Summary of Results Study Period 2005-2008 ITU-T Study Group 17 Security, Languages and Telecommunication Software Herbert Bertine

Summary of ResultsStudy Period 2005-

2008

ITU-T Study Group 17Security, Languages and

Telecommunication Software

Herbert Bertine

InternationalTelecommunicationUnion

2

ITU-T Study Group 17Security, Languages and Telecommunication Software

Contents

Terms of referenceHighlights of achievementsProjectsFuture workConclusions

Supplemental slides


3


Terms of Reference

Responsible for studies relating to security, the application of open system communications including networking and directory, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems.

Lead Study Group for: – Telecommunication security– Languages and description techniques


4


Highlights of achievements (I)SG 17 successfully transitioned into a core competency center on security averaging 114 participants SG 17 examined 641 contributions and 2800+ TDs and drew up 88 new or revised Recommendations43 Recommendations currently under AAP or TAP66 draft new/revised Recommendations currently under development for approval in the next study period2 Lead Study Group responsibilities, 3 Focus Groups, 2 JCAs, and 2 Projects were very activeIncreased collaboration with SDOs (eg, joint texts)


5


Highlights of achievements (II)Lead study group for Telecommunication Security

– Close coordination with other SGs and SDOs on security; Security Standards Roadmap developed

– Establishment of a Joint Coordination Activity on Identity Management (JCA-IdM)

Lead study group for Languages and Description Techniques

– Progress on ITU-T languages driven by Language Coordination entity

– Establishment of a Joint Coordination Activity on Conformance and Interoperability Testing (JCA-CIT)

Study Group 17 has managed Focus Groups on– User Requirements Notation (URN)– Security Baseline for Network Operators (SBNO)– Identity Management (IdM)


6


Security (WP 2) Highlights (I)Security Architecture and Frameworks

– 4 Recs and 1 Supplement on aspects of network securityCybersecurity

– In support WTSA-04 Resolution 50– Overview of Cybersecurity (X.1205)– X.1206 (spyware) and X.1207 (dissemination of updates)– Extended and adopted OASIS CAP for emergency services

Identity Management (IdM)– Leveraging significant deliverables from FG-IdM– 2 Recs (X.1250, X.1251) in TAP, many under development– Intense work program; many collaborations; difficult

Countering Spam– In support WTSA-04 Resolution 52– 3 Recs approved, 1 in TAP, 4 under development


7


Security (WP 2) Highlights (II)Information Security Management

– Guidelines for telecommunications organizations (X.1051) with JTC1/SC27 (part of ISO/IEC 27000-series on ISMS)

– Incident Management and Risk Management Guidelines Secure applications and services

– Security for home network, mobile communications, peer-to-peer communications, web services, IPTV, NID, …

– Markup languages SAML and XACML with OASISTelebiometrics

– Interworking protocol, authentication protocol, digital key framework, data security, safety aspects with ISO & IEC

Communications systems security– In support WTSA-04 Resolution 50– Security baseline for network operators (from FG-SBNO)– Security project (see separate slide)


8


Language (WP 3) HighlightsASN.1 and OIDs

– New edition of ASN.1 (X.680/690-series) with JTC1/SC6– New edition of Registration Authorities for OIDs (X.660/X.670-

series) with JTC1/SC6– ASN.1 and OID project (see separate slide)

SDL, MSC, URN, UML– Deliverable from FG-URN basis for Z.151 on URN– Z.100, Z.109 on SDL, Z.111 on notations, Z.119 on UML,

Z.120 Appendix on Application of MSC– SDL update planned for 2009– Updated Z.110 on FDTs and Z.140 on quality of Recs

Open Distributed Processing (ODP)– New X.906 and revised X.911 with JTC1/SC7

Testing languages and methodologies– New edition of TTCN (Z.160/170-series) with ETSI– Two Supplements on interoperability testing


9


Open Systems (WP 1) HighlightsEnd-to-end Multicast with QoS

– Relayed multicast and multicast transport with JTC1/SC6

Directory– New edition of X.500-series Directory Recommendations

including widely implemented X.509 with JTC1/SC6– E.115 was kept up-to-date to serve the increasing

requirements for directory assistance service providers

OSI– Implementers’ Guide issued

Internationalized Domain Names (IDN)– In support WTSA-04 Resolution 48– Questionnaire issued and responses analyzed– Webpage on IDN created and maintained


