Committed to connecting the world

Search for:

Executive summary

Executive Summary

Meeting of ITU-T SG17 'Security', Geneva, 20-29 March 2018

Hot topics:

5G security
Transformation of Security Study
Intelligent Transport System (ITS) security
Distributed Ledger Technology (DLT) security
Distributed identity management
IoT security
Information Security Management
Software-defined networking security
Big Data security
Mobile security
Personal information protection

ITU workshop on 5G Security

The event was announced by TSB Circular 59 and was attended by 125 participants (including remote participation) from 34 countries. Outcome of this workshop identified next step advices for 5G security related study in SG17 is found at: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180319/Documents/Outcomes_Workshop_5G_security_session_Outcomes.pdf

Meeting Output:

Approved (TAP) 3 new ITU-T Recommendations. Details are in Annex A a).
Agreed 4 new Supplement/Amendment/Corrigendum. Details are in Annex A c).
Determined (TAP) 2 draft new ITU-T Recommendations. Details are in Annex A d).
Consented (AAP) 9 new/revised texts for Last Call. Details are in Annex A e).
20 new work items were agreed to be added to the SG17 work programme. Details are in Annex B.

Next SG17 meeting:

Wednesday 29 August – Friday 7 September 2018, Geneva, Switzerland.

Workshop on Advanced Persistent Threat (APT) (subject to be decided) on Tuesday 28 August 2018, Geneva, Switzerland.

Tuesday 19 – Thursday 28 Feb 2019(To be confirmed), Geneva, Switzerland.

Workshop on Machine Learning and Cybersecurity on Monday 18 Feb 2019(To be confirmed), Geneva, Switzerland.

23 texts are planned for approval, determination, consent or agreement in Sept 2018.
Interim RGM meetings: 7 Questions plan to hold 7 RGMs.

	Q	Date	Place/Host	Subject/objective
1.	6/17 (collocate with 13/17)	14-15 June 2018	Seoul, Korea	To address all work items and identify future topics for Q6/17.
2.	7/17	13-14 June 2018	Yinchuan, China	all the work of Q7/17
3.	8/17	27-28 June	Beijing, China	all the work of Q8/17
4.	10/17	26-27 June (tbc)	"Seattle" USA/China (tbc)	all the work of Q10/17
5.	11/17 (collaborative meeting with ISO/IEC JTC 1/SC 6/WG 10)	27-31 Aug 2018	Tokyo, Japan	ASN.1 and OIDs: Resolution of pending defects on ISO/IEC 8824-All, ISO/IEC 8825-All, ISO/IEC 9534-All and ISO/IEC 24824-All. Directory: Resolution of pending defects on ISO/IEC 9594-All. Progression of the work on ISO/IEC 9594-8 to adapt this standard to new requirements. Progression of amendments of various parts of ISO/IEC 9594. Preparation meeting report and resolutions for SC 6 plenary.
6.	13/17 (collocate with 6/17)	14-15 June 2018	Seoul, Korea	all the work of Q13/17
7.	14/17	1st week in Jun 2018 (tbc)	Beijing, China.	Focus X.sra-dlt and X.sct-dlt other work of Q14/17 review of deliverables from FG DLT, FG DFC, FG DPM, SG 13 and SG 20

Bridging the Standardization Gap (BSG):

Welcome and guided tour for newcomers;
SG17 orientation session with SG17 overview presentation given by SG17 Chairman;
BSG hands-on training session for 16 participants from 12 developing countries.
Informal gathering of SG17RG-AFR and SG17RG-ARB

Tutorial presentations:

Six tutorial presentations received positive feedback on their rich information, including presentations on ETSI Middlebox Security Protocol Initiative, Measuring Cybersecurity Resilience, Governance of open-source software, Analyzing Blockchain, Cloud and IoT Security through Cybersecurity Standards, SG17 overview and ITU tools (ICT Security Standards Roadmap and new CRM based registration system).

Participation:

130 participants (195 announced): 40 Member States, 14 Sector Members, (3 Associates), and 1 Academia. 7 invited experts.
8 partial fellowships granted: Bangladesh, Burundi, Comoros, Mali, Senegal, (Sudan), Palestine, Syria
New Member States participation from: Bangladesh, Greece, Palestine, Syria
SG17 vice chairmen absent: Patrick-Kennedy KETTIN ZANGA, Central Africa; and Wala Latrous, Tunisia (remote participation).

Other highlights:

SG17 plenary organized 3 sessions to discuss transformation of security study.
JCA-IdM held its 24^th meeting on 23 Mar 2018. ITU-T SG17 received updates from FIDO Alliance, DIF (Decentralized Identify Foundation), DKMS (Decentralized Key Management System) and Q10/17.
A meeting of the Anti-Abuse Telco Network Working Group of ETIS was hosted on 21(pm)-23 March 2018. Joint sessions of Q5/17 'anti-spam' and AATN were organized.

