Committed to connecting the world

SDG

1809-summary

Executive Summary

Meeting of ITU-T SG17 'Security', Geneva, 29 August – 7 September 2018

Hot topics:

  • Transformation of Security Study – incubation trial in SG17
  • Revision of Question texts
  • PKI
  • TTCN-3
  • IoT security
  • 5G security
  • Big Data security
  • Intelligent Transport System (ITS) security
  • Distributed Ledger Technology (DLT) security
  • Distributed identity management
  • Software-defined networking security
  • Personally identifiable information protection
  • Quantum key distribution

ITU workshop on Advanced Cybersecurity Attacks and Ransomware  

The event was announced by TSB Circular 97 and was attended by 105 participants (including remote participation) from 27 countries.  Outcome of this workshop identified next step advices for SG17 is found at: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180828/Documents/Outcomes_final.pdf

Meeting Output:

  • Approved (TAP) 1 new ITU-T Recommendations. Details are in Annex A a).
  • Agreed 3 new Supplement/Implementer's Guide. Details are in Annex A c).
  • (re-)Determined (TAP) 3 draft new ITU-T Recommendations. Details are in Annex A d).
  • Consented (AAP) 19 new/revised texts for Last Call. Details are in Annex A e).
  • 25 new work items were agreed to be added to the SG17 work programme. Details are in Annex B.
  • 7 existing work items to be removed. Details are in Annex C.
  • 4 Question Texts revised.

Next SG17 meeting:

  • Tuesday 22 – Wednesday 30 January 2019, Geneva, Switzerland (8 working days including Sunday 27 Jan 2019).
    • Workshop on AI, ML and security on Monday 21 January 2019, Geneva, Switzerland.
  • Tuesday 27 August – Thursday 5 September 2019 (To be confirmed), Geneva, Switzerland.
    • Workshop on FinTech (To be confirmed) security on Monday 26 August 2019, Geneva, Switzerland.
  • 8 texts are candidate for action in next SG17 meeting, see in Annex A f).
  • Interim RGM meetings: 3 Questions plan to hold 3 RGMs.
  1.  
QDatePlace/HostSubject/objective
1.                 

10/17

(collocate with 14/17)

3rd week in November 2018 (tbc)
Tokyo, Japan
  • tbd
2.                 13/17 Nov 2018tbc
  • To address all items.
3.                 14/17
(collocate with 10/17)
3rd week in November 2018 (tbc) Tokyo, Japan
  • To address all items

Bridging the Standardization Gap (BSG):

  • Welcome and guided tour for newcomers;
  • SG17 orientation session with SG17 overview presentation given by SG17 Chairman;
  • BSG hands-on training session for 11 participants from 7 developing countries.
  • Informal gathering of SG17RG-AFR and SG17RG-ARB

Tutorial presentations:

Six tutorials (TD1244) on thematic subjects including AI/ML for Cybersecurity, 3GPP SA3 work on 5G Security, Security Control Expressions & the Universal Security Control Syntax Language,  Technical applications of blockchain to UN/CEFACT, and GDPR Overview.

Participation:

  • 168 participants (188 announced): 37 Member States (39 countries), 21 Sector Members, (4 Associates), and 2 Academia. 8 invited experts.
  • 9 partial fellowships granted: Afghanistan, Bangladesh, Benin, Burundi, Central Africa, Comoros, Gambia, Senegal, Sudan
  • 1 new associate (IDQ(Switzerland))
  • 2 new academia (Florida Atlantic Univ (US), IRT SystemX(France))
  • 4 New Member States participation: Angola, El Salvador, Gambia, Qatar
  • SG17 vice chairmen absent: Patrick-Kennedy KETTIN ZANGA (Central Africa), Gökhan EVREN (Turkey), Hugo Darío MIGUEL (Argentina) and Wala Latrous (Tunisia).

Other highlights:

  • SG17 plenary organized 3 sessions to discuss transformation of security study, and on trial bases held 2 incubation discussion sessions on NWI proposals related to secure quantum communication.
  • JCA-IdM held its 25th meeting on 31 August 2018. ITU-T SG17 received updates from FIDO Alliance, Sovrin Fondation, ISO/IEC JTC 1/SC 27/WG5 and Q10/17.

Correspondence Groups:

  • CG-cybex was terminated.
  • CG-xss (correspondence group on transformation of security study) will continue.

Meeting input and organization:

Contributions: 144 - ever increasing (past meetings: 113, 106, 78, 81, 66, 74, 80)

Contribution# from: APT (100 (69%) (= China 55 (38%), Korea 33, Japan 7, India 2, Iran 3)), Americas (10), EUR (28), AFR (6), ARAB (1), LAM (0). 

