Committed to connecting the world

SDG

Executive summary


Executive Summary

Meeting of ITU-T SG17 'Security', Geneva, 20-29 March 2018

Hot topics:

  • 5G security
  • Transformation of Security Study
  • Intelligent Transport System (ITS) security
  • Distributed Ledger Technology (DLT) security
  • Distributed identity management
  • IoT security
  • Information Security Management
  • Software-defined networking security
  • Big Data security
  • Mobile security
  • Personal information protection

ITU workshop on 5G Security  

The event was announced by TSB Circular 59 and was attended by 125 participants (including remote participation) from 34 countries.  Outcome of this workshop identified next step advices for 5G security related study in SG17 is found at: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180319/Documents/Outcomes_Workshop_5G_security_session_Outcomes.pdf

Meeting Output:

  • Approved (TAP) 3 new ITU-T Recommendations. Details are in Annex A a).
  • Agreed 4 new Supplement/Amendment/Corrigendum. Details are in Annex A c).
  • Determined (TAP) 2 draft new ITU-T Recommendations. Details are in Annex A d).
  • Consented (AAP) 9 new/revised texts for Last Call. Details are in Annex A e).
  • 20 new work items were agreed to be added to the SG17 work programme. Details are in Annex B.

Next SG17 meeting:

  • Wednesday 29 August – Friday 7 September 2018, Geneva, Switzerland.
    • Workshop on Advanced Persistent Threat (APT) (subject to be decided) on Tuesday 28 August 2018, Geneva, Switzerland.
  • Tuesday 19 – Thursday 28 Feb 2019(To be confirmed), Geneva, Switzerland.
    • Workshop on Machine Learning and Cybersecurity on Monday 18 Feb 2019(To be confirmed), Geneva, Switzerland.
  • 23 texts are planned for approval, determination, consent or agreement in Sept 2018.
  • Interim RGM meetings: 7 Questions plan to hold 7 RGMs.

 ​


QDatePlace/HostSubject/objective
1.                    6/17 (collocate with 13/17)14-15 June 2018Seoul, Korea
  • To address all work items and identify future topics for Q6/17.
2.                    7/1713-14 June 2018Yinchuan, China
  • all the work of Q7/17
3.                    8/1727-28 JuneBeijing, China
  • all the work of Q8/17
4.                    ​10/17

26-27 June  (tbc)

"Seattle" USA/China (tbc)
  • all the work of Q10/17
5.                    

11/17 (collaborative meeting with ISO/IEC JTC 1/SC 6/WG 10)

 

27-31 Aug 2018Tokyo, Japan
  • ASN.1 and OIDs:
    • ​​Resolution of pending defects on ISO/IEC 8824-All, ISO/IEC 8825-All, ISO/IEC 9534-All and ISO/IEC 24824-All.
  • Directory:
    • Resolution of pending defects on ISO/IEC 9594-All.
    • Progression of the work on ISO/IEC 9594-8 to adapt this standard to new requirements.
    • Progression of amendments of various parts of ISO/IEC 9594.
  • Preparation meeting report and resolutions for SC 6 plenary.
6.                    13/17 (collocate with 6/17)14-15 June 2018Seoul, Korea
  • all the work of Q13/17
7.                    14/171st week in Jun 2018 (tbc) Beijing, China.
  • Focus X.sra-dlt and X.sct-dlt
  • other work of Q14/17
  • review of deliverables from FG DLT, FG DFC, FG DPM, SG 13 and SG 20

Bridging the Standardization Gap (BSG):

  • Welcome and guided tour for newcomers;
  • SG17 orientation session with SG17 overview presentation given by SG17 Chairman;
  • BSG hands-on training session for 16 participants from 12 developing countries.
  • Informal gathering of SG17RG-AFR and SG17RG-ARB

Tutorial presentations:

Six tutorial presentations received positive feedback on their rich information, including presentations on ETSI Middlebox Security Protocol Initiative, Measuring Cybersecurity Resilience, Governance of open-source software, Analyzing Blockchain, Cloud and IoT Security through Cybersecurity Standards, SG17 overview and ITU tools (ICT Security Standards Roadmap and new CRM based registration system).

