International Telecommunication Union ITU-T Seminar – Lisbon, 25 June 2002 ITU-T Activities on Security Greg Jones ITU Telecommunication Standardization.

International Telecommunication Union

ITU-T Seminar – Lisbon, 25 June 2002

ITU-T ActivitiesITU-T Activitieson Securityon Security

Greg JonesITU Telecommunication Standardization

Sector (ITU-T)[email protected]

225 June 2002


ITU-ITU-TT

ITU-T Study Groups

o SG 2 Operational aspects of service provision, networks and performance

o SG 3 Tariff and accounting principles including related telecommunications economic and policy issues

o SG 4 Telecommunication management, including TMN o SG 5 Protection against electromagnetic environment effects o SG 6 Outside plant o SG 9 Integrated broadband cable networks and television and sound

transmission o SG 11 Signalling requirements and protocols o SG 12 End-to-end transmission performance of networks and terminals o SG 13 Multi-protocol and IP-based networks and their internetworking o SG 15 Optical and other transport networks o SG 16 Multimedia services, systems and terminals o SG17 Data networks and software for Telecommunicationo SSG Special Study Group "IMT-2000 and beyond" o TSAG Telecommunication Standardization Advisory Group

325 June 2002


ITU-ITU-TT

Lead Study Groups

o SG 2 Service definition, numbering and routing o SG 4 TMN o SG 9 Integrated broadband cable and television

networkso SG 11 Intelligent networks o SG 12 Quality of Service and performanceo SG 13 IP related matters, B-ISDN, Global Information

Infrastructure and satellite matterso SG 15 Access network transport and optical technologyo SG 16 Multimedia services, systems and terminals and on

e-business and e-commerceo SG17 Communication system security, frame relay,

languages and description techniqueso SSG IMT 2000 and beyond and for mobility

425 June 2002


ITU-ITU-TT

Communication system security

o WTSA & TSAG• Request to all study groups to coordinate on

telecommunication reliability and securityo SG 17 – Coordination of ITU-T security studies

• X.509, X.842, X.843o SG 16 – Multimedia services

• ETS – Emergency Telecommunication Serviceso SG 13 – Network reliability

• Network requirements and capabilities to support emergency services

o SG 2 – Service aspects• Security requirements and incident handling

525 June 2002


ITU-ITU-TT

ITU-T SG 17 security focus

o Authentication (X.509/X.842/X.843)• Public Key Infrastructure

o Security Management• Risk assessment, identification of assets

and implementation characteristics o Telebiometrics

• Telebiometric methods, devices and solutions for security purposes

o Mobile Security • For low power, small memory size and

small display devices

625 June 2002


ITU-ITU-TT

Key studies in ITU-T SG 16

o Question G - “Multimedia Security”o Secure H.323-based IP Telephonyo H.235 and associated security profileso H.248 Media Gateway Decomposition

Securityo Secure H.320 Audio/Video and T.120

Data Conferencingo Emergency Telecommunications

Services

725 June 2002


ITU-ITU-TT

Key studies in ITU-T SG 9

o IPCablecom project• Interactive services over cable TV

networks using IP protocol• ITU-T Rec. J.170

IPCablecom security specification• Types of threat in IPCablecom:

• Network attacks• Theft of service• Eavesdropping• Denial of Service

825 June 2002


ITU-ITU-TT

Other studies in SG 2 and 13

o Draft new ITU-T Rec. E.sec.1 (SG 2)• Telecommunication networks security

requirements

o Draft new ITU-T Rec. E.sec.2 (SG 2)• Incident Organisation and Security

Incident Handling (Guidelines)• Guidelines on threats and countermeasures

o Draft new ITU-T Rec. Y.roec (SG 13) • Network reliability

925 June 2002


ITU-ITU-TT

Special Projectso IMT-2000 Network Aspects (SSG)o Call Back (SG 3)o Accounting Rate Reform (SG 3)o TMN (SG 4)o IP Cablecom (SG 9)o Quality of service and performance (SG 12) o IP (SG 13)o Global Information Infrastructure (SG 13)o Access Networks (SG 15)o Optical Networks (SG 15)o Mediacom 2004 (SG 16)o JVT – Joint Video Team (SG 16)o E-commerce and E-business (SG 16)o ASN.1 & Language coordination (SG 17)o Communication system security (SG 17)

1025 June 2002


ITU-ITU-TT

Key products

o Catalogue of ITU-T security Recommendations• (see

www.itu.int/itudoc/itu-t/com17/activity/cat003_ww9.doc)

o Compendium of security terms• (see

www.itu.int/itudoc/itu-t/com17/activity/def003.html)

1125 June 2002


ITU-ITU-TT

security definitions

o Example: Definitions of public-key• 3.3.43/X.509

• (In a public key cryptosystem) that key of a user’s key pair which is publicly known.