TDs: 420 (previous meeting: 395, 426, 368, 391, 418, 371, 386), including 40 incoming liaison statements and 37 outgoing liaison statements; 79 prepared by SG17 secretary.

252 sessions (previous meeting: 249, 204) were organized, up to 12 parallel meetings per quarter.

27 sessions (previous meeting: 25, 11) used remote participation

Annex A
Actions taken on Recommendations, and other texts at the 7 September 2018 SG17 plenary

a) TAP Recommendations approved (WTSA-16 Resolution 1):

The SG17 plenary meeting approved (TAP) the following draft new/revised ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of workTiming
6/17X.1361
(X.iotsec-2)
Security framework for Internet of Things based on the gateway modelNewXia Junjie,
Heung-Youl Youm
TD1529 2015-042018-09

Approval of the above Recommendations will be announced by TSB Circular in Sept 2018.

b) TAP Recommendations not approved (WTSA-16 Resolution 1):

None.

c) Amendment approved, Corrigendum approved, Supplements agreed:

The SG17 plenary meeting agreed or approved the following texts.

 QAcronymTitleNew / RevisedEditor(s)Location of TextEquivalent
e.g., ISO/IEC
Start of workTiming
1.             3/17X.sup13-revRevision of Supplement 13
Rev

Yutaka Miyake

Kyeong Hee Oh

TD1524R3 2016-092018-09
2.     5/17X.Supl.33 (X.sup-ctss)Supplement to ITU-T X.1231 Technical framework for countering telephone service scamNew

Gao Feng

Nan Jiang

Junjie Xia

Chen Zhang

Yanbin Zhang

TD1472 2016-092018-09
3.                 12/17Z.Imp100revZ.Imp100 Specification and Description Language implementer's guide - Version 3.0.2RevRick ReedTD1378 2017-092018-09

d) Recommendations determined (TAP – WTSA-16 Resolution 1):

The SG17 plenary meeting determined (TAP) the following draft new/revised ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

 QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of workTiming
1.       4/17X.1215
(X.ucstix)
Use cases for Structured Threat Information ExpressionNewJong-Hyun Kim, Jihye Kim,
Heung Youl Youm,
Ik-Kyun Kim
TD1541R2  2018-09
2.       5/17X.1249
(X.tfcma)
Technical Framework for Countering Mobile in-application Advertising SpamNewHongwei Luo,
Laifu Wang,
Xin Wang
TD1450R1 2015-092018-09
3.       6/17X.1042 (X.sdnsec-1)Security services using the Software-defined networkingNewHyoungshick Kim,
JungSoo Park
TD1543R2 2014-092018-09

Member States consultation will be launched by TSB Circular in Oct 2018 after editorial checking. Further updates will be posted at http://www.itu.int/ITU-T/studygroups/com17

e) AAP Recommendations consented for Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to the following draft new/revised ITU-T Recommendations and Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:

 QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC
Start of workTiming
1.                 7/17
X.1450 (X.hakm)Guidelines on hybrid authentication and key management mechanisms in client-server modelNewJung Yeon Hwang,
Kyu Young Choi,
Sangrae Cho
TD1490R1 2015-042018-09
2.                 7/17X.1147 (X.srfb)Security Requirements and Framework for Big Data Analytics in Mobile Internet ServicesNewJunjie Xia,
Feng Gao,
Jongyoul Park,
Nan Jiang
TD1477R4 2016-082018-09
3.                 9/17X.1093 (X.tac)Telebiometric Access Control with smart ID CardNewMyung Geun ChunTD1504R1 2017-032018-09
4.                 10/17X.1277 (X.uaf)FIDO Universal Authentication Framework (UAF)NewAbbie Barbir, David TurnerTD1572R1FIDO 2018-092018-09
5.                 10/17X.1278 (X.ctap)Client To Authenticator Protocol/Universal 2-factor authentication framework.NewAbbie Barbir, David TurnerTD1557R1FIDO 2018-092018-09
6.                 11/17X.894 (X.cms-prof)Cryptographic Message Syntax (CMS) profileNewJean-Paul LemaireTD1442R2

ISO24-4

2018

2017-092018-09
7.                 11/17X.676 (X.orf-gs)Object identifier-based resolution framework for IoT grouped servicesNew

Younghwan Choi

JungSoo Park

TD1563R2

 