10


Security Project(Major focus is on coordination and outreach)

Security coordination– Within SG 17, with ITU-T SGs, with ITU-D and externally– Kept TSAG, IGF, ISO/IEC/ITU-T SAG-S informed on security efforts– Made presentations to workshops/seminars and to GSC– Maintained reference information on the LSG on security webpage

Security Compendium– Includes catalogs of approved security-related Recommendations

and security definitions extracted from approved Recommendations

Security Standards Roadmap– Includes searchable database of approved ICT security standards

from ITU-T and others (e.g., ISO/IEC, IETF, ETSI, IEEE, ATIS)ITU-T Security manual – assisted in its development

Survey of developing countries ICT security needs– The overall level of concern about cyber security is high– There is a high level of interest in the possibility of obtaining advice

and/or assistance on ICT security from the ITU– The ITU needs to do a better in promoting its ICT security products


11


ASN.1 and OID ProjectASN.1 (Abstract Syntax Notation One)

– A formal notation that is widely used for describing (binary or XML-encoded) data transmitted by telecommunications protocols

– Project provides speakers and tutorial material to assist users of ASN.1 within and outside of the ITU

– Project maintains a freely accessible database of error-free, compilable ASN.1 modules contained in ITU-T Recommendations and some additional modules from ISO/IEC and IETF to facilitate accurate implementation of protocols

– Database: http://www.itu.int/ITU-T/asn1/database (>650 modules)

Object identifiers (OIDs) and associated registration– Many standards define objects for which unambiguous identification

is required (e.g., PKI, network management, directories, …); the OID tree is a hierarchical naming structure for these objects that is managed in a decentralized way

– Recently extended to include identifiers in any natural language – Project helps people and organizations to set up a Registration

Authority for their OIDs (>25 Member States have been helped) – OID Repository: http://www.oid-info.com (gathers >93000 OIDs)


12


Future Work (I)Improving security and trust in networks is a top imperative for the ITU-TIt is essential to a have a SG focused on security with a substantial and critical work program that will attract technical security experts needed to advance the workNeed the right balance between centralized and distributed work on security with effective coordinationStrengthened relationships and coordinated actions are needed on cybersecurity with ITU-D and Secretary GeneralExcellent collaboration with other bodies on security has been established (e.g., ISO/IEC JTC 1, OASIS, Liberty Alliance, ...) and needs to be strengthened and broadenedImproved awareness is needed of SG 17 security material and tools (highlighted by security Questionnaire responses)SG 17 would benefit by increased participation from under-represented regions


13


Future Work (II)SG 17 proposed 16 Questions for the next study period, including 1 new on service oriented architecture securityAssociated with this work should be lead study group responsibilities for Security, Identity management, and Languages and description techniques66 draft Recommendations are already under preparation for approval in the next study periodAll SG 17 leaders (except for IDN) are continuing their responsibilities uninterrupted during the interregnum periodSecurity and ASN.1 & OID Projects as well as JCA-IdM and JCA-CIT need to continue given their important contributionsBreakthrough is needed for the essential security work on Identity, Identity management and Personally identifiable information Restructuring of WPs is essential to achieve stronger integration of ASN.1, OID and Directory with core security


14


Conclusion

Participation to SG 17 has increased during the study period to maintain well above 100 participantsSG 17 has successfully transitioned this study period to security as its main focus with a core set of security expertsWithin security work, has significantly build-up participation and energy in Identity ManagementSG 17 has build strong relations with other key bodies working on security and initiated numerous collaborative effortsSG 17 has promoted and disseminated ITU-T security work (e.g., workshops, security roadmap); its achievements are well recognized


15


Supplemental Slides

Management teamStructureLeadership for other groups (JCAs and FGs)StatisticsWorkshops (with SG 17 leadership / participation)Acknowledgements


16


Management Team (I)

