Committed to Connecting the World SG 17 input for a joint ITU-T | ISO/IEC JTC 1 leadership meeting (4-5 February 2010) Chairman: Arkadiy Kremer Counsellor:

Download Report

Transcript Committed to Connecting the World SG 17 input for a joint ITU-T | ISO/IEC JTC 1 leadership meeting (4-5 February 2010) Chairman: Arkadiy Kremer Counsellor:

Committed to Connecting the World
SG 17 input for a joint
ITU-T | ISO/IEC JTC 1 leadership
meeting (4-5 February 2010)
Chairman: Arkadiy Kremer
Counsellor: Georges Sebek
Joint ITU-T/ISO IEC JTC 1
Leadership meeting
February 2010
1
Committed to Connecting the World
ITU-T SG 17 role and mandate
 Responsible for studies relating to security
including cybersecurity, countering spam and
identity management. Also responsible for the
application of open system communications
including directory and object identifiers, and
for technical languages, the method for their
usage and other issues related to the software
aspects of telecommunication systems
 Lead study group on telecommunication
security, identity management (IdM) and
languages and description techniques
February 2010
2
Committed to Connecting the World
Q2 Architecture
Q3 ISM
Q4 Cybersecurity
Countering
Q5 spam
WP 1
February 2010
Ubiquitous
Q6 services
Q7 Applications
Q8 SOA
Q9 Telebiometrics
WP 2
Identity management and languages
Security
Q1 project
Application security
Network and information security
SG 17 structure
Q10 IdM
Q11 Directory
Q12 ASN.1, OID
Q13 Languages
Q14 Testing
Q15 OSI
WP 3
3
Committed to Connecting the World
Collaboration
on ICT Security Standards Roadmap
(Q.1/17 Telecommunications systems security project)
 An important on-line security standards resource developed in
collaboration with ISO/IEC, ENISA, ETSI, IETF and other
SDOs
 Comprises 5 parts:
 Part 1 contains information about organizations working on
ICT security standards
 Part 2 is a searchable database of existing security standards
from 9 SDOs and consortia
 Part 3 lists (or links to) current projects and standards in
development
 Part 4 identifies future needs and proposed new standards
 Part 5 lists security best practices
 Publicly available under Special Projects and Issues at:
 www.itu.int/ITU-T/studygroups/com17/index
 Need to establish a process for regular updating of the
Roadmap
February 2010
4
Committed to Connecting the World
Collaboration
on telecommunication information security
management
(Q.3/17 Telecommunications information security management)
 Close collaboration and liaison with JTC 1/SC
27/WG1 - Information security management
systems (ISMS)
 Developing common Recommendations |
International Standards
 ITU-T X.1051 | ISO/IEC 27011, Information
security management guidelines for
telecommunications organizations based on
ISO/IEC 27002 (Published 2008)
 ITU-T X.isgf | ISO/IEC 27014, Information
security governance framework (Currently under
development as a joint project)
 Enhancing ISMS related documents in Q.3/17
 Information security management guidelines
for small and medium telecommunication
organizations
 Information asset maintenance guidelines
February 2010
5
Committed to Connecting the World
Collaboration
on cybersecurity information exchange
(Q.4/17 Cybersecurity)

Q.4/17 cybersecurity information exchange (CYBEX) links
 ISO/IEC JTC 1 SC 27/WG1




Information security management system requirements (ISO/IEC 27001)
Information security management code of practice (ISO/IEC 27002)
Information security governance (ISO/IEC 27014)
Information security management for inter-sector and inter-organizational
communication (ISO/IEC 27010)
 ISO/IEC JTC 1 SC 27/WG 3



Evaluation criteria for IT security, international common criteria project (ISO/IEC 15408,
18045)
Protection profile registration procedures (ISO/IEC 15292)
Security assessment of operational systems (ISO/IEC 19791)
Responsible vulnerability disclosure (ISO/IEC 27047)






Cybersecurity (ISO/IEC 27032)
Network security (ISO/IEC 27033)
Application security (ISO/IEC 27034)
Information security incident management (ISO/IEC 27035)
Security of outsourcing (ISO/IEC 27036)
Guidelines for digital evidence (ISO/IEC 27037)

Entity authentication assurance (ITU-T X.eaa | ISO/IEC 29115)

