ITU-T Study Group 17 Security, Languages and Telecommunication Software Summary of Results Study Period 2005-2008 Herbert Bertine.
Download ReportTranscript ITU-T Study Group 17 Security, Languages and Telecommunication Software Summary of Results Study Period 2005-2008 Herbert Bertine.
ITU-T Study Group 17 Security, Languages and Telecommunication Software Summary of Results Study Period 2005-2008 Herbert Bertine Contents Terms of reference Highlights of achievements Projects Future work Conclusions Supplemental slides ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 2 Terms of Reference Responsible for studies relating to security, the application of open system communications including networking and directory, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems. Lead Study Group for: – – Telecommunication security Languages and description techniques ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 3 Highlights of achievements (I) SG 17 successfully transitioned into a core competency center on security averaging 114 participants SG 17 examined 641 contributions and 2800+ TDs and drew up 88 new or revised Recommendations 43 Recommendations currently under AAP or TAP 66 draft new/revised Recommendations currently under development for approval in the next study period 2 Lead Study Group responsibilities, 3 Focus Groups, 2 JCAs, and 2 Projects were very active Increased collaboration with SDOs (eg, joint texts) ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 4 Highlights of achievements (II) Lead study group for Telecommunication Security – – Close coordination with other SGs and SDOs on security; Security Standards Roadmap developed Establishment of a Joint Coordination Activity on Identity Management (JCA-IdM) Lead study group for Languages and Description Techniques – – Progress on ITU-T languages driven by Language Coordination entity Establishment of a Joint Coordination Activity on Conformance and Interoperability Testing (JCA-CIT) Study Group 17 has managed Focus Groups on – – – User Requirements Notation (URN) Security Baseline for Network Operators (SBNO) Identity Management (IdM) ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 5 Security (WP 2) Highlights (I) Security Architecture and Frameworks – 4 Recs and 1 Supplement on aspects of network security Cybersecurity – – – – In support WTSA-04 Resolution 50 Overview of Cybersecurity (X.1205) X.1206 (spyware) and X.1207 (dissemination of updates) Extended and adopted OASIS CAP for emergency services Identity Management (IdM) – – – Leveraging significant deliverables from FG-IdM 2 Recs (X.1250, X.1251) in TAP, many under development Intense work program; many collaborations; difficult Countering Spam – – In support WTSA-04 Resolution 52 3 Recs approved, 1 in TAP, 4 under development ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 6 Security (WP 2) Highlights (II) Information Security Management – – Guidelines for telecommunications organizations (X.1051) with JTC1/SC27 (part of ISO/IEC 27000-series on ISMS) Incident Management and Risk Management Guidelines Secure applications and services – – Security for home network, mobile communications, peerto-peer communications, web services, IPTV, NID, … Markup languages SAML and XACML with OASIS Telebiometrics – Interworking protocol, authentication protocol, digital key framework, data security, safety aspects with ISO & IEC Communications systems security – – – In support WTSA-04 Resolution 50 Security baseline for network operators (from FG-SBNO) Security project (see separate slide) ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 7 Language (WP 3) Highlights ASN.1 and OIDs – – – New edition of ASN.1 (X.680/690-series) with JTC1/SC6 New edition of Registration Authorities for OIDs (X.660/X.670-series) with JTC1/SC6 ASN.1 and OID project (see separate slide) SDL, MSC, URN, UML – – – – Deliverable from FG-URN basis for Z.151 on URN Z.100, Z.109 on SDL, Z.111 on notations, Z.119 on UML, Z.120 Appendix on Application of MSC SDL update planned for 2009 Updated Z.110 on FDTs and Z.140 on quality of Recs Open Distributed Processing (ODP) – New X.906 and revised X.911 with JTC1/SC7 Testing languages and methodologies – – New edition of TTCN (Z.160/170-series) with ETSI Two Supplements on interoperability testing ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 8 Open Systems (WP 1) Highlights End-to-end Multicast with QoS – Relayed multicast and multicast transport with JTC1/SC6 Directory – – New edition of X.500-series Directory Recommendations including widely