  2018-09
8.                 12/17Z.100 Annex F1Specification and Description Language - Overview of SDL-2010 - SDL formal definition: General overviewRevRick Reed, Edel SherrattTD1374R2 2017-032018-09
9.                 12/17Z.100 Annex F2Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Static semanticsRevRick Reed, Edel SherrattTD1375R2 2017-032018-09
10.              12/17Z.100 Annex F3Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Dynamic semanticsRevRick Reed, Edel SherrattTD1376 2017-032018-09
11.              12/17Z.151User Requirements Notation (URN) - Language definitionRevGunter MussbacherC347 2015-092018-09
12.              12/17Z.161revTesting and Test Control Notation version 3: TTCN-3 core languageRevDieter HogrefeTD1456ETSI ES 201 873-12017-092018-09
13.              12/17Z.161.2revTesting and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment supportRevDieter HogrefeTD1453ETSI ES 202 7812017-092018-09
14.              12/17Z.161.4revTesting and Test Control Notation version 3: TTCN-3 language extensions: Behaviour typesRevDieter HogrefeTD1454ETSI ES 202 7852017-092018-09
15.              12/17Z.161.6revTesting and Test Control Notation version 3: TTCN-3 language extensions: Advanced MatchingRevDieter HogrefeTD1455ETSI ES 203 0222017-092018-09
16.              12/17Z.166revTesting and Test Control Notation version 3: TTCN-3 control interface (TCI)RevDieter HogrefeTD1457ETSI ES 201 873-62017-092018-09
17.              12/17Z.167revTesting and Test Control Notation version 3: Using ASN.1 with TTCN-3RevDieter HogrefeTD1458ETSI ES 201 873-72017-092018-09
18.              12/17Z.169revTesting and Test Control Notation version 3: Using XML schema with TTCN-3RevDieter HogrefeTD1459ETSI ES 201 873-92017-092018-09
19.              12/17Z.171revTesting and Test Control Notation version 3: Using JSON with TTCN-3RevDieter HogrefeTD1460ETSI ES 201 873-112017-092018-09

These Recommendations will enter AAP Last call in Sept-Oct 2018.

f) Work items planned for action in next SG17 meeting:

 

 QAcronymTitleNew / RevisedEditor(s)​​Location of textEquivalent
e.g., ISO/IEC
Start of workTiming
1.       2/17X.sdnsec-3Security guideline of Service Function Chain based on software defined networkNew

Feng Zhang,
Min Zuo,
Junjie Xia,
Zhiyuan HU,
JungSoo Park

TD1527R1  2019-01
2.                 3/17X.grmRisk management implementation guidance on the assets of telecommunication organizations accessible by global IP-based networksNewChen Zhang,
Bo Yu
Yunbo Feng
TD1491R1 2014-092019-01
3.                 6/17X.secup-iot *Secure Software Update Procedure for IoT DevicesNew

Takeshi Takahashi,
Koji Nakao,
Yunchul Choi

TD1547 2017-092019-01
4.                 6/17X.iotsec-3*Technical framework of PII (Personally Identifiable Information) handling system in IoT environmentNewYutaka Miyake,
Bo Yu
TD1500R2 2017-032019-01
5.                 9/17X.tabTelebiometric authentication using bio-signalsNewJason KimTD1494R1  2019-01
6.                 10/17X.Sup-1254rev**Supplement to X.1254rev on use cases and high level abstract implementationsNew

Junjie Xia,
Bo Yu,
Feng Zhang

TD1070 2018-032019-01
7.                 12/17Z.109revSpecification and Description Language - Unified modeling language profile for SDL-2010RevAlexander Kraas
   2019-01
8.                 13/17X.stcv*security threats in connected vehiclesNew

Koji Nakao,
Seungwook ​Park,
Sang-Woo Lee,
ChangOh Kim

TD1605R1 2018-032019-01


 

 

Annex B
New work items

The following new work items were agreed to be added to the SG17 work programme:

 QAcronymTitleNew/ RevisedAAP/TAP/ AgreementEditor(s)Location of textEquivalent
e.g., ISO/IEC
Timing(1)
1.                 3/17X.sup-csc**Supplement on critical security controls for telecommunications organizations information and network security management in support of ITU-T X.1051NewAgreementPayen Patrice,
Taddei Arnaud,
Mustafa Thaib
TD1469R2
2020-09
2.                 4/17X.qrng-aQuantum noise random number generator architectureNewAAPSean Kwak,
Charles Harvey,  Warner Miller,
TD1495R4
2019-09
3.                 4/17TR.sec-qkd**Technical report on security framework for quantum key distribution in telecom networkNew AgreementSean KwakTD1496R4
2020-09
4.                 5/17X.tfcmms*Technical framework for countering multimedia messaging service spamNewTAPWei Liu, Jinfeng Kou, Tao Ye, Zhaoji LinTD1564R1
2021-09
5.                 6/17X.elf-iot *Standard format of IoT error logs for security incident operationsNewTAP

Koji Nakao,

Kiyotaka ATSUMI

TD1550R3
2020-03
6.                 6/17X.amas-iot*Aggregate Message Authentication Scheme with Group Authentication Capability for IoT environmentNewTAPKoji NakaoTD1551R1
2020-03
7.                 6/17X.sc-iot*Security Controls for Internet of Things (IoT) systemNewTAP