Chairman Herbert V. BERTINE USA

Vice-Chairmen Jianyong CHEN China

Byoung-Moon CHIN Korea

Arkadiy KREMER Russia

Arve MEISINGSET Norway

Ostap MONKEWICH Canada

Yu WATANABE Japan


17


Management Team (II)

WP Chairmen Byoung Moon CHIN WP 1/17

Yu WATANABE WP 2/17

Ostap MONKEWICH WP 3/17

TSB Georges SEBEK Counsellor

Xiaoya YANG Counsellor

Gabrielle REGAN Assistant

Isabelle GARDE Assistant


18


Study Group StructureWP 1/17, Open Systems TechnologyMulticast communications, directories, internationalized domain names and maintenance of OSI Recommendations

WP 2/17, Telecommunication SecurityITU-T security project, development of the generic security-related Recommendations including Identity Management (IdM) in support of ITU-T’s work

WP 3/17, Languages and Telecommunication softwareASN.1 and OID project, development of ITU-T formal languages, support of ITU-T activities on conformance and interoperablity testing (CIT)

Joint coordination activities (JCA-IdM, JCA-CIT)

Focus groups (FG URN, FG SBNO, FG IdM)** all terminated


19


Leadership for SG 17-related other groups (I)

JCA-IdM– Co-Conveners: Richard BRACKNEY, Chae-Sub LEE,

Olivier DUBUISSON– Represented: TSAG, SGs 2, 3, 4, 5, 6, 9, 11, 12, 13, 15, 16,

17, 19, ATIS, FIDIS, GSMA, ISO/IEC JTC1/SC6, ISO/IEC JTC1/SC27/WG5, ISO/IEC JTC1/SC17, Liberty Alliance, OECD, Eclipse (Higgins Project), Concordia

JCA-CIT– Convener: Ostap MONKEWICH

– Represented: SGs 4, 11, 13, 16, 17, 19


20


Leadership for SG 17-related other groups (II)

FG URN (Established 11 2000; Terminated 04 2005)

– Chairman: Daniel AMYOT

FG SBNO (Established 10 2005; Terminated 09 2007)

– Chairman: Arkadiy KREMER– Vice-Chairman: Luis Sousa CARDOSO

FG IdM (Established 12 2006; Terminated 09 2007)

– Chairman: Abbie BARBIR– Vice-Chairman: Antony NADALIN, Richard

BRACKNEY


21


Focus Group URN - Key FactsFocus Group URN established: 11 2000

Work electronically email wikiworkshops

Members: PractitionersResearchersUser communities

Deliverables: 5– Language requirements and frameworkZ.150– Language definition Z.151– Use case map notation draft– Methodological approach draft– UML profile for URN draft

Terminated: 04 2005

Work continues within: Question 12/17


22


Focus Group SBNO - Key Facts

FG SBNO established: 10 2005

Meetings: Associated to regional events

Members: Network operators,Administrations,ICT companies,Academia

Deliverables: 2– Survey on security baseline for

network operators 2006-2007– Proposed draft Recommendation X.sbno X.Sup2 (09 2007)

Terminated: 09 2007

Work continues within: Question 4/17


23


Focus Group IdM - Key FactsFG IdM established: 12 2006

Meetings: 5– face-to-face every 1,5 month– Electronic email, wiki

Members: ITU-T and other SDO members, ICT

experts

Deliverables: 6 reports on– Activities completed and proposed– Deliverables– Identity management ecosystem and lexicon– Identity management use cases and gap analysis– Requirements for global interoperable identity management– Identity management framework for global interoperability

Terminated: 09 2007

Work continues within: IdM-GSI


24


Statistics (I)

45 rapporteur group meetings held (stand-alone, during GSI events or collaborative with ISO/IEC JTC 1/SC 6, 7, 27 or 37)

641 contributions received (excluding Rapporteur meetings)

7 SG meetings held5 WP 1, 2, 3 meetings held2 IdM-GSI events held (rapporteur groups)

Min/Max/Average SG participants: 88/141/114


25


Statistics (II)

88 New/Revised Recommendations approved, plus 43 Recommendations determined or consented66 draft new/revised Recommendations currently under development for approval in the next study period15 Questions assigned by WTSA-042 New Questions added during study period16 Questions proposed for next period