implemented X.509 with JTC1/SC6 E.115 was kept up-to-date to serve the increasing requirements for directory assistance service providers OSI – Implementers’ Guide issued Internationalized Domain Names (IDN) – – – In support WTSA-04 Resolution 48 Questionnaire issued and responses analyzed Webpage on IDN created and maintained ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 9 Security Project (Major focus is on coordination and outreach) Security coordination – – – – Within SG 17, with ITU-T SGs, with ITU-D and externally Kept TSAG, IGF, ISO/IEC/ITU-T SAG-S informed on security efforts Made presentations to workshops/seminars and to GSC Maintained reference information on the LSG on security webpage Security Compendium – Includes catalogs of approved security-related Recommendations and security definitions extracted from approved Recommendations Security Standards Roadmap Includes searchable database of approved ICT security standards from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS) ITU-T Security manual – assisted in its development – Survey of developing countries ICT security needs – – – The overall level of concern about cyber security is high There is a high level of interest in the possibility of obtaining advice and/or assistance on ICT security from the ITU The ITU needs to do a better in promoting its ICT security products ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 10 ASN.1 and OID Project ASN.1 (Abstract Syntax Notation One) – – – – A formal notation that is widely used for describing (binary or XMLencoded) data transmitted by telecommunications protocols Project provides speakers and tutorial material to assist users of ASN.1 within and outside of the ITU Project maintains a freely accessible database of error-free, compilable ASN.1 modules contained in ITU-T Recommendations and some additional modules from ISO/IEC and IETF to facilitate accurate implementation of protocols Database: http://www.itu.int/ITU-T/asn1/database (>650 modules) Object identifiers (OIDs) and associated registration – – – – Many standards define objects for which unambiguous identification is required (e.g., PKI, network management, directories, …); the OID tree is a hierarchical naming structure for these objects that is managed in a decentralized way Recently extended to include identifiers in any natural language Project helps people and organizations to set up a Registration Authority for their OIDs (>25 Member States have been helped) OID Repository: http://www.oid-info.com (gathers >93000 OIDs) ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 11 Future Work (I) Improving security and trust in networks is a top imperative for the ITU-T It is essential to a have a SG focused on security with a substantial and critical work program that will attract technical security experts needed to advance the work Need the right balance between centralized and distributed work on security with effective coordination Strengthened relationships and coordinated actions are needed on cybersecurity with ITU-D and Secretary General Excellent collaboration with other bodies on security has been established (e.g., ISO/IEC JTC 1, OASIS, Liberty Alliance, ...) and needs to be strengthened and broadened Improved awareness is needed of SG 17 security material and tools (highlighted by security Questionnaire responses) SG 17 would benefit by increased participation from underrepresented regions ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 12 Future Work (II) SG 17 proposed 16 Questions for the next study period, including 1 new on service oriented architecture security Associated with this work should be lead study group responsibilities for Security, Identity management, and Languages and description techniques 66 draft Recommendations are already under preparation for approval in the next study period All SG 17 leaders (except for IDN) are continuing their responsibilities uninterrupted during the interregnum period Security and ASN.1 & OID Projects as well as JCA-IdM and JCA-CIT need to continue given their important contributions Breakthrough is needed for the essential security work on Identity, Identity management and Personally identifiable information Restructuring of WPs is essential to achieve stronger integration of ASN.1, OID and Directory with core security ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 13 Conclusion Participation to SG 17 has increased during the study period to maintain well above 100 participants SG 17 has successfully transitioned this study period to security