Transcript www.oasis-open.org ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus) Abbie Barbir, Ph.D. [email protected] ITU-T Q6/17 Cybersecurity Question Rapporteour OASIS IDTrust MS Steering Committe OASIS Telecom.

www.oasis-open.org
ITU-T Perspectives on the
Standards-Based Security
Landscape (SG 17 Main Focus)
Abbie Barbir, Ph.D.
[email protected]
ITU-T Q6/17 Cybersecurity Question Rapporteour
OASIS IDTrust MS Steering Committe
OASIS Telecom MS Co-chair
OASIS TAB
ISO JTC1 CAC SC6 Vice-Chair
Senior Advisor
CEA, SOA, Web Services, IdM, Security
Strategic Standards
Nortel
www.oasis-open.org
Outline
•
•
•
•
•
Introduction to ITU
Security work at ITU Study Groups
SG 17 Security work
Higlight of Current Activities
Challenges
What is International
Telecommunication Union (ITU) ?
n
Group
Organization
HeadquarteredStudy
in Geneva,
is the
UN specialized agency for telecom
 SG 17, Security, Languages and
Telecommunication Software
(WTSA)
 Lead Study Group on Telecommunication Security
(TSAG)
 SG 2, Operational Aspects of Service Provision, Networks and
Performance
ITU-T
ITU-D
Telecommunication
 SG
4, Telecommunication Management Assisting implementation
standardization of
and operation of
 SG
5, Protection
Against Electromagnetic Environment
Effectsin
network
and service
telecommunications
countries
 SG 9, aspects
Integrated Broadband Cable Networksdeveloping
and Television
and
Sound Transmission
ITU-R
 SG 11, Signalling Requirements
and Protocols
 SG 13, Next GenerationRadiocommunication
Networks
standardization and
 SG 15, Optical and Other
Transport
Network Infrastructures
global
radio spectrum
management
 SG 16, Multimedia Terminals,
Systems and Applications
 SG 19, Mobile Telecommunication Networks
Strategic Direction
Cybersecurity – one of the top priorities of the ITU

ITU’s role in implementing the outcomes of the World Summit on the
Information Society (WSIS) Plenipotentiary Resolution 140 (2006)



Study of definitions and terminology relating to building confidence and
security in the use of information and communication technologies
Plenipotentiary Resolution 149 (2006)
WTSA-04 Resolution 50, Cybersecurity – Instructs the Director of TSB
to develop a plan to undertake evaluations of ITU-T “existing and
evolving Recommendations, and especially signalling and
communications protocol Recommendations with respect to their
robustness of design and potential for exploitation by malicious parties
to interfere destructively with their deployment”
WTSA-04 Resolution 52, Countering spam by technical means –
Instructs relevant study groups “to develop, as a matter of urgency,
technical Recommendations, including required definitions, on
countering spam”
Highlights of current activities (1)



ITU Global Cybersecurity Agenda (GCA)

A Framework for international cooperation in cybersecurity

Five key work areas: Legal, Technical, Organisational, Capacity
Building, International Cooperation

High-Level Experts (HLEG) working on global strategies

GCA/HLEG met 26 June 2008 to agree upon a set of
recommendations on all five work areas for presentation to ITU
Secretary-General
ISO/IEC/ITU-T Strategic Advisory Group on Security

Coordinates security work and identifies areas where new
standardization initiatives may be warranted. Portal established.
Workshops conducted.
Identity Management
l
Effort jump started by IdM Focus Group which produced 6 substantial
reports (265 pages) in 9 months
l
JCA –IdM and IdM-GSI established – main work is in SGs 17 and 13
Highlights of current activities (2)


