Committed to connecting the world

Search
Girls in ICT

Apr21-summary


Executive Summary

Meeting of ITU-T SG17 'Security', virtual, 20-30 April 2021

Hot topics

  • Quantum Key Distribution Network
  • 5G security
  • Cloud Computing Security
  • Identity management
  • De-identification
  • DLT security
  • Security management

Meeting Output

  • TAP approval (3):1 new and 2 revised Recommendations, Details are in Annex A a).
  • TAP determined (1): 1 new Recommendation, Details are in Annex A d).
  • AAP consented (14): 4 new and 10 revised Recommendations, for AAP Last Call. Details are in Annex A e).
  • Agreed (2): 1 Implementer's Guide and 1 Corrigenda to SG17 Technical Report. Details are in Annex A c).
  • New work items (15): 15 NWIs on new or revised SG17 publications were agreed to be added to the SG17 Work Programme. Details are in Annex B.
  • 4 New OID registration authorities:
    • Vietnam: {joint-iso-itu-t(2) country(16) vn(704)}
    • Ecuador: {joint-iso-itu-t(2) country(16) ec(218)}
    • Jamaica: {joint-iso-itu-t(2) country(16) jm(388)}
    • Bahrain: {joint-iso-itu-t(2) country(16) bh(48)}
  • Workshops:
    • ITU workshop on Vaccination Certificate, jointly organized by ITU-T SG17 and SG16, with external organizations, date tbd in 2021
    • a workshop on Decentralized Identity (DID) using Distributed Ledger Technology (DLT) for developing countries, during BDT Emerging technology week 2021, 5-9 July 2021

Next SG17 meetings

  • Tue 24 Aug – Fri 3 Sept 2021 SG17 meeting (virtual) (9 working days) 10:00-16:00
    • Open and extended management team meeting on Mon 23 Aug 2021, 13:00-15:00
    • 41 texts are candidate for action, see Annex A f) and g).
  • 7 Jan 2022, SG17 e-plenary (virtual, tbc)
    • SG17 special e-plenary before WTSA-20.
  • 1st SG17 meeting in next study period: tbd in SG17 Aug/Sep 2021 meeting.
     
  • Interim RGMs: 7 Questions plan to hold 7 RGMs.
  1.  
QDatePlace/HostSubject/objective
1.                 2/171-2 July 2021e-meeting
  • To address all work items of Q2/17
2.                 4/17 24-25 June 2021e-meeting
  • To prepare Q4 candidate texts for action in next SG17 meeting, including addressing late Contribution C1061.
3.                 8/1711-12 June 2021e-meeting
  • To address all items of Q8/17
4.                 

10/17

 

tbc (June 2021)e-meeting
  • To progress all the work of Q10/17
5.                 11/17tbce-meeting
  • Joint meeting with ISO/IEC JTC1/SC6/WG10
  • Calendar in TD3754
6.                 14/17

 tbc (June 2021)e-meeting
  • work on X.srip-dlt, X.das-mgt, X.ss-dlt, X.tf-spd-dlt
  • joint session with Q22/16
  • preparation for workshops: DID based on DLT for developing countries (5-9 July 2021), BDT; Vaccination certificate; Joint workshop with TC 307
  • review of deliverables from other study groups, focus groups and other SDOs
7.                 15/1717-18 June 2021e-meeting
  • To address and discuss draft X.1712 (X.sec_QKDN_km) for consent

Tutorial

SG17 overview TD3479

Statistics of participants

  • 231 participants (284 announced): 32 countries, 33 Sector Members, 2 Associates, and 3 Academia. 6 invited experts.

SG17 Correspondence Group/task force

  • tf-nsp-prep (Task Force on preparation for the next study period): terminated.
  • CG-wtsa20-prep (Correspondence Group on SG17 preparation for WTSA-20): re-constituted

Meeting input and organization

  • Contributions: 104 – small decrease, DDP: 99%.
    • APT 91.16 (88%) [China 49.33 (47%), Korea 31.5 (30%), Japan 9.33 (9%), India 1(1%)]
    • Americas 4 (4%) [US 4]
    • EUR 8.83 (8%) [France 0.83, UK 2, Germany 5, Russia 1]
    • LAM (0), AFR (0), ARAB (0), RCC (0). 
  • LS: (matrix in TD3486)
    • incoming 57 - stable
    • Outgoing 17 - decreased
  • TDs: 305 - decreased


Annex A
Actions taken on Recommendations, and other texts at SG17 closing plenary on 30 April 2021

a) TAP Recommendations approved (WTSA-16 Resolution 1):

#QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC		Start of workTiming
1.       3/17X.1054revInformation security, cybersecurity and privacy protection - Governance of information securityRevJinghua Min,
Thaib Mustafa,
Anfona Traore		TD3652ISO/IEC 270142020-032021-04
2.       6/17X.1811 (X.5Gsec-q)Security guidelines for applying quantum-safe algorithms in 5G systemsNewYanfei Guo,
Zhiyuan Hu,
Zhaoji Lin,
Fuwen Liu,
Min Zuo		TD3684 2018-032021-04
3.       10/17X.1252revBaseline identity management terms and definitionsRevAbbie Barbir,TD3703 2018-032021-04

 

b) TAP Recommendations not approved (WTSA-16 Resolution 1):

none

c) Corrigendum approved, Implementers' Guide agreed:

The SG17 plenary meeting approved the following texts by agreement:

#QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC		Start of workTiming
1.       11/17Z. Imp100revSpecification and Description Language implementer's guide – Version 4.0.1RevRick ReedTD3663  2021-04
2.       15/17 TR.sec-qkd.CorCorrigendum to Technical Report: Security considerations for quantum key distribution network NewMatthieu Legre,
Dong-Hi Sim,		TD3723  2021-04

 

d) Recommendation determined (TAP – WTSA-16 Resolution 1):

#QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent (e.g., ISO/IEC)Start of workTiming
  1.  
4/17X.1233 (X.gcims)Guidelines for countering spam over instant messagingNewHuamin Jin, ChangOh Kim,
Laifu Wang,
Shuai Wang,
Yanbin Zhang		TD3738 2017-092021-04

 

e) AAP Recommendations consented for Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to the following new/rev ITU-T Recommendations for Last Call according to Recommendation ITU-T A.8:

#QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC		Start of workTiming
1.       3/17X.1061 (X.ciag)Cyber insurance acquisition guideline for Information and Communication Technologies (ICT) services providerNewThai Mustafa,
Ong Yew Seng		TD3710 2019-012021-04
2.       3/17

X.1060

(X.framcdc)

Framework for creation and operation of a cyber defence centerNewArnaud TaddeiTD3721 2018-032021-04
3.       11/17Z.100revSpecification and Description Language – Overview of SDL 2010revRick ReedTD3584  2021-04
4.       11/17Z.100Annex F2-revSDL 2010 formal definition: Static semanticsrevRick ReedTD3584  2021-04
5.       11/17Z.100Annex F3-revSDL-2010 formal definition: Dynamic semanticsrevRick ReedTD3584  2021-04
6.       11/17Z.101revSpecification and Description Language – Basic SDL 2010revRick ReedTD3584  2021-04
7.       11/17Z.102revSpecification and Description Language – Comprehensive SDL-2010revRick ReedTD3584  2021-04
8.       11/17Z.103rev

Specification and Description Language –

Shorthand notation and annotation in SDL 2010

revRick ReedTD3584  2021-04
9.       11/17Z.104revSpecification and Description Language – Data and action language in SDL-2010revRick ReedTD3584  2021-04
10.    11/17Z.105revSpecification and Description Language – SDL 2010 combined with ASN.1 modulesrevRick ReedTD3584  2021-04
11.    11/17Z.106revSpecification and Description Language – Common interchange format for SDL 2010revRick ReedTD3584  2021-04
12.    11/17Z.107revSpecification and Description Language – Object-oriented data in SDL 2010revRick ReedTD3584  2021-04
13.    14/17X.1406 (X.stov)Security threats to online voting system using distributed ledger technologyNewByoung-Moon Chin,
ChangOh Kim,
Keundug Park,
Heung Youl Youm		TD3650 2017-092021-04
14.    14/17X.1405 (X.str-dlt)Security threats and requirements for digital payment services based on distributed ledger technologyNewKyeong Hee Oh,
ChangOh Kim,
Preetika Singh		TD3668 2017-092021-04



f) Recommendations planned for action in SG17 Aug/Sep 2021 meeting:

#QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC		Start of workTiming
1.       2/17X.5Gsec-ecs*Security framework for 5G edge computing servicesNewFeng Gao,
Jae Hoon Nah,
Junjie Xia,
Bo Yu,
Xiaojun Zhuang		TD3743 2019-012021-09
2.       2/17X.5Gsec-guide*Security guideline for 5G communication systemNewMee Yeon Kim,
Keundug Park,
Heung Youl Youm		TD3651 2019-012021-09
3.       2/17X.5Gsec-netec*Security capabilities of network layer for 5G edge computingNewChen Zhang,
Feng Zhang		TD3708 2019-092021-09
4.       2/17X.5Gsec-t*Security framework based on trust relationship in 5G ecosystemNewPeng jin,
Minpeng Qi , Junzhi
Yan,
Heung Youl Youm		TD3673 2018-092021-09
5.       2/17X.nsom-secSecurity requirements and architecture for network slice management and orchestrationNewZhiyuan Hu, Huamin
Jin,
Ye Tao,
Junzhi Yan		TD3690 2019-092021-09
6.       2/17X.rf pinGuidelines for continuous protection of service access processNewChao Huang,
Min Shu,
Weilei Wang,
Chen Zhang		TD3691  2019-092021-09
7.       4/17X.1246revTechnologies involved in countering voice spam in telecommunication organizationsRevDmitry Cherkesov,
Yanbin Zhang		TD2838 2019-092021-09
8.       4/17X.1247revTechnical framework for countering mobile messaging spamRevDmitry Cherkesov,
Yanbin Zhang		TD2838 2019-092021-09
9.       4/17X.arc-evSecurity architecture for evaluation of technical vulnerabilitiesNewWei Li,
Chen Zhang		TD3707  2019-092021-09
10.    4/17X.gcmms*Guideline for countering multimedia messaging service spamNew

Jinfeng Kou,
 Zhaoji Lin,
Wei Liu,
Ye Tao

TD3696 2018-092021-09
11.    4/17X.tecwesTechnologies in countering website spoofing for telecommunication organizationsNewRuzhen Hu,
Meng Nan,
Chen Zhang		TD3706 2018-032021-09
12.    4/17X.tsfpp*Technical security framework for protection of users' personal information while countering mobile messaging spamNewFeng Gao, Junjie Xia, Bo Yu, Chen Zhang, Yanbin ZhangTD3145  2018-042021-09
13.    6/17X.sg-rat*Security guidelines for use of remote access tools in Internet-connected control systemNewGunhee LeeTD3679 2019-092021-09
14.    6/17X.ssp-iot*Security requirements and framework for IoT service platformNewHao Dong,
Yanfei Guo,
Lijun Liu,
Jae Hoon Nah, Wenxin Wang, Junjie Xia		TD3713 2018-032021-09
15.    6/17X.strvms*Security threats and requirements for video management systemNewJong Wook Han,
Geon Woo Kim,
Kyungsoo Lim		TD3685 2018-032021-09
16.    7/17X.sgosSecurity guidelines of web-based online customer serviceNewHao Dong,
Lijun Liu,
Jae Hoon Nah,
Wenxin Wang		TD3712 2018-032021-09
17.    7/17X.websec-7Reference monitor for online analytics servicesNewHyungjin Lim,
Jongyoul Park,
Junjie Xia		TD3661  2014-092021-09
18.    8/17X.sgBDIPSecurity guidelines for big data infrastructure and platformNewArnaud Taddei,
Ye Tao,
Laifu Wang		TD3689 2018-032021-09
19.    8/17X.sgccSecurity guidelines for container in cloud computing environmentNewLanfang Ren,
Ye Tao,
Laifu Wang,
Lei Xu		TD3699 2018-092021-09
20.    10/17X.b2mBiology-to-machine protocolNew

Erik Andersen,
 John Caras,
Myung Geun Chun

TD3654  2021-09
21.    10/17X.upu*UPU S68 Postal identity management frameworkNew

