Committed to connecting the world

PP-18 coneference

Question 6/20

Security, Privacy, Trust, and Identification for IoT and SC&C

(Continuation of part of Questions 1/20, 4/20 and 5/20)

Towards the information society, there are increases in cyber-attacks, cybercrime, and loss of credit or trust. The ICT infrastructure will evolve to provide converged services and applications by accommodating many Internet of Things (IoT) sensors and IoT-related systems. Additionally, the world is experiencing an evolution of Smart Cities. Many stakeholders from various industries are involved in future converged and intelligent services to be deployed using ICT infrastructure. This heterogeneous environment, while it promises great advances in the way the services and applications are provisioned, and in the way systems are managed, administered, and maintained, yet comes with a very wide range of sector-specific risks and threat vectors. Implications for security, privacy[1]and the overall trust of use, adoption, and proliferation of IoT, and smart city devices, systems, services, applications, and platforms could hinder its overall market development. Therefore, it is important that security and privacy concerns are taken into account throughout the design process of products and systems to be used in IoT implementations commonly known as privacy by design and security by design, which emphasize that protections be built into information technologies, business practices, systems, processes, physical design, and networked infrastructure.   

The satisfaction of security and privacy requirements plays a fundamental role in the IoT environment and SC&C. Such requirements include data confidentiality and authentication, access control within the IoT network, availability, data integrity, privacy and trust among users and things, and non-repudiation.

Some security measures may not always be directly applied to IoT technologies. Moreover, the high number of interconnected devices raises scalability issues when applying security techniques; therefore, flexible infrastructures are needed, to deal with security threats in such environments. ICT infrastructures should be reliable, safe, confidential, and trustworthy. Therefore, security, privacy and trust provisioning for IoT is one of the outstanding standardization issues of the ITU-T SG20.

On the other hand, various identification technologies have always been regarded as an important enabling technology for IoT implementation. Both physical devices (such as tagged items and products, sensing devices) and virtual entities (such as computational processes, software) could be, or already are, assigned identifiers, in order to be identified and distinguished. It is important for each thing to be addressable, and identifiable in order to tackle, inter alia, privacy, security, trust, and network reachability issues in IoT deployments.

Study items to be considered include, but are not limited to: Tasks
Tasks include, but are not limited to: An up-to-date status of work under this Question is contained in the SG20 work programme

Recommendations: Questions: Study Groups: Other bodies:

[1]  Consistent with WTSA Resolution 2 (Hammamet, 2016)