Participation:

  • 130 participants (195 announced): 40 Member States, 14 Sector Members, (3 Associates), and 1 Academia. 7 invited experts.
  • 8 partial fellowships granted: Bangladesh, Burundi, Comoros, Mali, Senegal, (Sudan), Palestine, Syria
  • New Member States participation from: Bangladesh, Greece, Palestine, Syria
  • SG17 vice chairmen absent: Patrick-Kennedy KETTIN ZANGA, Central Africa; and Wala Latrous, Tunisia (remote participation).

Other highlights:

  • SG17 plenary organized 3 sessions to discuss transformation of security study.
  • JCA-IdM held its 24th meeting on 23 Mar 2018. ITU-T SG17 received updates from FIDO Alliance, DIF (Decentralized Identify Foundation), DKMS (Decentralized Key Management System) and Q10/17.
  • A meeting of the Anti-Abuse Telco Network Working Group of ETIS was hosted on 21(pm)-23 March 2018. Joint sessions of Q5/17 'anti-spam' and AATN were organized.

Correspondence Groups:

  • CG-ITSsec on collaboration with UNECE WP29/TFCS was terminated.
  • CG-cybex and CG-xss (correspondence group on transformation of security study) to continue.

Meeting input and organization:

Contributions: 113 - ever increasing (past meetings: 106, 78, 81, 66, 74, 80)

Contribution# from: APT (85 (75%) (= China 42 (35%), Korea 32, Japan 7, Iran 3, Bangladesh 1)), Americas (13), EUR (7), AFR (6), ARAB (2), CIS (1), LAM (0).  2 new Sector Members and 2 new Associates each submitted 1 contribution.

TDs: 394 (previous meeting: 426, 368, 391, 418, 371, 386), including 46 incoming liaison statements and 37 outgoing liaison statements; 64 sourced from TSB.

249 sessions (previous meeting: 204) were organized, up to 12 parallel meetings per quarter.

25 sessions (previous meeting: 11) used remote participation


 

Annex A
Actions taken on Recommendations, and other texts at the 29 March 2018 SG17 plenary

a) TAP Recommendations approved (WTSA-16 Resolution 1):

The SG17 plenary meeting approved (TAP) the following draft new and one draft revised ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

 QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of workTiming
1.                    4X.1214 (X.samtn)Security assessment techniques in telecommunication/ICT networksNewByung-moon Chin,
Vibha Tomar
TD1138R1 2015-042017-09
2.                    6X.1331
(X.sgsec-2)
Security guidelines for home area network (HAN) devices in smart grid systemsNewSoyoung Jung,
Gunhee Lee,
Haeryong Park
SG17-R12 2014-092017-09
3.                    8X.1603
(X.dsms)
Data security requirements for monitoring the service of cloud computingNewMr. Ye Tao, Mr. Ni Zhang, Mrs.MinShu, Mrs. ZhiyuanHuSG17-R16 2015-092017-09

Approval of the above Recommendations will be announced by TSB Circular in April 2018.

b) TAP Recommendations not approved (WTSA-16 Resolution 1):

None.

c) Amendment approved, Corrigendum approved, Supplements agreed:

The SG17 plenary meeting agreed or approved the following texts.