Gustavo Dama,
 Hiroshi Takechi

TD2507R1UPU S68 2021-09
22.    11/17X.672revInformation technology - Open systems interconnection - Object identifier resolution systemRevHan Hongqiang, Linjian SongTD3642R1ISO/IEC 29168-1 2021-09
23.    11/17X.509 Cor.1Information Technology - Open systems Interconnection - The Directory – Public-key and attribute certificate frameworks Cor. 1NewErik AndersenTD3764ISO / IEC 9594-8 Cor.1 2021-09
24.    11/17Z.161revTesting and Test Control Notation version 3: TTCN-3 core languageRevDieter Hogrefe ETSI ES 201 873-1 2021-09
25.    11/17Z.161.2revTesting and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment supportRevDieter Hogrefe ETSI ES 202 781 2021-09
26.    11/17Z.161.3revTesting and Test Control Notation version 3: TTCN-3 language extensions: Advanced parameterizationRevDieter Hogrefe ETSI ES 202 784 2021-09
27.    11/17Z.161.4revTesting and Test Control Notation version 3: TTCN-3 language extensions: Behaviour typesRevDieter Hogrefe ETSI ES 202 785 2021-09
28.    11/17Z.161.7revTesting and Test Control Notation version 3: TTCN-3 language extensions: Object-Oriented FeaturesRevDieter Hogrefe ETSI ES 203 790 2021-09
29.    11/17Z.167revTesting and Test Control Notation version 3: Using ASN.1 with TTCN-3RevDieter Hogrefe ETSI ES 201 873-7 2021-09
30.    11/17Z.168revTesting and Test Control Notation version 3: The IDL to TTCN-3 mappingRevDieter Hogrefe ETSI ES 201 873-8 2021-09
31.    11/17Z.169revTesting and Test Control Notation version 3: Using XML schema with TTCN-3RevDieter Hogrefe ETSI ES 201 873-9 2021-09
32.    11/17Z.171revTesting and Test Control Notation version 3: Using JSON with TTCN-3RevDieter Hogrefe ETSI ES 201 873-11 2021-09
33.    14/17X.das-mgtSecurity threats and requirements for the data access and sharing based on DLTNewMee Yeon Kim,
Keundug Park,
Heung Youl Youm		TD3726 2018-032021-09
34.    14/17X.srip-dlt*Security requirements for digital integrity proofing based on distributed ledger technologyNewJung Yeon Hwang,
Yuhee Ki,
Min Shu,
Wenlei Wang,
Yang Wu,
Yunwei Zhao		TD3662 2018-092021-09
35.    14/17X.ss-dltSecurity services based on DLTNewZhaoji Lin,
Ke Wang,
Kai Wei
Junjie Xia,
Min Zuo		TD3716 2017-092021-09
36.    14/17X.tf-spd-dltTechnical framework for secure software programme distribution mechanism based on distributed ledger technologyNewFeng Gao,
Nan Jiang,
Junjie Xia,
Bo Yu		TD1926 2018-032021-09
37.    15/17X.1712 (X.sec-QKDN_km)Security requirements and designs for quantum key distribution networks - key managementNewKaoru Kenyoshi,
Jiajun Ma,
Hao Qin,
Dong-Hi Sim		TD3760 2019-012021-09
38.    15/17X.tf-mpcTechnical guidelines for secure multi-party computationNewXiaoyuan Bai,
Hong Cheng,
Jung Yeon Hwang,
Zhaoji Lin,
Hongru Zhu		TD3643  2019-092021-09

Note:

*    for TAP determination; 

g)Other texts (Technical Reports, Technical Papers, Supplements, Implementer's Guides, etc) planned for agreement in next SG17 Aug/Sep 2021 meeting 

#QAcronymTitleNew / RevisedEditor(s)Location of textEquivalent
e.g., ISO/IEC		Start of workTiming
1.       3/17CSC-X.supSupplement to X.1051: Critical security controls for telecommunication organization information and network security management in support of ITU-T X.1051NewPatrice Payen,
Arnaud Taddei,
Mustafa Thaib		TD3717 2018-092021-09
2.       4/17TR.cs-mlTechnical Report: Countering spam based on machine learningNewWei Liu,
Ye Tao		TD3740 2019-092021-09
3.       8/17TR.XAAS (ex TR.fssvs)Technical Report: Framework for security standardization for virtualized servicesNewMark McFaddenC1074 2020-092021-09


 

Annex B
New work items

The following new work items were agreed to be added to the SG17 Work Programme:

#QuestionNWITDTitleC
1.       2/17X.5Gsec-message*TD3697Security Requirements for 5G Me​ssage ServiceC1040
2.       6/17TR.ibc-cd **TD3683Technical report: Guideline for identity-based cryptosystems used for cross-domain secure communicationsC1064
3.       7/17X.1144revTD2773eXtensible Access Control Markup Language (XACML) 3.0TD3769
4.       7/17X.guide-cddTD3665Security guidelines for combining de-identified data using trusted third partyC1005
5.       7/17X.sg-dtnTD3676Security Guidelines for Digital Twin NetworkC1052
6.       7/17X.videTD3645Guideline of visual feature protection and secure sharing mechanisms for de-identificationC987
7.       8/17X.gecds*TD3701Guideline on edge computing data securityC1055
8.       8/17X.sa-ecTD3719Security architecture of edge cloudC1065
9.       8/17X.sgcnp*TD3695Security guidelines for cloud native PaaSC1069
10.    10/17X.1251revTD3704A framework for user control of digital identityC983 R1
11.    15/17TR.hybsec-qkd **TD3667Technical Report: Overview of hybrid security approaches applicable to QKDC990
12.    15/17TR.sec-ai **TD3669Technical Report: Guidelines for security management of using artificualt intelligence technology C1020
13.    15/17TR.sec-qkd Cor. **TD3723Technical Report: Security considerations for quantum key distribution networkC1035
14.    15/17X.sec_QKDN_AATD3675Authentication and authorization in QKDN using quantum safe cryptography C1046
15.    15/17X.sec_QKDN_CMTD3725Security requirements and measures for quantum key distribution networks - control and managementC1045, C1000

Notes:

*: for TAP determination, **: for agreement, others for consent  ​

© ITU All Rights Reserved

Back to top