as its main focus with a core set of security experts Within security work, has significantly build-up participation and energy in Identity Management SG 17 has build strong relations with other key bodies working on security and initiated numerous collaborative efforts SG 17 has promoted and disseminated ITU-T security work (e.g., workshops, security roadmap); its achievements are well recognized ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 14 Supplemental Slides Management team Structure Leadership for other groups (JCAs and FGs) Statistics Workshops (with SG 17 leadership / participation) Acknowledgements ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 15 Management Team (I) Chairman Herbert V. BERTINE Vice-Chairmen Jianyong CHEN USA China Byoung-Moon CHIN Korea Arkadiy KREMER Russia Arve MEISINGSET Norway Ostap MONKEWICH Canada Yu WATANABE Japan ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 16 Management Team (II) WP Chairmen TSB Byoung Moon CHIN WP 1/17 Yu WATANABE WP 2/17 Ostap MONKEWICH WP 3/17 Georges SEBEK Counsellor Xiaoya YANG Counsellor Gabrielle REGAN Assistant Isabelle GARDE Assistant ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 17 Study Group Structure WP 1/17, Open Systems Technology Multicast communications, directories, internationalized domain names and maintenance of OSI Recommendations WP 2/17, Telecommunication Security ITU-T security project, development of the generic securityrelated Recommendations including Identity Management (IdM) in support of ITU-T’s work WP 3/17, Languages and Telecommunication software ASN.1 and OID project, development of ITU-T formal languages, support of ITU-T activities on conformance and interoperablity testing (CIT) Joint coordination activities (JCA-IdM, JCA-CIT) Focus groups (FG URN, FG SBNO, FG IdM)* * all terminated ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 18 Leadership for SG 17-related other groups (I) JCA-IdM – Co-Conveners: Richard BRACKNEY, Chae-Sub LEE, Olivier DUBUISSON – Represented: TSAG, SGs 2, 3, 4, 5, 6, 9, 11, 12, 13, 15, 16, 17, 19, ATIS, FIDIS, GSMA, ISO/IEC JTC1/SC6, ISO/IEC JTC1/SC27/WG5, ISO/IEC JTC1/SC17, Liberty Alliance, OECD, Eclipse (Higgins Project), Concordia JCA-CIT – – Convener: Ostap MONKEWICH Represented: SGs 4, 11, 13, 16, 17, 19 ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 19 Leadership for SG 17-related other groups (II) FG URN – (Established 11 2000; Terminated 04 2005) Chairman: Daniel AMYOT FG SBNO – – Chairman: Arkadiy KREMER Vice-Chairman: Luis Sousa CARDOSO FG IdM – – (Established 10 2005; Terminated 09 2007) (Established 12 2006; Terminated 09 2007) Chairman: Abbie BARBIR Vice-Chairman: Antony NADALIN, Richard BRACKNEY ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 20 Focus Group URN - Key Facts Focus Group URN established: Work electronically 11 2000 Members: Practitioners Researchers User communities email wiki workshops Deliverables: – – – – – 5 Language requirements and framework Z.150 Language definition Z.151 Use case map notation draft Methodological approach draft UML profile for URN draft Terminated: Work continues within: 04 2005 Question 12/17 ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 21 Focus Group SBNO - Key Facts FG SBNO established: Meetings: 10 2005 Members: Network operators, Administrations, ICT companies, Academia Deliverables: 2 – – Associated to regional events Survey on security baseline for network operators 2006-2007 Proposed draft Recommendation X.sbno X.Sup2 (09 2007) Terminated: Work continues within: 09 2007 Question 4/17 ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 22 Focus Group IdM - Key Facts FG IdM established: Meetings: – – face-to-face Electronic 12 2006 5 every 1,5 month email, wiki Members: ITU-T and other SDO members, ICT experts Deliverables: 6 reports on – – – – – – Activities completed and proposed Deliverables Identity management ecosystem and lexicon Identity management use cases and gap analysis Requirements for global interoperable identity management Identity management framework for global interoperability Terminated: Work continues within: 09 2007 IdM-GSI ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 23 Statistics (I) 45 rapporteur group meetings held (standalone, during GSI events or collaborative with ISO/IEC JTC 1/SC 6, 7, 27 or 37) 641 contributions received (excluding Rapporteur meetings) 7 SG meetings held 5 WP 1, 2, 3 meetings held 2 IdM-GSI events held (rapporteur groups) Min/Max/Average SG participants: 88/141/114 ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 