 QAcronymTitleNew / RevisedEditor(s)Location of TextEquivalent
e.g., ISO/IEC
Start of workTiming
1.               3X.Sup32 (X.sup-gpim)Supplement to ITU-T X.1058
Code of practice for personally identifiable information protection based on ITU-T X.1058 for telecommunications organizations
NewHeung Youl Youm,
Lijun Liu,
Jaenam Ko.
Seung Woo Yu
TD1113R1 2014-092018-03
2.      4X.1500 Amd.12 X.1500 (2011) Amendment 12, Overview of cybersecurity information exchange (CYBEX)NewYouki KadobayashiTD1107 2017-032018-03
3.                    6X.Sup26-CorCorrigendum on ITU-T X Supplement 26NewGunhee LeeTD1080 2018-032018-03
4.                    9X.1080.0-CorAccess control for telebiometrics data protectionnewErik AndersonTD1126R2 2016-092018-03

d) Recommendations determined (TAP – WTSA-16 Resolution 1):

The SG17 plenary meeting determined (TAP) the following new draft ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

 QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of workTiming
1.                    5X.1249
(X.tfcma)
Technical Framework for Countering Mobile in-application Advertising SpamNewHongwei Luo,
Laifu Wang,
Xin Wang
TD1088R1 2015-092018-03
2.                    6X.1361
(X.iotsec-2)
Security framework for Internet of Things based on the gateway modelNewXia Junjie,
Heung-Youl Youm
TD1068R1 2015-042018-03

Member States consultation will be launched by TSB Circular in May 2018 after editorial checking. Further updates will be posted at http://www.itu.int/ITU-T/studygroups/com17

e) AAP Recommendations consented for Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to the following draft new/revised ITU-T Recommendations and Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:

 QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of workTiming
1.                    2X.1041 (X.voltesec-1)Security Framework for VoLTE Network OperationNewHaiTao Du, Zhaoji Lin,
Jing Shao, Liang Wei, Feng Zhang
TD1112R1 2016-032018-03
2.                    9X.1080.1reve-Health and world-wide telemedicines - Generic telecommunication protocolRevErik AndersonTD1127R3 2016-092018-03
3.                    10X.1276 (X.te)

Authentication Step-Up Protocol and Metadata Version 1.0

NewAbbie Barbir Sylvan Tran

TD1074R2
(Note *)

 

OASIS 2016-032018-03
4.                    11X.680 Cor.3

Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation Technical Corrigendum 3

New

Jean-Paul

Lemaire

TD1050ISO/IEC 8824-1 DTC32018-032018-03
5.                    11X.681 Cor.1

Information technology - Abstract Syntax Notation One (ASN.1): Information object specification Technical Corrigendum 1

New

Jean-Paul

Lemaire

TD1046ISO/IEC 8824-2 DTC12018-032018-03
6.                    11X.682 Cor.2

Information technology – Abstract Syntax Notation One (ASN.1): Constraint specification Technical Corrigendum 2

New

Jean-Paul

Lemaire

TD1047ISO/IEC 8824-3 DTC22018-032018-03
7.                    11X.683 Cor.1

Information technology – Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications l Technical Corrigendum 1

New

Jean-Paul

Lemaire

TD1048ISO/IEC 8824-4 DTC12018-032018-03
8.                    11X.696 Cor.3

Information technology - ASN.1 encoding rules: Specification of Octet Encoding Rules (OER) Technical Corrigendum 3

New

Jean-Paul

Lemaire

TD1049ISO/IEC 8825-7 DTC12018-032018-03
9.                    11X.680 Amd.1

Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation Amendment 1

NewPaul ThorpeTD1045R1ISO/IEC 8824-1 Amd.12017-032018-03

Note:

*A.25 justification for X.1276 (X.te) is found in TD1089R1.