 ISO/IEC JTC 1 SC 27/WG 4
 ISO/IEC JTC 1 SC 27/WG 5
February 2010
6
Committed to Connecting the World
Collaboration
on ubiquitous sensor network security
(Q.6/17 Security aspects of ubiquitous telecommunication services)
 Close collaboration and liaison with JTC 1/SC
6/WG 7 - ubiquitous sensor network (USN)
security
 Developing common Recommendations |
International Standards
 ITU-T X.usnsec-1 | ISO/IEC CD 29180, Security
framework for ubiquitous sensor network (Currently
under development as a joint project)
 Advance authorization for Final Committee Draft
ballot on ITU-T X.usnsec-1 | ISO/IEC CD 29180 in
January 2010 JTC 1/SC 6/WG 7 meeting
 Further consideration for inclusion of joint
works on Recommendations
 X.usnsec-2, Ubiquitous sensor network (USN)
middleware security guidelines
 X.usnsec-3 Secure routing mechanisms for wireless
sensor network
February 2010
7
Collaboration
on biometrics related technology
Committed to Connecting the World
(Q.9/17 Telebiometrics)
ISO/IEC JTC 1/SC 37
Biometrics
ISO TC 12 IEC TC 25
Quantities and Units
ISO/IEC JTC 1/SC 27
IT Security Techniques
Threats & Countermeasures
Data & System protection
Authentication protocol for
Biometrics applications in
Telecommunication
Vocabulary
Biometrics data format
Application interfaces
Application profiles
Testing scenario
Biometric data
used in e-health
applications
Biometric sample
protection
Biometric template
protection
Private information
protection
ITU-T/SG 17 WP 2/Q.9
Telebiometrics
February 2010
8
Collaboration
on biometrics related technology
Committed to Connecting the World
(Q.9/17 Telebiometrics)
ITU-T Recommendations
Collaboration with ISO, IEC or
ISO/IEC JTC1 Projects
X.1083 BioAPI Interworking Protocol
Joint collaboration with ISO/IEC
JTC1/SC37 (IS 24708 - BioAPI
Interworking Protocol)
X.1086 Telebiometrics Protection Procedures Part1: A Guideline to Technical and Managerial
Countermeasures for Biometric Data Security
Collaboration with ISO/IEC JTC1/SC27
(IS 19792 - Security evaluation of
biometrics)
X.1089 Telebiometrics Authentication
Infrastructure
Collaboration with ISO/IEC JTC1/SC27
(IS 24761 - Authentication context for
biometrics)
X.gep A guideline for evaluating telebiometric
template protection techniques
Collaboration with ISO/IEC JTC1/SC27
(IS 24745 - Biometric template
protection )
X.th1 Generic ASN.1 definitions for
telebiometrics related to health
communications.
Collaboration with ISO TC 12 and IEC
X.th2 to X.th6 Telebiometrics related to physics, TC 25
chemistry, biology, culturology and psychology
February 2010
9
Committed to Connecting the World
Collaboration
on identity management
(Q.10/17 Identity management architecture and mechanisms)
 Collaboration with ITU-T SGs 2, 11, 13 and 16; ITU-D SG
1, ISO/IEC JTC 1 SCs 6, 27 and 37; IETF; ATIS;
ETSI/TISPAN; OASIS; Kantara Initiative; OMA; NIST;
3GPP; 3GPP2, Eclipse; InCommon; PRIME; OpenID
Foundation; Shibboleth; etc. Eclipse; InCommon; PRIME;
OpenID Foundation; Shibboleth; etc.
 JCA-IdM
 designed to minimize duplication of coordinate IdM
Standardization work by exchanging information about ongoing projects. 7 meetings held during the period 2008-2010
 basic coordination tool is an IdM Roadmap that provides
abstracts and relationships of IdM projects in major IdM
SDO's, consortiums, and fora
 Significant progress has been made in developing a set of
baseline IdM terms and definitions that were initiated by ITU-T
 SC 27 is a regular participant and contributor to the JCA-IdM
February 2010
10
Committed to Connecting the World
Collaboration
on entity authentication assurance, X.eaa
with ISO/IEC JTC 1/SC 27/WG 5 (Q.10/17)