• 3.3.11/X.810• A key that is used with an asymmetric

cryptographic algorithm and that can be made publicly available.

(See itu.int/ITU-T/studygroups/com17/cssecurity.html)

1225 June 2002


ITU-ITU-TT

Recommendations related to communication systems

security

o Example: ITU-T Rec. X.509• Information technology - Open Systems

Interconnection - The directory: Public-key and attribute certificate frameworks (03/00 – version 4)

• This Recommendation defines a framework for public-key certificates and attribute certificates…

• Uses Abstract Syntax Notation 1 (ASN.1)

(See itu.int/ITU-T/studygroups/com17/cssecurity.html)

1325 June 2002


ITU-ITU-TT

ITU-T publications

o Recommendationso WTSA Resolutionso Appendiceso Supplementso Handbookso Directiveso ITU Operational Bulletin

1425 June 2002


ITU-ITU-TT

Worshops and seminars planned

o IPv6Geneva, 6 May 2002

o SecuritySeoul, Republic of Korea, 13-14 May 2002

o IMT-2000 and Systems BeyondOttawa, Canada, 28 May 2002

o IP/OpticalChitose, Japan, 9-11 July 2002

o Workshop on Use of Description TechniquesGeneva, 23 November 2002

o Role of Satellites in IP-based and Multimedia Networks and ServicesGeneva, 9-11 December 2002

1525 June 2002


ITU-ITU-TT

Seoul, May 2002

o ITU-T Workshop on Security13-14 May 2002

o Security World Expo 200215-18 May 2002 (www.secuexpo.com)

o ITU workshop - Creating trust in critical network Infrastructures20-22 May 2002

1625 June 2002


ITU-ITU-TT

Cooperation

o A.4 – Communication with forums/consortiao A.5 – Organizations qualified for referencingo A.6 – Communication with SDOso MoUs

• MoU ICANN Protocol Supporting Organization, 14 July 1999

• MoU between IEC, ISO, ITU and UN/ECE Concerning Standardization in the Field of Electronic Business, 24 March 2000

• MoU between ITU and ETSI, 14 June 2000o Informal Forum summito “ITU-T and Forums” web page

1725 June 2002


ITU-ITU-TT

Security collaboration

o ISO/IEC JTC1 SC 6 & SC 27o IETFo OASIS

1825 June 2002


ITU-ITU-TT

Freely accessible web resources

o ITU-T patent databaseo International numbering resources

o A.4, A.5 and A.6 recognized

organizationso Terms and definitionso List of ITU-T Recommendationso ITU-T Work programmeo ASN.1 module database – new

1925 June 2002


ITU-ITU-TT

ITU-T Databases on ITU-T website

o ASN.1 Module Database o ITU-T Patents Databaseo International Numbering Resources o Recognized SDOs for Recs. A.4, A.5 & A.6 o Terms & Definitions Databaseo List of ITU-T Recommendationso ITU-T Work Programme Database

• ITU-T Work Programme Database Search• Standardization Areas, Domains and their

Codes

2025 June 2002


ITU-ITU-TT

Ensuring global interoperability

o Quality of Service (QOS)o Numbering and routingo Communication Systems Securityo Tariffs and Accounting rateso Interworking

International Telecommunication Union


Thank You!Thank You!

ITU-T Contacts:ITU-T Communication & promotion:

Greg Jones - [email protected] Androuchko -

[email protected] Study Group 17 Secretariat:Georges Sebek – [email protected]

International Telecommunication Union ITU-T Seminar – Lisbon, 25 June 2002 ITU-T Activities on Security Greg Jones ITU Telecommunication Standardization.

Documents

International Telecommunication Union ITU-T Seminar – Lisbon, 25 June 2002 ITU-T Activities on Security Greg Jones ITU Telecommunication Standardization.