These Recommendations will enter AAP Last call in April-May 2018.

f) Work items planned for action in next Sept 2018 SG17 meeting:

 

 QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of workTiming
1.                    3X.grmRisk management implementation guidance on the assets of telecommunication organizations accessible by global IP-based networksNewChen Zhang,
Bo Yu,
Yunbo Feng
TD1143R3 
2014-092018-09
2.                    3X.sup13-rev**Revision of Supplement 13Rev

Wataru Senga,
Kyeong Hee Oh

TD1159 2016-092018-09
3.                    5X.sup-ctss**Supplement to ITU-T X.1231 Technical framework for countering telephone service scamNew

Gao Feng,
Nan Jiang, Junjie Xia,
Chen Zhang, Yanbin Zhang

TD1100 2016-092018-09
4.                    6X.sdnsec-1*Security services using the Software-defined networkingNewHyoungshick Kim,
JungSoo Park
TD1129 2014-092018-09
5.                    7X.hakmGuidelines on hybrid authentication and key management mechanisms in client-server modelNewJung Yeon Hwang,
Kyu Young Choi,
Sangrae Cho
TD1116R1 2015-042018-09
6.                    7X.srfbSecurity Requirements and Framework for Big Data Analytics in Mobile Internet ServicesNewJunjie Xia,
Feng Gao,
Jongyoul Park,
Nan Jiang
TD1101 2016-082018-09
7.                    9X.tacTelebiometric Access Control with smart ID CardNewMyung Geun ChunTD1090 2017-032018-09
8.                    9X.1080.2* (X.th2)Telebiometrics related to physicsNewErik Andersen TD1178 2008-092018-09
9.                    9X.1080.3* (X.th3)Telebiometrics related to chemistryNewErik AndersenTD1179 2008-092018-09
10.                 9X.1080.4* (X.th4)Telebiometrics related to biologyNewErik AndersenTD1180 2008-092018-09
11.                 9X.1080.5* (X.th5)Telebiometrics related to culturologyNewErik AndersenTD1181 2008-092018-09
12.                 9X.1080.6* (X.th6)Telebiometrics related to psychologyNewErik AndersenTD1182 2008-092018-09
13.                 10X.uafUAF 1.1 Proposed StandardNewAbbie BarbirTD1122 2017-092018-09
14.                 10X.u2fU2F 1.2 Proposed StandardNewAbbie BarbirTD1122 2017-092018-09
15.                 10X.Sup-1254rev**Supplement to X.1254rev on use cases and high level abstract implementationsNew

Junjie Xia,
Bo Yu,
Feng Zhang,

TD1070 2018-032018-09
16.                 11X.CMS-profCryptographic Message Syntax (CMS) profileNew

Jean-Paul Lemaire

TD1032R1

ISO24-4

2018

2017-092018-09
17.                 12Z.100 Annex F1Specification and Description Language - Overview of SDL-2010 - SDL formal definition: General overviewRevEdel SherrattTD980R1 2017-032018-09
18.                 12Z.100 Annex F2Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Static semanticsRevEdel SherrattTD981R1 2017-032018-09
19.                 12Z.100 Annex F3Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Dynamic semanticsRevEdel SherrattTD982R1 2017-032018-09
20.                 12Z.109revSpecification and Description Language - Unified modeling language profile for SDL-2010RevAlexander Kraas- 2017-032018-09
21.                 12Z.151revUser Requirements Notation (URN) - Language definitionRevGunter MussbacherC104 2015-092018-09
22.                 12Z.Imp100**Z.Imp100 Specification and Description Language implementer's guide - Version 3.0.2RevRick ReedTD984 2017-092018-09
23.                 13X.itssec-2*Security guidelines for V2X communication systemsNew

Sang-Woo Lee,
Jae-Hoon Nah,
Seungwook Park,
ChangOh Kim

TD1083R2 2014-092018-09


 

Annex B
New work items

The following 21 new work items were agreed to be added to the SG17 work programme:

