ITU-T Activities on Security

1
ITU-T Activitieson Security

• Greg Jones
• ITU Telecommunication Standardization Sector
  (ITU-T)
• greg.jones_at_itu.int

2
ITU-T Study Groups

• SG 2 Operational aspects of service provision,
  networks and performance
• SG 3 Tariff and accounting principles including
  related telecommunications economic and
  policy issues
• SG 4 Telecommunication management, including
  TMN
• SG 5 Protection against electromagnetic
  environment effects
• SG 6 Outside plant
• SG 9 Integrated broadband cable networks and
  television and sound transmission  
• SG 11 Signalling requirements and protocols
• SG 12 End-to-end transmission performance of
  networks and terminals
• SG 13 Multi-protocol and IP-based networks and
  their internetworking
• SG 15 Optical and other transport networks
• SG 16 Multimedia services, systems and terminals
  
• SG17 Data networks and software for
  Telecommunication
• SSG Special Study Group "IMT-2000 and beyond"
  
• TSAG Telecommunication Standardization Advisory
  Group

3
Lead Study Groups

• SG 2 Service definition, numbering and routing
• SG 4 TMN
• SG 9 Integrated broadband cable and television
  networks
• SG 11 Intelligent networks
• SG 12 Quality of Service and performance
• SG 13 IP related matters, B-ISDN, Global
  Information Infrastructure and satellite
  matters
• SG 15 Access network transport and optical
  technology
• SG 16 Multimedia services, systems and terminals
  and on e-business and e-commerce
• SG17 Communication system security, frame relay,
  languages and description techniques
• SSG IMT 2000 and beyond and for mobility

4
Communication system security

• WTSA TSAG
• Request to all study groups to coordinate on
  telecommunication reliability and security
• SG 17 Coordination of ITU-T security studies
• X.509, X.842, X.843
• SG 16 Multimedia services
• ETS Emergency Telecommunication Services
• SG 13 Network reliability
• Network requirements and capabilities to support
  emergency services
• SG 2 Service aspects
• Security requirements and incident handling

5
ITU-T SG 17 security focus

• Authentication (X.509/X.842/X.843)
• Public Key Infrastructure
• Security Management
• Risk assessment, identification of assets and
  implementation characteristics
• Telebiometrics
• Telebiometric methods, devices and solutions for
  security purposes
• Mobile Security
• For low power, small memory size and small
  display devices

6
Key studies in ITU-T SG 16

• Question G - Multimedia Security
• Secure H.323-based IP Telephony
• H.235 and associated security profiles
• H.248 Media Gateway Decomposition Security
• Secure H.320 Audio/Video and T.120 Data
  Conferencing
• Emergency Telecommunications Services

7
Key studies in ITU-T SG 9

• IPCablecom project
• Interactive services over cable TV networks using
  IP protocol
• ITU-T Rec. J.170IPCablecom security
  specification
• Types of threat in IPCablecom
• Network attacks
• Theft of service
• Eavesdropping
• Denial of Service

8
Other studies in SG 2 and 13

• Draft new ITU-T Rec. E.sec.1 (SG 2)
• Telecommunication networks security requirements
• Draft new ITU-T Rec. E.sec.2 (SG 2)
• Incident Organization and Security Incident
  Handling (Guidelines)
• Guidelines on threats and countermeasures
• Draft new ITU-T Rec. Y.roec (SG 13)
• Network reliability

9
Special Projects

• IMT-2000 Network Aspects (SSG)
• Call Back (SG 3)
• Accounting Rate Reform (SG 3)
• TMN (SG 4)
• IP Cablecom (SG 9)
• Quality of service and performance (SG 12)
• IP (SG 13)
• Global Information Infrastructure (SG 13)
• Access Networks (SG 15)
• Optical Networks (SG 15)
• Mediacom 2004 (SG 16)
• JVT Joint Video Team (SG 16)
• E-commerce and E-business (SG 16)
• ASN.1 Language coordination (SG 17)
• Communication system security (SG 17)

10
Key products

• Catalogue of ITU-T security Recommendations
• itu.int/itudoc/itu-t/com17/activity/cat003_ww9.doc
  
• Compendium of security terms
• itu.int/itudoc/itu-t/com17/activity/def003.html

11
security definitions
itu.int/ITU-T/studygroups/com17/cssecurity.html

• Example Definitions of public-key
• 3.3.43/X.509
• (In a public key cryptosystem) that key of a
  users key pair which is publicly known.
• 3.3.11/X.810
• A key that is used with an asymmetric
  cryptographic algorithm and that can be made
  publicly available.

12
Recommendations related to communication systems
security
itu.int/ITU-T/studygroups/com17/cssecurity.html

• Example ITU-T Rec. X.509
• Information technology - Open Systems
  Interconnection - The directory Public-key and
  attribute certificate frameworks (03/00 version
  4)
• This Recommendation defines a framework for
  public-key certificates and attribute
  certificates
• Uses Abstract Syntax Notation 1 (ASN.1)

13
ITU-T publications

• Recommendations
• WTSA Resolutions
• Appendices
• Supplements
• Handbooks
• Directives
• ITU Operational Bulletin

14
Workshops and seminars2002

• IPv6Geneva, 6 May 2002
• SecuritySeoul, Republic of Korea, 13-14 May 2002
• IMT-2000 and Systems BeyondOttawa, Canada, 28
  May 2002
• IP/OpticalChitose, Japan, 9-11 July 2002
• Workshop on Use of Description TechniquesGeneva,
  23 November 2002
• Role of Satellites in IP-based and Multimedia
  Networks and ServicesGeneva, 9-11 December 2002

15
Seoul, May 2002

• ITU-T Workshop on Security13-14 May 2002
• Security World Expo 200215-18 May 2002
  (www.secuexpo.com)
• ITU workshop - Creating trust in critical network
  Infrastructures20-22 May 2002

16
Cooperation

• A.4 Communication with forums/consortia
• A.5 Organizations qualified for referencing
• A.6 Communication with SDOs
• MoUs
• MoU ICANN Protocol Supporting Organization, 14
  July 1999
• MoU between IEC, ISO, ITU and UN/ECE Concerning
  Standardization in the Field of Electronic
  Business, 24 March 2000
• MoU between ITU and ETSI, 14 June 2000
• Informal Forum summit
• ITU-T and Forums web page

17
Security collaboration

• ISO/IEC JTC1 ? SC 6 SC 27
• IETF
• OASIS

18
Freely accessible web resources
itu.int/ITU-T/dbase

• ITU-T patent database
• International numbering resources
• itu.int/ITU-T/inr
• A.4, A.5 and A.6 recognized organizations
• Terms and definitions
• List of ITU-T Recommendations
• ITU-T Work programme
• ASN.1 module database new

19
ITU-T Databases on ITU-T website

• ASN.1 Module Database
• ITU-T Patents Database
• International Numbering Resources
• Recognized SDOs for Recs. A.4, A.5 A.6
• Terms Definitions Database
• List of ITU-T Recommendations
• ITU-T Work Programme Database
• ITU-T Work Programme Database Search
• Standardization Areas, Domains and their Codes

20
Ensuring global interoperability

• Quality of Service (QOS)
• Numbering and routing
• Communication Systems Security
• Tariffs and Accounting rates
• Interworking

21
Thank You!

• ITU-T Contacts
• ITU-T Communication promotion service
• Greg Jones - greg.jones_at_itu.int
• ITU-T Study Group 17 Secretariat
• Georges Sebek sebek_at_itu.int