abbie barbir, ph.d. rapporteur, q10/17 identity management question [email protected]
DESCRIPTION
ITU-T Security and Privacy International Cloud Symposium Washington DC October 2012. Abbie Barbir, Ph.D. Rapporteur, Q10/17 Identity Management Question [email protected]. ITU-T Objectives. International Telecommunication Union - PowerPoint PPT PresentationTRANSCRIPT
InternationalTelecommunicationUnion
Abbie Barbir, Ph.D.Rapporteur, Q10/17 Identity Management Question [email protected]
ITU-T
Security and Privacy
International Cloud SymposiumWashington DC October 2012
2
ITU-T Objectives International Telecommunication Union
Develop and publish standards for global ICT interoperability
Identify areas for future standardization
Provide an attractive and effective forum for the development of international standards
Promote the value of ITU standards
Disseminate information and know-how
Cooperate and collaborate
Provide support and assistance
3
ITU-T Key Features
Truly global public/private partnership
95% of work is done by private sector
Continuously adapting to market needs
Pre-eminent global ICT standards body
NumberingSG 2
TariffsSG 3
Climate Change& EMCSG 5
Cable TVSG 9
Protocols& TestingSG 11
QualitySG 12
Future NetworksSG 13
Access &Transport NetworksSG 15
MultimediaSG 16
SecuritySG 17
TSAG
ITU-T Study Groups
4/48
Personally Identifiable Information (PII)
Aspects of privacy and protection of PII data is a key concern to the ITU-T (SG 17 )
Recommendations published have identified security threats and provide guidelines in that area. Recommendation ITU-T X.1171 identifies threats and
requirements for PII protection in application using tag-based identification.
Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system
Joint Coordination Activity on Internet of Things (JCA-IoT) Focus Group on Machine-to-Machine Service Layer
SG 17 Questions involved in “privacy” studies
Question 3/17 “Telecommunications information security management”
Question 4/17 “Cybersecurity” Question 6/17 “Security aspects of ubiquitous telecommunication
services” Question 7/17 “Secure application services” Question 9/17 “Telebiometrics” Question 10/17 “Identity management architecture and mechanisms” Further candidate Questions could be
Question 8/17 “Cloud computing security” Question 11/17 “Directory services, Directory systems, and
public- key/attribute certificates”
Definitions of Privacy in ITU-T Recommendations
Privacy ITU-T X.1252 (04/2010) “Baseline identity management
terms and definitions” The right of individuals to control or influence what personal
information related to them may be collected, managed, retained, accessed, and used or distributed.
ITU-T Y.2720 (01/2009) “NGN identity management framework” The protection of personally identifiable information.
Recommendation X.1171 Threats and requirements for protection of PII in applications
using tag-based identification
Basic model of a B2C application \
8/48
X.1171 Threats
PII infringement through information leakage
9/48
Guidelines on protection of personally identifiable information in the application of RFID technology
Privacy principles (based on privacy principles of: Council of Europe], EC Directive 95/46, EC Directive 2002/58/EC, OECD, and UNHCR)
Threats and infringements of PII in RFID Typical RFID applications and possible threats to PII
Supply-chain managementTransportation and logisticsHealthcare and medical application e-government Information service
Guidelines on protection for personally identifiable information
ITU-T X.1275
10/48
X.1275RFID applications and threats to PII
Field Typical applicationsInformationin RFID tag
Possible privacy threats
Supply chain
Inventory management ProductTracking, profiling of persons performing of inventory
Retail (e.g., supermarket) ProductTracking, profiling(after purchasing good)
Transportation and logistics
Public transportation ticket
User's ID, charging, etc. Tracking, profiling
Highway toll User's ID, charging, etc. Tracking, profiling
Vehicle tracking Product Tracking, profiling
Fleet/container management
ProductTracking, profiling of persons handling of containers
Healthcare
Tracking patientsPatient's ID, medical history, etc.
Tracking, profiling, invisibility
Preventing medication errors
Patient's ID, medical history, prescription, etc.
Tracking, profiling
Blood or medicines tracking for anti-counterfeiting
Product ×
e-government e-passportPeople's ID, nationality, biometric
Tracking, profiling, counterfeiting PII
Information services Smart poster Product ×11/48
Other Work X.gpim
Draft Recommendation, Guideline for management of personally identifiable information for telecommunication organizations
Big Data view
Scope provides a guideline of management PII in the context of
telecommunications
Possibly joint work Liaison cooperation with ISO/IEC JCT 1/SC 27/WG 1
Internet-of-Things (IoT), ubiquitous sensor networks (USN), Machine-to-Machine (M2M) and network aspects of identification systems, including RFID (NID) play an important role in ITU-T’s standardization activities.
Various ITU-T Study Groups and ITU-T initiatives are addressing RFID/NID, IoT, USN and M2M including the security aspects thereof; an initial suite of ITU-T Recommendations has already been developed in that domain and serves as a tool set for standard developers and implementers; yet the comprehensive subject is still emerging and forthcoming drafts are in preparation by the ITU-T Global Standards Initiative (GSI-IoT) where those standards are being developed in cooperation among the experts.
Aspects of privacy and protection of PII (personally identifiable information) data is a key concern and first set of ITU-T Recommendations published have identified security threats and provide guidelines in that area.
Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.
Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system.
Summary
13/48
THANK YOU
For further information
http://www.itu.int/ITU-Thttp://www.itu.int/ITU-T/studygroups/com17
For further information
http://www.itu.int/ITU-Thttp://www.itu.int/ITU-T/studygroups/com17
14/48