Correspondence Groups:

CG-ITSsec on collaboration with UNECE WP29/TFCS was terminated.

CG-cybex and CG-xss (correspondence group on transformation of security study) to continue.

Meeting input and organization:

Contributions: 113 - ever increasing (past meetings: 106, 78, 81, 66, 74, 80)

Contribution# from: APT (85 (75%) (= China 42 (35%), Korea 32, Japan 7, Iran 3, Bangladesh 1)), Americas (13), EUR (7), AFR (6), ARAB (2), CIS (1), LAM (0). 2 new Sector Members and 2 new Associates each submitted 1 contribution.

TDs: 394 (previous meeting: 426, 368, 391, 418, 371, 386), including 46 incoming liaison statements and 37 outgoing liaison statements; 64 sourced from TSB.

249 sessions (previous meeting: 204) were organized, up to 12 parallel meetings per quarter.

25 sessions (previous meeting: 11) used remote participation

Annex A
Actions taken on Recommendations, and other texts at the 29 March 2018 SG17 plenary

a) TAP Recommendations approved (WTSA-16 Resolution 1):

The SG17 plenary meeting approved (TAP) the following draft new and one draft revised ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	4	X.1214 (X.samtn)	Security assessment techniques in telecommunication/ICT networks	New	Byung-moon Chin, Vibha Tomar	TD1138R1		2015-04	2017-09
2.	6	X.1331 (X.sgsec-2)	Security guidelines for home area network (HAN) devices in smart grid systems	New	Soyoung Jung, Gunhee Lee, Haeryong Park	SG17-R12		2014-09	2017-09
3.	8	X.1603 (X.dsms)	Data security requirements for monitoring the service of cloud computing	New	Mr. Ye Tao, Mr. Ni Zhang, Mrs.MinShu, Mrs. ZhiyuanHu	SG17-R16		2015-09	2017-09

Approval of the above Recommendations will be announced by TSB Circular in April 2018.

b) TAP Recommendations not approved (WTSA-16 Resolution 1):

None.

c) Amendment approved, Corrigendum approved, Supplements agreed:

The SG17 plenary meeting agreed or approved the following texts.

	Q	Acronym	Title	New / Revised	Editor(s)	Location of Text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	3	X.Sup32 (X.sup-gpim)	Supplement to ITU-T X.1058 Code of practice for personally identifiable information protection based on ITU-T X.1058 for telecommunications organizations	New	Heung Youl Youm, Lijun Liu, Jaenam Ko. Seung Woo Yu	TD1113R1		2014-09	2018-03
2.	4	X.1500 Amd.12	X.1500 (2011) Amendment 12, Overview of cybersecurity information exchange (CYBEX)	New	Youki Kadobayashi	TD1107		2017-03	2018-03
3.	6	X.Sup26-Cor	Corrigendum on ITU-T X Supplement 26	New	Gunhee Lee	TD1080		2018-03	2018-03
4.	9	X.1080.0-Cor	Access control for telebiometrics data protection	new	Erik Anderson	TD1126R2		2016-09	2018-03

d) Recommendations determined (TAP – WTSA-16 Resolution 1):

The SG17 plenary meeting determined (TAP) the following new draft ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	5	X.1249 (X.tfcma)	Technical Framework for Countering Mobile in-application Advertising Spam	New	Hongwei Luo, Laifu Wang, Xin Wang	TD1088R1		2015-09	2018-03
2.	6	X.1361 (X.iotsec-2)	Security framework for Internet of Things based on the gateway model	New	Xia Junjie, Heung-Youl Youm	TD1068R1		2015-04	2018-03

Member States consultation will be launched by TSB Circular in May 2018 after editorial checking. Further updates will be posted at http://www.itu.int/ITU-T/studygroups/com17