Koji Nakao,

Liu Lijun

TD1552R1
2020-03
8.                 6/17X.iotsec-4*Security Requirements for IoT devices and gatewayNewTAP

Hosoek Ryu,

Miyeon Yoon, Wonsuk Chung

TD1568R1
2021-09
9.                 6/17X.5Gsec-t*Security framework based on trust relationship in 5G ecosystemNewTAP

Junzhi Yan,

Jin Peng Minpeng Qi, HeungYoul Youm

TD1506R3
2021-03
10.              7/17X.tfrcaTechnical framework of risk control to support authenticationNewAAPMin Zuo,
Xin Wang
TD1493R3
2020-10
11.              8/17X.sgccSecurity Guidelines for Container in cloud computing environmentNewAAPYe Tao,
Lei Xu,
Laifu Wang,
Lanfang Ren
TD1537R1
2020-10
12.              9/17X.b2mBiology to Machine ProtocolNewAAPJohn Caras,
Erik Andersen, Myung Geun Chun
TD1558
2020-03
13.              11/17X.500 Amd.1Proposed draft 1st amendment to Rec. ITU-T X.500 (2016) | ISO/IEC 9594-1:2017 AmdAAPErik AndersonC312
2019
14.              11/17X.501 Amd.1Proposed draft 1st amendment to Rec. ITU-T X.501 (2016) | ISO/IEC 9594-2:2017 AmdAAPErik AndersonC314
2019
15.              11/17X.509Amd.1Proposed draft 1st amendment to Rec. ITU-T X.509 (2016) | ISO/IEC 9594-8:2017 AmdAAPErik AndersonC316r1
2019
16.              11/17X.511 Amd.1Proposed draft 1st amendment to Rec. ITU-T X.511 (2016) | ISO/IEC 9594-3:2017 AmdAAPErik AndersonC318
2019
17.              11/17X.518 Amd.1Proposed draft 1st amendment to Rec. ITU-T X.518 (2016) | ISO/IEC 9594-4:2017 AmdAAPErik AndersonC320
2019
18.              11/17X.519 Amd.1Proposed draft 1st amendment to Rec. ITU-T X.519 (2016) | ISO/IEC 9594-5:2017 AmdAAPErik AndersonC323
2019
19.              11/17X.520 Amd.1Proposed draft 1st amendment to Rec. ITU-T X.520 (2016) | ISO/IEC 9594-6:2017 AmdAAPErik AndersonC325
2019
20.              11/17X.521 Amd.1Proposed draft 1st amendment to Rec. ITU-T X.521 (2016) | ISO/IEC 9594-7:2017 AmdAAPErik AndersonC3272019
21.              11/17X.525 Amd.1Proposed draft 1st amendment to Rec. ITU-T X.500 (2016) | ISO/IEC 9594-1:2017 AmdAAPErik AndersonC312
2019
21.    13/17X.edrsec*Security guidelines for cloud-based event data recorders in automotive environmentNewTAP

Sang-Woo Lee,

Whapyeong Lim

Aram Cho,

Seungwook Park

TD1520R1
2021-09
22.    13/17X.eivnsec*Security guideline for Ethernet-based In-Vehicle networksNewTAP

Sang-Woo Lee,

You-Sik Lee

TD1519R1
2021-09
23.    13/17X.fstiscv*Framework of security threat information sharing for connected vehiclesNewTAP

Min Shu, Yunwei Zhao, Xiaochun Yun,

Wenlei Wang

 

TD1522R1
2021-09
24.    13/17X.1373rev*Secure software update capability for intelligent transportation system communication devicesRevTAPKoji Nakao,
Sang-Woo Lee,
Aram Cho, Seungwook Park
TD1523
2019-09
25.              14/17X.srip-dlt*Security requirements for intellectual property management based on distributed ledger technologyNewTAPMin Shu, Yunwei Zhao, Yuhee Ki, Wenlei Wang, Yang Wu, Jung Yeon HwangTD1479R3
2020-09

Notes:

  1. Target date for consent or determination of Recommendations or for agreement of Supplements or non-normative text.
    *: for determination, **: for agreement
     
     

Annex C
Work items Removed

The following 7 work items were agreed to be deleted from the SG17 work programme:

 QAcronymTitle
1.       3/17X.cinsInformation technology - Security techniques - Guidelines for cyber insurance
2.       4/17X.metricMetrics for evaluating threat and resilience in cyberspace
3.       9/17X.th2Telebiometrics related to physics
4.       9/17X.th3Telebiometrics related to chemistry
5.       9/17X.th4Telebiometrics related to biology
6.       9/17X.th5Telebiometrics related to culturology
7.       9/17X.th6Telebiometrics related to  psychology