Committed to connecting the world

Search for:

-->

1809-summary

Executive Summary

Meeting of ITU-T SG17 'Security', Geneva, 29 August – 7 September 2018

Hot topics:

Transformation of Security Study – incubation trial in SG17
Revision of Question texts
PKI
TTCN-3
IoT security
5G security
Big Data security
Intelligent Transport System (ITS) security
Distributed Ledger Technology (DLT) security
Distributed identity management
Software-defined networking security
Personally identifiable information protection
Quantum key distribution

ITU workshop on Advanced Cybersecurity Attacks and Ransomware

The event was announced by TSB Circular 97 and was attended by 105 participants (including remote participation) from 27 countries. Outcome of this workshop identified next step advices for SG17 is found at: https://www.itu.int/en/ITU-T/Workshops-and-Seminars/20180828/Documents/Outcomes_final.pdf

Meeting Output:

Approved (TAP) 1 new ITU-T Recommendations. Details are in Annex A a).
Agreed 3 new Supplement/Implementer's Guide. Details are in Annex A c).
(re-)Determined (TAP) 3 draft new ITU-T Recommendations. Details are in Annex A d).
Consented (AAP) 19 new/revised texts for Last Call. Details are in Annex A e).
25 new work items were agreed to be added to the SG17 work programme. Details are in Annex B.
7 existing work items to be removed. Details are in Annex C.
4 Question Texts revised.

Next SG17 meeting:

Tuesday 22 – Wednesday 30 January 2019, Geneva, Switzerland (8 working days including Sunday 27 Jan 2019).

Workshop on AI, ML and security on Monday 21 January 2019, Geneva, Switzerland.

Tuesday 27 August – Thursday 5 September 2019 (To be confirmed), Geneva, Switzerland.

Workshop on FinTech (To be confirmed) security on Monday 26 August 2019, Geneva, Switzerland.

8 texts are candidate for action in next SG17 meeting, see in Annex A f).
Interim RGM meetings: 3 Questions plan to hold 3 RGMs.

	Q	Date	Place/Host	Subject/objective
1.	10/17 (collocate with 14/17)	3rd week in November 2018 (tbc)	Tokyo, Japan	tbd
2.	13/17	Nov 2018	tbc	To address all items.
3.	14/17 (collocate with 10/17)	3rd week in November 2018 (tbc)	Tokyo, Japan	To address all items

Bridging the Standardization Gap (BSG):

Welcome and guided tour for newcomers;
SG17 orientation session with SG17 overview presentation given by SG17 Chairman;
BSG hands-on training session for 11 participants from 7 developing countries.
Informal gathering of SG17RG-AFR and SG17RG-ARB

Tutorial presentations:

Six tutorials (TD1244) on thematic subjects including AI/ML for Cybersecurity, 3GPP SA3 work on 5G Security, Security Control Expressions & the Universal Security Control Syntax Language, Technical applications of blockchain to UN/CEFACT, and GDPR Overview.

Participation:

168 participants (188 announced): 37 Member States (39 countries), 21 Sector Members, (4 Associates), and 2 Academia. 8 invited experts.
9 partial fellowships granted: Afghanistan, Bangladesh, Benin, Burundi, Central Africa, Comoros, Gambia, Senegal, Sudan
1 new associate (IDQ(Switzerland))
2 new academia (Florida Atlantic Univ (US), IRT SystemX(France))
4 New Member States participation: Angola, El Salvador, Gambia, Qatar
SG17 vice chairmen absent: Patrick-Kennedy KETTIN ZANGA (Central Africa), Gökhan EVREN (Turkey), Hugo Darío MIGUEL (Argentina) and Wala Latrous (Tunisia).

Other highlights:

SG17 plenary organized 3 sessions to discuss transformation of security study, and on trial bases held 2 incubation discussion sessions on NWI proposals related to secure quantum communication.
JCA-IdM held its 25^th meeting on 31 August 2018. ITU-T SG17 received updates from FIDO Alliance, Sovrin Fondation, ISO/IEC JTC 1/SC 27/WG5 and Q10/17.

Correspondence Groups:

CG-cybex was terminated.

CG-xss (correspondence group on transformation of security study) will continue.

Meeting input and organization:

Contributions: 144 - ever increasing (past meetings: 113, 106, 78, 81, 66, 74, 80)

Contribution# from: APT (100 (69%) (= China 55 (38%), Korea 33, Japan 7, India 2, Iran 3)), Americas (10), EUR (28), AFR (6), ARAB (1), LAM (0).

TDs: 420 (previous meeting: 395, 426, 368, 391, 418, 371, 386), including 40 incoming liaison statements and 37 outgoing liaison statements; 79 prepared by SG17 secretary.

252 sessions (previous meeting: 249, 204) were organized, up to 12 parallel meetings per quarter.