ITU-T X.eaa  ISO/IEC 29115 5th WD sessions held in September
(ITU-T) and November 2009 (ISO/IEC JTC 1/SC 27)
 ITU-T proposed change in scope
 a proposal to establish a Collaborative Team with Terms of Reference (ToR)
submitted to ISO/IEC JTC 1/SC 27/WG5
 SC 27 accepted a 6th WD with a significantly changed format and new
material. ToR were reviewed, modified and sent to the ISO national bodies.
ToR should be approved in April 2010
In January 2010 the 6th WD, representing major improvements was
sent to the ISO Secretariat for distribution to national bodies
WG 5 requested a one year extension for ITU-T X.eaa  ISO/IEC
29115
It is anticipated that with the establishment of the Collaborative
Team, progress should improve
February 2010
11
Committed to Connecting the World
Collaboration
on the Directory
(Q.11/17 Directory services, Directory systems, and publickey/attribute certificates)
 Two Directory projects:
 ITU-T X.500-series | ISO/IEC 9594–All Parts
 ITU-T E.115 - Computerized directory assistance
 ITU-T X.500 | ISO/IEC 9594 in fruitful cooperation with
ISO/IEC JTC 1/SC 6
 X.500 is a specification for a highly secure, versatile
and distributed directory
 The specification is under continuous enhancement
 support for RFID an important new work item
 ITU-T X.509 | ISO/IEC 9594-8, the most important
standard:
 Basis for eGovernment, eBusiness, etc. all over the world
 Is the base specification for many other groups (IETF
PKIX,
ETSI ESI, CA Browser Forum, etc.)
February 2010
12
Committed to Connecting the World
Collaboration
on ASN.1 and Object Identifiers
(Q.12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers
(OIDs) and associated registration)
 Five main projects:





Abstract Syntax Notation 1 (ASN.1)
ASN.1 encoding rules
Object identifiers
Registration of tag-based applications and services
The Object Identifier Resolution System
 ITU-T X.680-series | ISO/IEC 8824 in collaboration with
ISO/IEC JTC 1/SC 6 (and earlier with SC 16)
 These are the base ASN.1 standards – a widely used
notation for abstract syntax definition
 ITU-T X.690-series | ISO/IEC 8825 in collaboration with
ISO/IEC JTC 1/SC 6 (and earlier with SC 16)
 Specification of encoding rules, including XML encodings
for ASN.1
February 2010
Committed to Connecting the World
Collaboration
on ASN.1 and Object Identifiers
(Q.12/17 Abstract Syntax Notation One (ASN.1), Object Identifiers
(OIDs) and associated registration)
 ITU-T X.660-series | ISO/IEC 9834 in
collaboration with ISO/IEC JTC 1/SC 6
 The Object Identifier Standards. OIDs form a major
part of world-wide unambiguous identification
schemes for security and other purposes
 ITU-T X.668 | ISO/IEC 9834-9 in collaboration
with ISO/IEC JTC 1/SC 6
 Registration of tag-based identification schemes
 ITU-T X.oid-res | ISO/IEC CD2 29168 in
collaboration with ISO/IEC JTC 1/SC 6
 Provides for on-line access using DNS to multi-media
information associated with and International OID
node
February 2010
Committed to Connecting the World
Collaboration
on formal languages
(Q.13/17 Formal languages and telecommunication software)
 ODP Recommendations developed jointly with SC 7 are now in
maintenance phase
 To some extent SDL overlaps the domain of JTC 1/SC 7
LOTOS and E-LOTOS, however (at least for
telecommunications) SDL is more widely used.
 Work plan covers the UML profiles for SDL, MSC, URN and
(possibly) Testing and Test Control Notation (TTCN).
 UML profiles integrate the ITU-T languages using UML as a
framework. Thus (like JTC 1/SC 7) Q.13/17 has interest in OMG
UML, though Q.13/17 uses OMG UML 2.n (not UML 1.4.2 as in
ISO/IEC 19501:2005).
 Q.13/17 has in its scope (though no work is planned): the
CHILL programming language – Z.200, quality issues – Z.400
and Z.450, architecture – Z.600 and Z.601.
February 2010
15
Committed to Connecting the World
ISO/IEC/ITU-T
Strategic Advisory Group on Security
 Terms of reference
 To oversee standardization activities in ISO, IEC and
ITU-T relevant to the field of security
 To provide advice and guidance to the ISO Technical
Management Board, the IEC Standardization
Management Board and the ITU-T Telecommunication
Standardization Advisory Group (TSAG) relative to the
coordination of work relevant to security, and in
particular to identify areas where new standardization
initiatives may be warranted
 To monitor the implementation of the
recommendations of the SAG-S
 Web site: http://www.iso.org/iso/iss_home
 ITU-T SG 17 provides representatives to SAG-S
February 2010
16
Committed to Connecting the World
Summary
 ITU-T SG 17 has a long experience of collaboration with
ISO, IEC TCs/SCs and JTC 1 SCs
 ITU-T SG 17 hosts collaborative meetings with SC 6 on
ASN.1 and OID, Directory, ubiquitous sensor networks
(USN) security (new). Collaborative meetings are
planned with SC 27 on Entity Authentication assurance
 Details on collaboration are given at
http://www.itu.int/ITUT/studygroups/com17/refdocs/relationships.html
 SG 17 is maintaining reference documents:
 Listing of common text and technically aligned
Recommendations | International Standards
 Mapping between ISO/IEC Standards and ITU-T
Recommendations
February 2010
17