itu-t perspectives on the standards-based security landscape (sg 17 main focus) abbie barbir, ph.d....
TRANSCRIPT
ITU-T Perspectives on the Standards-Based Security
Landscape (SG 17 Main Focus)
www.oasis-open.org
Abbie Barbir, [email protected] ITU-T Q6/17 Cybersecurity Question RapporteourOASIS IDTrust MS Steering Committe OASIS Telecom MS Co-chairOASIS TABISO JTC1 CAC SC6 Vice-ChairSenior Advisor CEA, SOA, Web Services, IdM, SecurityStrategic StandardsNortel
www.oasis-open.org
• Introduction to ITU• Security work at ITU Study Groups• SG 17 Security work• Higlight of Current Activities• Challenges
OutlineOutline
What is International Telecommunication Union (ITU) ?
Headquartered in Geneva, is the UN specialized agency for telecom
ITU-TITU-TTelecommunicationstandardization of
network and serviceaspects
ITU-DITU-DAssisting implementation
and operation oftelecommunications indeveloping countries
ITU-RITU-RRadiocommunicationstandardization and
global radio spectrummanagement
Study Group OrganizationStudy Group Organization
(TSAG)
(WTSA)(WTSA) SG 17, Security, Languages and Telecommunication Software
Lead Study Group on Telecommunication SecurityLead Study Group on Telecommunication Security
SG 2, Operational Aspects of Service Provision, Networks and Performance
SG 4, Telecommunication Management SG 5, Protection Against Electromagnetic Environment Effects SG 9, Integrated Broadband Cable Networks and Television and Sound Transmission SG 11, Signalling Requirements and Protocols SG 13, Next Generation Networks SG 15, Optical and Other Transport Network Infrastructures SG 16, Multimedia Terminals, Systems and Applications SG 19, Mobile Telecommunication Networks
Strategic Direction
Cybersecurity – one of the top priorities of the ITUCybersecurity – one of the top priorities of the ITU ITU’s role in implementing the outcomes of the World Summit on the
Information Society (WSIS) Plenipotentiary Resolution 140 (2006) Study of definitions and terminology relating to building confidence and
security in the use of information and communication technologies Plenipotentiary Resolution 149 (2006)
WTSA-04 Resolution 50, Cybersecurity – Instructs the Director of TSB to develop a plan to undertake evaluations of ITU-T “existing and evolving Recommendations, and especially signalling and communications protocol Recommendations with respect to their robustness of design and potential for exploitation by malicious parties to interfere destructively with their deployment”
WTSA-04 Resolution 52, Countering spam by technical means – Instructs relevant study groups “to develop, as a matter of urgency, technical Recommendations, including required definitions, on countering spam”
Highlights of current activities (1) ITU Global Cybersecurity Agenda (GCA)
A Framework for international cooperation in cybersecurity Five key work areas: Legal, Technical, Organisational, Capacity
Building, International Cooperation High-Level Experts (HLEG) working on global strategies
GCA/HLEG met 26 June 2008 to agree upon a set of recommendations on all five work areas for presentation to ITU Secretary-General
ISO/IEC/ITU-T Strategic Advisory Group on Security Coordinates security work and identifies areas where new
standardization initiatives may be warranted. Portal established. Workshops conducted.
Identity Management Effort jump started by IdM Focus Group which produced 6 substantial
reports (265 pages) in 9 months JCA –IdM and IdM-GSI established – main work is in SGs 17 and 13
Core security (SG 17) Covering frameworks, cybersecurity, countering spam, home
networks, mobile, web services, secure applications, telebiometrics, etc.