24 Statistics (II) 88 New/Revised Recommendations approved, plus 43 Recommendations determined or consented 66 draft new/revised Recommendations currently under development for approval in the next study period 15 Questions assigned by WTSA-04 2 New Questions added during study period 16 Questions proposed for next period ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 25 Workshops (I) Advancing public-private partnerships for e-business standards Geneva, Switzerland, 18 – 19 September 2008 Joint ITU-T and SDL Forum Society workshop on "ITU System Design Languages" Geneva, Switzerland, 15 – 16 September 2008 Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection Buenos Aires, Argentina, 16-18 October 2007 WSC - Workshop on Transit Security Gaithersburg, USA, 4-5 October 2007 Joint ITU-T SG 17, ISO/IEC JTC 1/SC 27/WG 5 and FIDIS Workshop on Identity Management Standards Lucerne, Switzerland, 30 September 2007 ITU Workshop on Frameworks for National Action: Cybersecurity and Critical Information Infrastructure Protection Geneva, 17 September 2007 Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection Hanoi, Vietnam, 28-31 August 2007 Second Informal Workshop on Conformance and Interoperability Testing Geneva, 08 December 2006 ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 26 Workshops (II) ITU-T Workshop on Digital Identity for NGN Geneva, 05 December 2006 Telecommunication Standardization Workshop Maputo, Mozambique 25-27 October 2006 Joint ITU-T/ OASIS Workshop and Demonstration of Advances in ICT Standards for Public Warning Geneva, 19-20 October 2006 SAM 06 Kaiserslautern, Germany, 31 May - 02 June 2006 ITU and UNESCO Global Symposium on Promoting the Multilingual Internet Geneva, 9-11 May 2006 Informal Workshop on Conformance and Interoperability Testing Geneva, 25 January 2006 Workshop on “New Horizons for Security Standardization” Geneva, 3 - 4 October 2005 SDL'05 Forum 20-23 June, 2005, Grimstad, Norway ITU-T Workshop on NGN in collaboration with IETF ITU Headquarters, Geneva, 1 - 2 May 2005 Cybersecurity Symposium II Moscow, Russian Federation, 29 March 2005 ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 27 Acknowledgements Great thanks are due to the many people who have contributed to the enormous success of SG 17 during this study period: Delegates with their many contributions Editors in drafting texts for Recommendations Rapporteurs in leading work efforts Liaison officers in coordinating efforts with other bodies Project leaders, Focus Group leaders, JCA leaders Management team including Working Party chairmen TSB support – Counsellors, Assistants and other staff Best wishes to all for the next study period ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 28 Thank you! Herbert Bertine is chairman of ITU-T Study Group 17. He has been actively involved in the standards work of the ITU since 1975 and has held senior leadership positions since 1980. He has devoted extensive efforts in facilitating cooperation with SDOs. He represents the ITU-T in ISO/IEC/ITU-T SAG on security and is the ITU-T liaison officer to ISO/IEC JTC 1. Herb also has been active in other arenas dealing with ICT standards including ISO/IEC JTC 1/SC 6 and ANSI. He was instrumental in developing the collaborative procedures between ITU-T and JTC 1 (reflected in Rec. A.23) and in establishing the cooperative procedures with the IETF. Herb retired in November 2007. He was Director, Standards at Lucent Technologies where he led Lucent’s standards efforts worldwide. He joined Bell Laboratories in June 1965 and spent his career in communication technologies. This included systems engineering work on modems, digital data systems, X.25 packet networks, open systems, and advanced communication systems. Since 1982, he had various responsibilities for corporate-wide standards management. In October 2006, Herb was awarded the American National Standards Institute (ANSI) Edward Lohse Information Technology Medal for outstanding technical and managerial leadership in establishing international information technology and telecommunications standards and the methods by which they are produced. Herb has a Bachelor of Electrical Engineering degree and a Master of Electrical Engineering degree from Rensselaer Polytechnic Institute. He is a member Eta Kappa Nu (EE Honor Society) and Tau Beta Pi (Engineering Honor Society) and of the Institute of Electrical and Electronic Engineers (IEEE). ITU-T Study Group 17 Security, Languages and Telecommunication Software International Telecommunication Union 29