Core security (SG 17)
 Covering frameworks, cybersecurity, countering spam, home
networks, mobile, web services, secure applications, telebiometrics,
etc.
 Work underway on additional topics including IPTV, multicast,
security; risk management and incident management; traceback,
Bots, Privacy,
 Questionnaire issued to developing countries to ascertain their
security needs
 Updated security roadmap/database, compendia, manual;
strengthened coordination
Security for NGN (SG 13)
 Y.2701: Security Requirements for NGN Release 1
 Y.2702: NGN Authentication and Authorization Requirements
 Y.NGN SecMechanisms: NGN Security Mechanisms and
Procedures
 Y.NGN Certificate: NGN Certificate Management
 Y.AAA: Application of AAA for Network Access Control in UNI and
ANI over NGN
Identity
Connecting users with services
and with others (Federation)
People have multiple identities, each within a
specific context or domain
Work – [email protected]
Family – [email protected]
Hobby – [email protected]
Volunteer – [email protected]
Collaboration
PC
PDA
Video
Voice
Telephony
Smart
Phone
Whatever
you’re using
(devices)
Cellular
Whatever
you’re doing
(applications)
Web
Apps
ERP
Wherever you are
At your Desk
On the Road
Managed Office
At Home
•
•
In the Air
(across various access types)
Network Identity is essential
Need end-to-end trust model
In Town
Challenges
Addressing security to enhance trust and confidence of users in
networks, applications and services

With global cyberspace, what are the security priorities for the ITU
with its government / private sector partnership?

Need for top-down strategic direction to complement bottom-up,
contribution-driven process

Balance between centralized and distributed efforts on security
standards

Legal and regulatory aspects of cybersecurity, spam, identity/privacy

Address full cycle – vulnerabilities, threats and risk analysis;
prevention; detection; response and mitigation; forensics; learning

Marketplace acceptance of Information Security Management
System (ISMS) standards (ISO/IEC 27000-series and ITU-T X.1051)
– the security equivalent to ISO 9000-series

Effective cooperation and collaboration across the many bodies
doing cybersecurity work

Informal security experts network – needs commitment
There is no “silver bullet” for Cybersecurity
Some useful web resources
n
n
n
n
n
n
n
n
n
ITU-T Home page
http://www.itu.int/ITU-T/
Security Roadmap
http://www.itu.int/ITUT/studygroups/com17/ict/index.html
Security Manual
http://www.itu.int/publ/T-HDB-SEC.03-2006/en
Cybersecurity Portal
http://www.itu.int/cybersecurity/
Cybersecurity Gateway http://www.itu.int/cybersecurity/gateway/index.html
Recommendations
http://www.itu.int/ITU-T/publications/recs.html
ITU-T Lighthouse
http://www.itu.int/ITU-T/lighthouse/index.phtml
ITU-T Workshops
http://www.itu.int/ITU-T/worksem/index.html
LSG on Security
http://www.itu.int/ITU-T/studygroups/com17/telsecurity.html
www.oasis-open.org
Backup
NGN architecture overview (Y.2012)
Applications
ANI
Management Functions
Application Support Functions & Service Support Functions
Service User
Profiles
Service Control
Functions
Service stratum
Network Attachment
Control Functions
Transport User
Profiles
End-User
Functions
Resource and
Admission
Control Functions
Transport Control Functions
Other
Networks
Transport Functions
UNI
NNI
Transport stratum
Control
Media
NGN architecture overview (Y.2012)
Management Functions
Applications




ANI
Application Support Functions & Service Support Functions
Service User
Profiles
Service stratum
End-User
Functions
UNI
Service Control
Functions
Network Attachment
Control Functions
Transport User
Profiles
Resource and
Admission
Control Functions
Transport Control Functions
Other
Networks
Transport Functions
Transport stratum
Packet-based network with QoS support
and Security
Separation between Services and Transport
Access can be provided using many
underlying technologies
 Should be reflected in policy
Decoupling of service provision from
network
NNI
Control
Media
Support wide range of services/applications
Converged services between Fixed/Mobile
 Broadband capabilities with end-to-end QoS
 Compliant with regulatory requirements
 Emergency communications, security, privacy,
lawful interception
 ENUM Resources, Domain Names/ Internet
Addresses
NGN Security Trust Model
Network Elements not
always controlled
by the NGN provider
Untrusted Zone
TE
TE
Providercontrolled
Equipment
TE-BE
TE
TE
TE-BE
Network Elements
controlled by
the NGN provider
Trusted but
Vulnerable
Zone
Network
Border
Elements
(NBE)
Trusted
Zone
NGN
network
Elements
NGN Peering Trust Model
Provider B from
Provider A’s point of view
Provider A
Trusted
Zone
NGN
network
Elements
Trusted but
Vulnerable
Zone
Domain
Border
Elements
(DBE)
Untrusted
Zone
Domain
Border
Elements
(DBE)
NGN
network
Elements