 QAcronymTitleNew/ RevisedAAP/TAP/ AgreementEditor(s)Location of textEquivalent
e.g., ISO/IEC
Timing(1)
1.                    2X.SDsecGuideline on Software-defined Security in SDN(Software-defined Networking)/NFV(Network Fuction Virtualization) NetworkNewAAPMin Zuo,
Zhiyuan Hu,
Ye Tao,
Xiaojun Zhuang,
Bo Yang
TD1115R1 2020-09
2.                    3X.framcdcFramework for the creation and operation of a Cyber Defense CenterNewAAPArnaud Taddei
TD1062R1 2020-09
3.                    4X.gcpieGuidelines for Collection and Preservation of Cyber Security Incident EvidenceNewTAPJooyoung Lee, Daesung Moon, Jonghyun Kim, Ikkyun KimTD1085R1 2020-09
4.                    4X.fgatiFramework and Guidelines for Applying Threat Intelligence in Telecom Network OperationNewTAPMin Zuo, Lanfang Ren, Yexia Chang

 

TD1119R1

 2020-09
5.                    5X.tsfppTechnical security framework for the protection of users' personal information while countering mobile messaging spamNewTAP

Junjie Xia,
Bo Yu,
Yanbin Zhang,
Chen Zhang,
Feng Gao

TD1066R2 2020-09
6.                    5X.tecwesTechnologies in countering website spoofing for telecommunication organizationsNewTAP

Chen Zhang, Ruzhen Hu, Meng Nan,

TD1093R1 2020-03
7.                    6X.Sup26-CorCorrigendum on ITU-T X Supplement 26NewagreementGunhee LeeTD1080 2018-03
8.                    6X.ssp-iot Security Requirements and Framework for IoT Service Platform NewTAP

Hang Dong, Wenxin Wang, Yanfei Guo, Junjie Xia, Lijun Liu, Jae Hoon Nah

TD1106 2020-03
9.                    ​6X.5Gsec-qSecurity guidelines for applying quantum-safe algorithms in 5G systemsNewTAP

Fuwen Liu,
Yanfei Guo, Zhiyuan Hu,
Zhaoji Lin,
Min Zuo

TD1128R3 2020-03
10.                 6X.strvmsSecurity threats and requirements for video management systemNewTAP

Jongwook Han,
Kyungsoo Lim,
Geonwoo Kim

TD1077R1 2020-09
11.                 7X.sgosSecurity guidelines of Web-based online customer serviceNewAAPHang Dong,
Wenxin Wang,
Lijun Liu,
Jae Hoon Nah
TD1055R1 2020-03
12.                 8X.sgBDIPSecurity Guidelines for Big Data Infrastructure and platformNewTAP

Ye Tao, Laifu Wang, Arnaud Taddei

TD1176R2 2020-09
13.                 9X.tastelebiometric authentication using speaker recognitionNewAAPFatoumata Samake;
Salif Thiaw
TD1147R1 2020-03
14.                 10X.1252revBaseline identity management terms and definitionsRevTAPAbbie Barbir TD1125R1 2020-09
15.                 11X.uav-oidIdentification mechanism for unmanned aerial vehicles using object identifiersNewAAPWenjing MaTD1177R1 2019-09
16.                 13X.mdcvsecurity-related misbehaviour detection mechanism based on big data analysis for connected vehiclesNewTAP

Yi Zhang,
Jianhao Liu,
Minrui Yan

TD1140 2020-12
17.                 13X.stcvsecurity threats in connected vehiclesNewTAP

Koji Nakao,
Seungwook Park,
Sang-Woo Lee,
ChangOh Kim

TD1167R2 2019-03
18.                 13X.srcdsecurity requirements for categorized data in V2X communicationNewTAP

Yaping Sun,
Huirong Tian,
Nan Meng

TD1081R2 2020-12
19.                 14X.das-mgtSecurity framework for the data access and sharing management system based on the distributed ledger technologyNewAAPMee Yeon Kim;
Heung Youl Youm;
Keundug Park
TD1075R3 2021-09
20.                 14X.tf-spd-dltTechnical Framework for Secure Software Programme Distribution Mechanism Based on Distributed Ledger TechnologyNewAAPNan Jiang,
Junjie Xia,
Bo Yu,
Feng Gao,
Ke Wang
TD1114R2 2020-03

Notes:

Target date for consent or determination of Recommendations or for agreement of Supplements or non-normative text.