Work underway on additional topics including IPTV, multicast, security; risk management and incident management; traceback, Bots, Privacy,
Questionnaire issued to developing countries to ascertain their security needs
Updated security roadmap/database, compendia, manual; strengthened coordination
Security for NGN (SG 13) Y.2701: Security Requirements for NGN Release 1 Y.2702: NGN Authentication and Authorization Requirements Y.NGN SecMechanisms: NGN Security Mechanisms and
Procedures Y.NGN Certificate: NGN Certificate Management Y.AAA: Application of AAA for Network Access Control in UNI and
ANI over NGN
Highlights of current activities (2)
IdentityConnecting users with services
and with others (Federation)
At your Desk
Managed Office
Whatever you’re doing(applications)
In the Air
On the Road
Collaboration
Voice Telephony
ERP
In Town
PDA
Cellular
Smart Phone
Wherever you are(across various access types)
Whatever you’re using(devices)
At Home
Video
Web Apps
• Network Identity is essential• Need end-to-end trust model
PC
People have multiple identities, each within a specific context or domain
Work – [email protected] – [email protected] – [email protected] – [email protected]
ChallengesAddressing security to enhance trust and confidence of users in Addressing security to enhance trust and confidence of users in
networks, applications and servicesnetworks, applications and services With global cyberspace, what are the security priorities for the ITU
with its government / private sector partnership? Need for top-down strategic direction to complement bottom-up,
contribution-driven process Balance between centralized and distributed efforts on security
standards Legal and regulatory aspects of cybersecurity, spam, identity/privacy Address full cycle – vulnerabilities, threats and risk analysis;
prevention; detection; response and mitigation; forensics; learning Marketplace acceptance of Information Security Management
System (ISMS) standards (ISO/IEC 27000-series and ITU-T X.1051) – the security equivalent to ISO 9000-series
Effective cooperation and collaboration across the many bodies doing cybersecurity work
Informal security experts network – needs commitmentThere is no “silver bullet” for CybersecurityThere is no “silver bullet” for Cybersecurity
Some useful web resources ITU-T Home page http://www.itu.int/ITU-T/ Security Roadmap
http://www.itu.int/ITU-T/studygroups/com17/ict/index.html Security Manual http://www.itu.int/publ/T-HDB-SEC.03-2006/en Cybersecurity Portal http://www.itu.int/cybersecurity/ Cybersecurity Gateway
http://www.itu.int/cybersecurity/gateway/index.html Recommendations http://www.itu.int/ITU-T/publications/recs.html ITU-T Lighthouse http://www.itu.int/ITU-T/lighthouse/index.phtml ITU-T Workshops http://www.itu.int/ITU-T/worksem/index.html LSG on Security http://www.itu.int/ITU-T/studygroups/com17/tel-
security.html
www.oasis-open.org
BackupBackup
NGN architecture overview (Y.2012)
Transport stratum
Service stratum
ControlMedia
Man
ag
em
en
t Fu
nct
ion
s
ANI
Transport Control Functions
Resource and Admission
Control Functions
Network Attachment Control Functions
NNIUNI
Application Support Functions & Service Support Functions
Applications
Transport Functions
End-UserFunctions
OtherNetworks
Service ControlFunctions
Service UserProfiles
Transport User Profiles
NGN architecture overview (Y.2012)
Transport stratum
Service stratum
ControlMedia
Man
ag
em
en
t Fu
nct
ion
s
ANI
Transport Control Functions
Resource and Admission
Control Functions
Network Attachment Control Functions
NNIUNI
Application Support Functions & Service Support Functions
Applications
Transport Functions
End-UserFunctions
OtherNetworks
Service ControlFunctions
Service UserProfiles
Transport User Profiles
Packet-based network with QoS support and Security
Separation between Services and Transport Access can be provided using many
underlying technologies Should be reflected in policy
Decoupling of service provision from network
Support wide range of services/applications Converged services between Fixed/Mobile
Broadband capabilities with end-to-end QoS Compliant with regulatory requirements
Emergency communications, security, privacy, lawful interception
ENUM Resources, Domain Names/ Internet Addresses
NGN Security Trust Model
TrustedZone
Trusted butVulnerable
Zone
Untrusted Zone
Network Elements controlled by
the NGN provider
Network Elements not always controlled
by the NGN provider
NGNnetwork
Elements
NetworkBorder
Elements(NBE)TE-BE
TE
TE
Provider-controlled
Equipment TE-BE
TE
TE
NGN Peering Trust Model
TrustedZone
Trusted butVulnerable
Zone
UntrustedZone
NGNnetwork
Elements
DomainBorder
Elements(DBE)
NGNnetwork
Elements
DomainBorder
Elements(DBE)
Provider B fromProvider A’s point of viewProvider A