26


Workshops (I)Advancing public-private partnerships for e-business standardsGeneva, Switzerland, 18 – 19 September 2008 Joint ITU-T and SDL Forum Society workshop on "ITU System Design Languages"

Geneva, Switzerland, 15 – 16 September 2008 Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure ProtectionBuenos Aires, Argentina, 16-18 October 2007 WSC - Workshop on Transit SecurityGaithersburg, USA, 4-5 October 2007 Joint ITU-T SG 17, ISO/IEC JTC 1/SC 27/WG 5 and FIDIS Workshop on Identity Management Standards

Lucerne, Switzerland, 30 September 2007 ITU Workshop on Frameworks for National Action: Cybersecurity and Critical Information Infrastructure ProtectionGeneva, 17 September 2007 Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure ProtectionHanoi, Vietnam, 28-31 August 2007Second Informal Workshop on Conformance and Interoperability TestingGeneva, 08 December 2006


27


Workshops (II)ITU-T Workshop on Digital Identity for NGNGeneva, 05 December 2006 Telecommunication Standardization WorkshopMaputo, Mozambique 25-27 October 2006 Joint ITU-T/ OASIS Workshop and Demonstration of Advances in ICT Standards for Public Warning

Geneva, 19-20 October 2006 SAM 06Kaiserslautern, Germany, 31 May - 02 June 2006 ITU and UNESCO Global Symposium on Promoting the Multilingual InternetGeneva, 9-11 May 2006 Informal Workshop on Conformance and Interoperability TestingGeneva, 25 January 2006 Workshop on “New Horizons for Security Standardization”Geneva, 3 - 4 October 2005 SDL'05 Forum20-23 June, 2005, Grimstad, Norway ITU-T Workshop on NGN in collaboration with IETFITU Headquarters, Geneva, 1 - 2 May 2005 Cybersecurity Symposium IIMoscow, Russian Federation, 29 March 2005


28


Acknowledgements

Delegates with their many contributionsEditors in drafting texts for Recommendations Rapporteurs in leading work effortsLiaison officers in coordinating efforts with other bodiesProject leaders, Focus Group leaders, JCA leadersManagement team including Working Party chairmenTSB support – Counsellors, Assistants and other staff

Great thanks are due to the many people who have contributed to the enormous success of SG 17 during this study period:

Best wishes to all for the next study period


29


Thank you!Herbert Bertine is chairman of ITU-T Study Group 17. He has been

actively involved in the standards work of the ITU since 1975 and has held senior leadership positions since 1980. He has devoted extensive efforts in facilitating cooperation with SDOs. He

represents the ITU-T in ISO/IEC/ITU-T SAG on security and is the ITU-T liaison officer to ISO/IEC JTC 1. Herb also has been active in other arenas dealing with ICT standards including

ISO/IEC JTC 1/SC 6 and ANSI. He was instrumental in developing the collaborative procedures between ITU-T and JTC 1 (reflected in Rec. A.23) and in establishing the cooperative procedures with the IETF. Herb retired in November 2007. He was Director, Standards at Lucent

Technologies where he led Lucent’s standards efforts worldwide. He joined Bell Laboratories in June 1965 and spent his career in communication technologies. This included systems engineering work on modems, digital data systems, X.25 packet networks, open systems, and advanced communication systems. Since 1982, he had various responsibilities for corporate-wide standards management. In October 2006, Herb was awarded the American National Standards Institute

(ANSI) Edward Lohse Information Technology Medal for outstanding technical and managerial leadership in establishing international information technology and telecommunications standards and the methods by which they are produced. Herb has a Bachelor of Electrical Engineering degree and a Master of Electrical

Engineering degree from Rensselaer Polytechnic Institute. He is a member Eta Kappa Nu (EE Honor Society) and Tau Beta Pi (Engineering Honor Society) and of the Institute of Electrical and Electronic Engineers (IEEE).

Documents

Summary of Results Study Period 2005-2008 ITU-T Study Group 17 Security, Languages and Telecommunication Software Herbert Bertine