e) AAP Recommendations consented for Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to the following draft new/revised ITU-T Recommendations and Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	2	X.1041 (X.voltesec-1)	Security Framework for VoLTE Network Operation	New	HaiTao Du, Zhaoji Lin, Jing Shao, Liang Wei, Feng Zhang	TD1112R1		2016-03	2018-03
2.	9	X.1080.1rev	e-Health and world-wide telemedicines - Generic telecommunication protocol	Rev	Erik Anderson	TD1127R3		2016-09	2018-03
3.	10	X.1276 (X.te)	Authentication Step-Up Protocol and Metadata Version 1.0	New	Abbie Barbir Sylvan Tran	TD1074R2 (Note *)	OASIS	2016-03	2018-03
4.	11	X.680 Cor.3	Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation Technical Corrigendum 3	New	Jean-Paul Lemaire	TD1050	ISO/IEC 8824-1 DTC3	2018-03	2018-03
5.	11	X.681 Cor.1	Information technology - Abstract Syntax Notation One (ASN.1): Information object specification Technical Corrigendum 1	New	Jean-Paul Lemaire	TD1046	ISO/IEC 8824-2 DTC1	2018-03	2018-03
6.	11	X.682 Cor.2	Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification Technical Corrigendum 2	New	Jean-Paul Lemaire	TD1047	ISO/IEC 8824-3 DTC2	2018-03	2018-03
7.	11	X.683 Cor.1	Information technology – Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications l Technical Corrigendum 1	New	Jean-Paul Lemaire	TD1048	ISO/IEC 8824-4 DTC1	2018-03	2018-03
8.	11	X.696 Cor.3	Information technology - ASN.1 encoding rules: Specification of Octet Encoding Rules (OER) Technical Corrigendum 3	New	Jean-Paul Lemaire	TD1049	ISO/IEC 8825-7 DTC1	2018-03	2018-03
9.	11	X.680 Amd.1	Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation Amendment 1	New	Paul Thorpe	TD1045R1	ISO/IEC 8824-1 Amd.1	2017-03	2018-03

Note:

*A.25 justification for X.1276 (X.te) is found in TD1089R1.

These Recommendations will enter AAP Last call in April-May 2018.

f) Work items planned for action in next Sept 2018 SG17 meeting:

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	3	X.grm	Risk management implementation guidance on the assets of telecommunication organizations accessible by global IP-based networks	New	Chen Zhang, Bo Yu, Yunbo Feng	TD1143R3		2014-09	2018-09
2.	3	X.sup13-rev**	Revision of Supplement 13	Rev	Wataru Senga, Kyeong Hee Oh	TD1159		2016-09	2018-09
3.	5	X.sup-ctss**	Supplement to ITU-T X.1231 Technical framework for countering telephone service scam	New	Gao Feng, Nan Jiang, Junjie Xia, Chen Zhang, Yanbin Zhang	TD1100		2016-09	2018-09
4.	6	X.sdnsec-1*	Security services using the Software-defined networking	New	Hyoungshick Kim, JungSoo Park	TD1129		2014-09	2018-09
5.	7	X.hakm	Guidelines on hybrid authentication and key management mechanisms in client-server model	New	Jung Yeon Hwang, Kyu Young Choi, Sangrae Cho	TD1116R1		2015-04	2018-09
6.	7	X.srfb	Security Requirements and Framework for Big Data Analytics in Mobile Internet Services	New	Junjie Xia, Feng Gao, Jongyoul Park, Nan Jiang	TD1101		2016-08	2018-09
7.	9	X.tac	Telebiometric Access Control with smart ID Card	New	Myung Geun Chun	TD1090		2017-03	2018-09
8.	9	X.1080.2* (X.th2)	Telebiometrics related to physics	New	Erik Andersen	TD1178		2008-09	2018-09
9.	9	X.1080.3* (X.th3)	Telebiometrics related to chemistry	New	Erik Andersen	TD1179		2008-09	2018-09
10.	9	X.1080.4* (X.th4)	Telebiometrics related to biology	New	Erik Andersen	TD1180		2008-09	2018-09
11.	9	X.1080.5* (X.th5)	Telebiometrics related to culturology	New	Erik Andersen	TD1181		2008-09	2018-09
12.	9	X.1080.6* (X.th6)	Telebiometrics related to psychology	New	Erik Andersen	TD1182		2008-09	2018-09
13.	10	X.uaf	UAF 1.1 Proposed Standard	New	Abbie Barbir	TD1122		2017-09	2018-09
14.	10	X.u2f	U2F 1.2 Proposed Standard	New	Abbie Barbir	TD1122		2017-09	2018-09
15.	10	X.Sup-1254rev**	Supplement to X.1254rev on use cases and high level abstract implementations	New	Junjie Xia, Bo Yu, Feng Zhang,	TD1070		2018-03	2018-09
16.	11	X.CMS-prof	Cryptographic Message Syntax (CMS) profile	New	Jean-Paul Lemaire	TD1032R1	ISO24-4 2018	2017-09	2018-09
17.	12	Z.100 Annex F1	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: General overview	Rev	Edel Sherratt	TD980R1		2017-03	2018-09
18.	12	Z.100 Annex F2	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Static semantics	Rev	Edel Sherratt	TD981R1		2017-03	2018-09
19.	12	Z.100 Annex F3	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Dynamic semantics	Rev	Edel Sherratt	TD982R1		2017-03	2018-09
20.	12	Z.109rev	Specification and Description Language - Unified modeling language profile for SDL-2010	Rev	Alexander Kraas	-		2017-03	2018-09
21.	12	Z.151rev	User Requirements Notation (URN) - Language definition	Rev	Gunter Mussbacher	C104		2015-09	2018-09
22.	12	Z.Imp100**	Z.Imp100 Specification and Description Language implementer's guide - Version 3.0.2	Rev	Rick Reed	TD984		2017-09	2018-09
23.	13	X.itssec-2*	Security guidelines for V2X communication systems	New	Sang-Woo Lee, Jae-Hoon Nah, Seungwook Park, ChangOh Kim	TD1083R2		2014-09	2018-09

