Committed to connecting the world


Question 6/20

​​Security, privacy, trust, and identification for IoT and SC&C

(Continuation of Question 6/20, part of Q1/20 and Q4/20​)​

Towards the information society, there are increases in cyber-attacks, cybercrime, and loss of credit or trust. The ICT infrastructure will evolve to provide converged services and applications by accommodating many Internet of Things (IoT) sensors and IoT-related systems. Additionally, the world is experiencing an evolution of Smart Cities. Many stakeholders from various industries are involved in future converged and intelligent services to be deployed using ICT infrastructure. This heterogeneous environment, while it promises great advances in the way the services and applications are provisioned, and in the way systems are managed, administered, and maintained, yet comes with a very wide range of sector-specific risks and threat vectors. Implications for security, privacy[1] and the overall trust of use, adoption, and proliferation of IoT, and smart city devices, systems, services, applications, and platforms could hinder its overall market development. Therefore, it is important that security and privacy concerns are taken into account throughout the design process of products and systems to be used in IoT implementations commonly known as privacy by design and security by design, which emphasize that protection be built into information technologies, business practices, systems, processes, physical design, and networked infrastructure.

The satisfaction of security and privacy requirements plays a fundamental role in the IoT environment and SC&C. Such requirements include data confidentiality and authentication, access control within the IoT network, availability, data integrity, privacy and trust among users and things, and non-repudiation.

Some security measures may not always be directly applied to IoT technologies. Moreover, the high number of interconnected devices raises scalability issues when applying security techniques; therefore, flexible infrastructures are needed, to deal with security threats in such environments. ICT infrastructures should be reliable, safe, confidential, and trustworthy. Therefore, security, privacy and trust provisioning for IoT is one of the outstanding standardization issues of the ITU-T SG20.​

On the other hand, various identification technologies have always been regarded as an important enabling technology for IoT implementation. Both physical devices (such as tagged items and products, sensing devices) and virtual entities (such as computational processes, software) could be, or already are, assigned identifiers, in order to be identified and distinguished. It is important for each thing to be addressable, and identifiable in order to tackle, inter alia, privacy, security, trust, and network reachability issues in IoT deployments.

Taking into account the variety of devices, systems, services and applications within IoT and SC&C domains, it is essential to develop trustworthiness models that ensure all physical and virtual things involved are trusted enough to be part of IoT and SC&C environment. Such models should be integrated within IoT and SC&C architectures while defining the set of rules to ensure implementation of trusted IoT systems. The security and trustworthiness architectures should be substantial part of any E2E architectures developed for IoT and SC&C verticals and use-case.

In addition, the adoption of new technologies such as block-chain, big data, quantum computing, machine learning and artificial intelligence (AI) can play important role in developing advanced cost-effective measures and mechanisms to create such trustworthy environment within IoT and SC&C domains.

All above requirement need to be carefully analysed for various IoT verticals and use-cases that may require specific additional demands due to its nature and underlying standards used for IoT and SC&C devices, systems, applications, protocols, platforms, and services.
Study items to be considered include, but are not limited to: Tasks
Tasks include, but are not limited to: An up-to-date status of work under this Question is contained in the SG20 work programme (​

WSIS Action Lines:
Sustainable Development Goals:
Questions: Study Groups: Other bodies:

[1] Consistent with WTSA Resolution 2 (Hammamet, 2016)