27 sessions (previous meeting: 25, 11) used remote participation

Annex A
Actions taken on Recommendations, and other texts at the 7 September 2018 SG17 plenary

a) TAP Recommendations approved (WTSA-16 Resolution 1):

The SG17 plenary meeting approved (TAP) the following draft new/revised ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
6/17	X.1361 (X.iotsec-2)	Security framework for Internet of Things based on the gateway model	New	Xia Junjie, Heung-Youl Youm	TD1529		2015-04	2018-09

Approval of the above Recommendations will be announced by TSB Circular in Sept 2018.

b) TAP Recommendations not approved (WTSA-16 Resolution 1):

None.

c) Amendment approved, Corrigendum approved, Supplements agreed:

The SG17 plenary meeting agreed or approved the following texts.

	Q	Acronym	Title	New / Revised	Editor(s)	Location of Text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	3/17	X.sup13-rev	Revision of Supplement 13	Rev	Yutaka Miyake Kyeong Hee Oh	TD1524R3		2016-09	2018-09
2.	5/17	X.Supl.33 (X.sup-ctss)	Supplement to ITU-T X.1231 Technical framework for countering telephone service scam	New	Gao Feng Nan Jiang Junjie Xia Chen Zhang Yanbin Zhang	TD1472		2016-09	2018-09
3.	12/17	Z.Imp100rev	Z.Imp100 Specification and Description Language implementer's guide - Version 3.0.2	Rev	Rick Reed	TD1378		2017-09	2018-09

d) Recommendations determined (TAP – WTSA-16 Resolution 1):

The SG17 plenary meeting determined (TAP) the following draft new/revised ITU-T Recommendations in accordance with WTSA-16 Resolution 1, Section 9.

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	4/17	X.1215 (X.ucstix)	Use cases for Structured Threat Information Expression	New	Jong-Hyun Kim, Jihye Kim, Heung Youl Youm, Ik-Kyun Kim	TD1541R2			2018-09
2.	5/17	X.1249 (X.tfcma)	Technical Framework for Countering Mobile in-application Advertising Spam	New	Hongwei Luo, Laifu Wang, Xin Wang	TD1450R1		2015-09	2018-09
3.	6/17	X.1042 (X.sdnsec-1)	Security services using the Software-defined networking	New	Hyoungshick Kim, JungSoo Park	TD1543R2		2014-09	2018-09

Member States consultation will be launched by TSB Circular in Oct 2018 after editorial checking. Further updates will be posted at http://www.itu.int/ITU-T/studygroups/com17

e) AAP Recommendations consented for Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to the following draft new/revised ITU-T Recommendations and Technical Corrigenda for Last Call according to Recommendation ITU-T A.8:

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	7/17	X.1450 (X.hakm)	Guidelines on hybrid authentication and key management mechanisms in client-server model	New	Jung Yeon Hwang, Kyu Young Choi, Sangrae Cho	TD1490R1		2015-04	2018-09
2.	7/17	X.1147 (X.srfb)	Security Requirements and Framework for Big Data Analytics in Mobile Internet Services	New	Junjie Xia, Feng Gao, Jongyoul Park, Nan Jiang	TD1477R4		2016-08	2018-09
3.	9/17	X.1093 (X.tac)	Telebiometric Access Control with smart ID Card	New	Myung Geun Chun	TD1504R1		2017-03	2018-09
4.	10/17	X.1277 (X.uaf)	FIDO Universal Authentication Framework (UAF)	New	Abbie Barbir, David Turner	TD1572R1	FIDO	2018-09	2018-09
5.	10/17	X.1278 (X.ctap)	Client To Authenticator Protocol/Universal 2-factor authentication framework.	New	Abbie Barbir, David Turner	TD1557R1	FIDO	2018-09	2018-09
6.	11/17	X.894 (X.cms-prof)	Cryptographic Message Syntax (CMS) profile	New	Jean-Paul Lemaire	TD1442R2	ISO24-4 2018	2017-09	2018-09
7.	11/17	X.676 (X.orf-gs)	Object identifier-based resolution framework for IoT grouped services	New	Younghwan Choi JungSoo Park	TD1563R2			2018-09
8.	12/17	Z.100 Annex F1	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: General overview	Rev	Rick Reed, Edel Sherratt	TD1374R2		2017-03	2018-09
9.	12/17	Z.100 Annex F2	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Static semantics	Rev	Rick Reed, Edel Sherratt	TD1375R2		2017-03	2018-09
10.	12/17	Z.100 Annex F3	Specification and Description Language - Overview of SDL-2010 - SDL formal definition: Dynamic semantics	Rev	Rick Reed, Edel Sherratt	TD1376		2017-03	2018-09
11.	12/17	Z.151	User Requirements Notation (URN) - Language definition	Rev	Gunter Mussbacher	C347		2015-09	2018-09
12.	12/17	Z.161rev	Testing and Test Control Notation version 3: TTCN-3 core language	Rev	Dieter Hogrefe	TD1456	ETSI ES 201 873-1	2017-09	2018-09
13.	12/17	Z.161.2rev	Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment support	Rev	Dieter Hogrefe	TD1453	ETSI ES 202 781	2017-09	2018-09
14.	12/17	Z.161.4rev	Testing and Test Control Notation version 3: TTCN-3 language extensions: Behaviour types	Rev	Dieter Hogrefe	TD1454	ETSI ES 202 785	2017-09	2018-09
15.	12/17	Z.161.6rev	Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced Matching	Rev	Dieter Hogrefe	TD1455	ETSI ES 203 022	2017-09	2018-09
16.	12/17	Z.166rev	Testing and Test Control Notation version 3: TTCN-3 control interface (TCI)	Rev	Dieter Hogrefe	TD1457	ETSI ES 201 873-6	2017-09	2018-09
17.	12/17	Z.167rev	Testing and Test Control Notation version 3: Using ASN.1 with TTCN-3	Rev	Dieter Hogrefe	TD1458	ETSI ES 201 873-7	2017-09	2018-09
18.	12/17	Z.169rev	Testing and Test Control Notation version 3: Using XML schema with TTCN-3	Rev	Dieter Hogrefe	TD1459	ETSI ES 201 873-9	2017-09	2018-09
19.	12/17	Z.171rev	Testing and Test Control Notation version 3: Using JSON with TTCN-3	Rev	Dieter Hogrefe	TD1460	ETSI ES 201 873-11	2017-09	2018-09

