Security Standardization in ITUT SG17

1
Security Standardizationin ITU-T SG17

• Dr. Jianyong Chen
• Vice-Chairman ITU-T Study Group 17
• chen.jianyong_at_zte.com.cn

2
Speaker Dr. Jianyong Chen

• Director of strategic security standardization,
  ZTE Corporation
• Vice-Chairman of ITU-T Study Group 17 responsible
  for security, languages and telecommunication
  software
• Chairman of network security working group, China
  Communications Standards Association (CCSA)
• Over 20 scientific publications and applied over
  15 patents in the field of security
• Ph.D. degree from City University of Hong Kong

3
ITU-T Security Manual December 2003, October 2004

• Basic security architecture and dimensions
• Vulnerabilities, threats and risks
• Security framework requirements
• PKI and privilege management with X.509
• Applications (VoIP, IPCablecom, Fax, Network
  Management, e-prescriptions)
• Security terminology
• Catalog of ITU-T security-related Recommendations
• List of Study Groups and security-related
  Questions
• www.itu.int/itudoc/itu-t/85097.pdfwww.itu.int/itu
  doc/itu-t/86435.pdf

4
ITU-T Study Group 17www.itu.int/ITU-T/studygroups
/com17

• Lead Study Group for Telecommunication
  Securitywww.itu.int/ITU-T/studygroups/com17/tel-s
  ecurity.html
• Coordination/prioritization of security efforts
• Development of core security Recommendations
• Lead ITU-T Workshop on Security
  www.itu.int/ITU-T/worksem/security
• An ITU-T Workshop on Security being planned
• New Horizons for Security Standardization
  ,Geneva, 3 - 4 October 2005
• Initiated the ITU-T Security Project
• Provide vision and direction for future work
• Reflect situation of current work

5
ITU-T SG 17 Security Focus2001-2004

• Public Key and Attribute Certificate Frameworks
  (X.509) Revision 2005
• Ongoing enhancements as a result of more complex
  uses
• Security Architecture (X.805) New 2003
• For end-to-end communications
• Security Management System (X.1051) New 2004
• For risk assessment, identification of assets and
  implementation characteristics
• Mobile Security (X.1121 and X.1122) New 2004
• For mobile end-to-end data communications
• Telebiometric Multimodal Model (X.1081) New 2004
• A framework for the specification of security and
  safety aspects of telebiometrics

6
Study Group 17 Security Questions2005-2008
7
Recommendations planned for consent later in the
study period

• Q.2 Directory services, Directory systems, and
  public-key/attribute certificates
• Computerized Directory Assistance (E.115)
• Q.5 Security Architecture and Framework
• Draft of a version to ITU-T Rec.X.805
• Q.7 Security Management
• Code of practice for information security
  management (X.ism-1)
• ISMS requirements specification (X.ism-2 )

8
Recommendations planned for consent later in the
study period

• Q.8 Telebiometrics
• Physiological Quantities, their Units and Letter
  Symbols (X.physiol)
• General Telebiometric system models, Protocol and
  Data contents (X.tsm-1)
• Profile of Client Verification Model on TSM
  (X.tsm-2)
• The Guideline of technical and managerial
  countermeasures for Biometric Data Security
  (X.tpp)

9
Recommendations planned for consent later in the
study period

• Q.9 Secure Communication Service
• Framework for security technologies for home
  network (X.homesec-1)
• Certificate profile for the device in the home
  network (X.homesec-2)
• General security value added service(policy) for
  mobile data communication (X.msec-3)
• Correlative reacting system in mobile network
  (X.crs)
• Authentication architecture in mobile end-to-end
  data communication(X.msec-4)

10
Recommendations planned for consent later in the
study period

• Proposed Q.17 Countering SPAM
• Guideline document on countering SPAM (X.gcs)
• Technical framework for countering SPAM (X.fgs)
• Technical means for countering SPAM (X.tcs)

11

• Highlights on Contents of Security
  Recommendations planned for consent later in the
  study period (2005-2008)

12
The Guideline of technical and managerial
countermeasures for Biometric Data Security
(X.tpp)
Fig. 5.1 Flow of biometric information on
telecommunication
13
The Guideline of technical and managerial
countermeasures for Biometric Data Security
(X.tpp)
Fig. 5.2 Components of a biometric system
14
Framework for security technologies for home
network (X.homesec-1)

• Security functions for satisfying security
  requirements in the home network
• Security functions from ITU-T Recommendation
  X.1121
• Encipherment function (or encryption)
• Digital signature function
• Access control function
• Data integrity function
• Authentication function
• Notarization
• Additional security functions
• Message authentication code (MAC) function
• Key management function

15
Certificate profile for the device in the home
network (X.homesec-2)

• Establish the certification management scheme for
  home network application.
• The detailed study items for certificate profiles
  for home network may be as follows
• OIDs for device certificate profile for home
  network
• Algorithm identifier for device certificate
• Subject DN format
• Basic field
• Version
• Public key type
• Intended usage field
• Various extensions for device certificate
• subjectKeyIdentifier
• authorityKeyIdentifier
• Key Usage
• Basic constraint
• Validity period
• Certificate security
• Modulus length

16
General security value added service(policy) for
mobile data communication (X.msec-3)

• Requirements
• Rigorous mobile environment
• Additional investment for security
• Various secure algorithms and protocols in
  different types of terminals.
• Different degree of security requirements for
  various users and applications
• Simple and effective security management for
  users

17
General security value added service(policy) for
mobile data communication (X.msec-3)
Table 1. The classification of assets
18
General security value added service(policy) for
mobile data communication (X.msec-3)
Fig. 1 Framework of security policy layer for
mobile end-to-end data communicatio
19
General security value added service(policy) for
mobile data communication (X.msec-3)

• Fig. 2 Reference model of general security service

20
Authentication architecture in mobile end-to-end
data communication(X.msec-4)
Architecture
21
Correlative reacting system in mobile network
(X.crs)

• Figure 1 Overall architecture of correlative
  reacting systems

22
Guideline document on countering SPAM (X.gcs)
Legislation
Technology
Training
Countering Spam Solution
Industrial self-discipline
Complaint
International Cooperation
23
Guideline document on countering SPAM (X.gcs)

• VoIP Spam
• Unsolicited bulk commercial message or call over
  VoIP service. VoIP spam is called as SPIT (Spam
  over Internet Telephony) or VAM (Voice or VoIP
  spam).
• Causing Factors of VoIP Spam
• Low price of VoIP service
• Provision of various additional features of IP
  service as well as call connection service
• Ease of bulk spam delivery owing to the
  allocation of IP address to telephone number

24
Guideline document on countering SPAM (X.gcs)

• Types of VoIP Spam
• Text message sent to VoIP terminal including
  short message and spam mail
• Recorded voice mail message
• Telemarketing including phone call with
  telemarketer, interaction with IVR system and so
  on

25
Guideline document on countering SPAM (X.gcs)
Spamming cost
Response rate
Filtering rate
Spreading Power of VoIP Spam Utility of Spammer
Probability of punishment
Cost of punishment and number of sent spam
Influencing Power of VoIP Spam Utility of
Receiver
26
Technical framework for countering SPAM (X.fgs)
Fig.1 General structure of spam processing system
27
Technical framework for countering SPAM (X.fgs)

• Fig. 2 Reference Model

28
Forthcoming Workshops and Meetings
http//www.itu.int/ITU-T/studygroups/com17/index.a
sp

• Workshop on New Horizons for Security
  Standardization
• Geneva, 3 - 4 October 2005
• Next SG17 Meeting
• Geneva , 05-14 October 2005