Annex B
New work items

The following 21 new work items were agreed to be added to the SG17 work programme:

	Q	Acronym	Title	New/ Revised	AAP/TAP/ Agreement	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Timing⁽¹⁾
1.	2	X.SDsec	Guideline on Software-defined Security in SDN(Software-defined Networking)/NFV(Network Fuction Virtualization) Network	New	AAP	Min Zuo, Zhiyuan Hu, Ye Tao, Xiaojun Zhuang, Bo Yang	TD1115R1		2020-09
2.	3	X.framcdc	Framework for the creation and operation of a Cyber Defense Center	New	AAP	Arnaud Taddei	TD1062R1		2020-09
3.	4	X.gcpie	Guidelines for Collection and Preservation of Cyber Security Incident Evidence	New	TAP	Jooyoung Lee, Daesung Moon, Jonghyun Kim, Ikkyun Kim	TD1085R1		2020-09
4.	4	X.fgati	Framework and Guidelines for Applying Threat Intelligence in Telecom Network Operation	New	TAP	Min Zuo, Lanfang Ren, Yexia Chang	TD1119R1		2020-09
5.	5	X.tsfpp	Technical security framework for the protection of users' personal information while countering mobile messaging spam	New	TAP	Junjie Xia, Bo Yu, Yanbin Zhang, Chen Zhang, Feng Gao	TD1066R2		2020-09
6.	5	X.tecwes	Technologies in countering website spoofing for telecommunication organizations	New	TAP	Chen Zhang, Ruzhen Hu, Meng Nan,	TD1093R1		2020-03
7.	6	X.Sup26-Cor	Corrigendum on ITU-T X Supplement 26	New	agreement	Gunhee Lee	TD1080		2018-03
8.	6	X.ssp-iot	Security Requirements and Framework for IoT Service Platform	New	TAP	Hang Dong, Wenxin Wang, Yanfei Guo, Junjie Xia, Lijun Liu, Jae Hoon Nah	TD1106		2020-03
9.	6	X.5Gsec-q	Security guidelines for applying quantum-safe algorithms in 5G systems	New	TAP	Fuwen Liu, Yanfei Guo, Zhiyuan Hu, Zhaoji Lin, Min Zuo	TD1128R3		2020-03
10.	6	X.strvms	Security threats and requirements for video management system	New	TAP	Jongwook Han, Kyungsoo Lim, Geonwoo Kim	TD1077R1		2020-09
11.	7	X.sgos	Security guidelines of Web-based online customer service	New	AAP	Hang Dong, Wenxin Wang, Lijun Liu, Jae Hoon Nah	TD1055R1		2020-03
12.	8	X.sgBDIP	Security Guidelines for Big Data Infrastructure and platform	New	TAP	Ye Tao, Laifu Wang, Arnaud Taddei	TD1176R2		2020-09
13.	9	X.tas	telebiometric authentication using speaker recognition	New	AAP	Fatoumata Samake; Salif Thiaw	TD1147R1		2020-03
14.	10	X.1252rev	Baseline identity management terms and definitions	Rev	TAP	Abbie Barbir	TD1125R1		2020-09
15.	11	X.uav-oid	Identification mechanism for unmanned aerial vehicles using object identifiers	New	AAP	Wenjing Ma	TD1177R1		2019-09
16.	13	X.mdcv	security-related misbehaviour detection mechanism based on big data analysis for connected vehicles	New	TAP	Yi Zhang, Jianhao Liu, Minrui Yan	TD1140		2020-12
17.	13	X.stcv	security threats in connected vehicles	New	TAP	Koji Nakao, Seungwook Park, Sang-Woo Lee, ChangOh Kim	TD1167R2		2019-03
18.	13	X.srcd	security requirements for categorized data in V2X communication	New	TAP	Yaping Sun, Huirong Tian, Nan Meng	TD1081R2		2020-12
19.	14	X.das-mgt	Security framework for the data access and sharing management system based on the distributed ledger technology	New	AAP	Mee Yeon Kim; Heung Youl Youm; Keundug Park	TD1075R3		2021-09
20.	14	X.tf-spd-dlt	Technical Framework for Secure Software Programme Distribution Mechanism Based on Distributed Ledger Technology	New	AAP	Nan Jiang, Junjie Xia, Bo Yu, Feng Gao, Ke Wang	TD1114R2		2020-03

Notes:

Target date for consent or determination of Recommendations or for agreement of Supplements or non-normative text.