These Recommendations will enter AAP Last call in Sept-Oct 2018.

f) Work items planned for action in next SG17 meeting:

	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	2/17	X.sdnsec-3	Security guideline of Service Function Chain based on software defined network	New	Feng Zhang, Min Zuo, Junjie Xia, Zhiyuan HU, JungSoo Park	TD1527R1			2019-01
2.	3/17	X.grm	Risk management implementation guidance on the assets of telecommunication organizations accessible by global IP-based networks	New	Chen Zhang, Bo Yu Yunbo Feng	TD1491R1		2014-09	2019-01
3.	6/17	X.secup-iot *	Secure Software Update Procedure for IoT Devices	New	Takeshi Takahashi, Koji Nakao, Yunchul Choi	TD1547		2017-09	2019-01
4.	6/17	X.iotsec-3*	Technical framework of PII (Personally Identifiable Information) handling system in IoT environment	New	Yutaka Miyake, Bo Yu	TD1500R2		2017-03	2019-01
5.	9/17	X.tab	Telebiometric authentication using bio-signals	New	Jason Kim	TD1494R1			2019-01
6.	10/17	X.Sup-1254rev**	Supplement to X.1254rev on use cases and high level abstract implementations	New	Junjie Xia, Bo Yu, Feng Zhang	TD1070		2018-03	2019-01
7.	12/17	Z.109rev	Specification and Description Language - Unified modeling language profile for SDL-2010	Rev	Alexander Kraas				2019-01
8.	13/17	X.stcv*	security threats in connected vehicles	New	Koji Nakao, Seungwook Park, Sang-Woo Lee, ChangOh Kim	TD1605R1		2018-03	2019-01

Annex B
New work items

The following new work items were agreed to be added to the SG17 work programme:

