledger technologyNewAAPKyeong Hee Oh,
ChangOh Kim
TD693Rev.1 2020-03
14/17X.sa-dltSecurity assurance for distributed ledger technologyNewAAPMee Yeon Kim,
Heung Youl Youm
TD709Rev.2 2020-09
14/17X.stovSecurity threats to online voting using distributed ledger technologyNewAAPKeundug Park,
ChangOh Kim,
Heung Youl Youm
TD729Rev.2 2020-03
14/17X.sct-dltSecurity Capabilities of and Threats to Distributed Ledger TechnologyNewAAPMin Zuo,
Ke Wang,
Junjie Xia,
Zhaoji Lin,
 Kai Wei,
Heung Youl Youm,
Ramy Ahmed Fathy
TD 696 Rev.3 2019-10

Note:

(1)   In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.

 

Annex C
Work items discontinued

Q Acronym Title Action
11/17X.pki-profInformation Technology - Public-Key Infrastructure: ProfileDiscontinue and delete from the work programme

 

 Content Editor