	Q	Acronym	Title	New/ Revised	AAP/TAP/ Agreement	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Timing⁽¹⁾
1.	3/17	X.sup-csc**	Supplement on critical security controls for telecommunications organizations information and network security management in support of ITU-T X.1051	New	Agreement	Payen Patrice, Taddei Arnaud, Mustafa Thaib	TD1469R2		2020-09
2.	4/17	X.qrng-a	Quantum noise random number generator architecture	New	AAP	Sean Kwak, Charles Harvey, Warner Miller,	TD1495R4		2019-09
3.	4/17	TR.sec-qkd**	Technical report on security framework for quantum key distribution in telecom network	New	Agreement	Sean Kwak	TD1496R4		2020-09
4.	5/17	X.tfcmms*	Technical framework for countering multimedia messaging service spam	New	TAP	Wei Liu, Jinfeng Kou, Tao Ye, Zhaoji Lin	TD1564R1		2021-09
5.	6/17	X.elf-iot *	Standard format of IoT error logs for security incident operations	New	TAP	Koji Nakao, Kiyotaka ATSUMI	TD1550R3		2020-03
6.	6/17	X.amas-iot*	Aggregate Message Authentication Scheme with Group Authentication Capability for IoT environment	New	TAP	Koji Nakao	TD1551R1		2020-03
7.	6/17	X.sc-iot*	Security Controls for Internet of Things (IoT) system	New	TAP	Koji Nakao, Liu Lijun	TD1552R1		2020-03
8.	6/17	X.iotsec-4*	Security Requirements for IoT devices and gateway	New	TAP	Hosoek Ryu, Miyeon Yoon, Wonsuk Chung	TD1568R1		2021-09
9.	6/17	X.5Gsec-t*	Security framework based on trust relationship in 5G ecosystem	New	TAP	Junzhi Yan, Jin Peng Minpeng Qi, HeungYoul Youm	TD1506R3		2021-03
10.	7/17	X.tfrca	Technical framework of risk control to support authentication	New	AAP	Min Zuo, Xin Wang	TD1493R3		2020-10
11.	8/17	X.sgcc	Security Guidelines for Container in cloud computing environment	New	AAP	Ye Tao, Lei Xu, Laifu Wang, Lanfang Ren	TD1537R1		2020-10
12.	9/17	X.b2m	Biology to Machine Protocol	New	AAP	John Caras, Erik Andersen, Myung Geun Chun	TD1558		2020-03
13.	11/17	X.500 Amd.1	Proposed draft 1st amendment to Rec. ITU-T X.500 (2016) \| ISO/IEC 9594-1:2017	Amd	AAP	Erik Anderson	C312		2019
14.	11/17	X.501 Amd.1	Proposed draft 1st amendment to Rec. ITU-T X.501 (2016) \| ISO/IEC 9594-2:2017	Amd	AAP	Erik Anderson	C314		2019
15.	11/17	X.509Amd.1	Proposed draft 1st amendment to Rec. ITU-T X.509 (2016) \| ISO/IEC 9594-8:2017	Amd	AAP	Erik Anderson	C316r1		2019
16.	11/17	X.511 Amd.1	Proposed draft 1st amendment to Rec. ITU-T X.511 (2016) \| ISO/IEC 9594-3:2017	Amd	AAP	Erik Anderson	C318		2019
17.	11/17	X.518 Amd.1	Proposed draft 1st amendment to Rec. ITU-T X.518 (2016) \| ISO/IEC 9594-4:2017	Amd	AAP	Erik Anderson	C320		2019
18.	11/17	X.519 Amd.1	Proposed draft 1st amendment to Rec. ITU-T X.519 (2016) \| ISO/IEC 9594-5:2017	Amd	AAP	Erik Anderson	C323		2019
19.	11/17	X.520 Amd.1	Proposed draft 1st amendment to Rec. ITU-T X.520 (2016) \| ISO/IEC 9594-6:2017	Amd	AAP	Erik Anderson	C325		2019
20.	11/17	X.521 Amd.1	Proposed draft 1st amendment to Rec. ITU-T X.521 (2016) \| ISO/IEC 9594-7:2017	Amd	AAP	Erik Anderson	C327		2019
21.	11/17	X.525 Amd.1	Proposed draft 1st amendment to Rec. ITU-T X.500 (2016) \| ISO/IEC 9594-1:2017	Amd	AAP	Erik Anderson	C312		2019
21.	13/17	X.edrsec*	Security guidelines for cloud-based event data recorders in automotive environment	New	TAP	Sang-Woo Lee, Whapyeong Lim Aram Cho, Seungwook Park	TD1520R1		2021-09
22.	13/17	X.eivnsec*	Security guideline for Ethernet-based In-Vehicle networks	New	TAP	Sang-Woo Lee, You-Sik Lee	TD1519R1		2021-09
23.	13/17	X.fstiscv*	Framework of security threat information sharing for connected vehicles	New	TAP	Min Shu, Yunwei Zhao, Xiaochun Yun, Wenlei Wang	TD1522R1		2021-09
24.	13/17	X.1373rev*	Secure software update capability for intelligent transportation system communication devices	Rev	TAP	Koji Nakao, Sang-Woo Lee, Aram Cho, Seungwook Park	TD1523		2019-09
25.	14/17	X.srip-dlt*	Security requirements for intellectual property management based on distributed ledger technology	New	TAP	Min Shu, Yunwei Zhao, Yuhee Ki, Wenlei Wang, Yang Wu, Jung Yeon Hwang	TD1479R3		2020-09

Notes:

Target date for consent or determination of Recommendations or for agreement of Supplements or non-normative text.
*: for determination, **: for agreement

Annex C
Work items Removed

The following 7 work items were agreed to be deleted from the SG17 work programme:

	Q	Acronym	Title
1.	3/17	X.cins	Information technology - Security techniques - Guidelines for cyber insurance
2.	4/17	X.metric	Metrics for evaluating threat and resilience in cyberspace
3.	9/17	X.th2	Telebiometrics related to physics
4.	9/17	X.th3	Telebiometrics related to chemistry
5.	9/17	X.th4	Telebiometrics related to biology
6.	9/17	X.th5	Telebiometrics related to culturology
7.	9/17	X.th6	Telebiometrics related to psychology