introduction of itu-t study group 17 “security” for its perspective€¦ · introduction of...
TRANSCRIPT
Introduction of ITU-T Study Group 17 “Security” for ITS perspective
(Primary focus in SG17 is to build confidence and security in
the use of Information and Communication Technologies (ICTs))
July 29, 2015
Koji Nakao ITU-T SG17 vice-chair
Study Group 17 is the Lead Study Group on: ● Security
● Identity management (IdM) ● Languages and description techniques
A study group may be designated by WTSA or TSAG as the lead study group for ITU-T studies forming a defined programme of work involving a number of study groups.
This lead study group is responsible for the study of the appropriate core Questions.
In addition, in consultation with the relevant study groups and in collaboration, where appropriate, with other standards bodies, the lead study group has the responsibility to define and maintain the overall framework and to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations.
* Extracted from WTSA-12 Resolution 1
2/89
SG17, Security
3/89
Study Group 17
WP 1/17 Fundamental
security
WP 2/17 Network and information
security
WP 3/17 IdM + Cloud computing
security
WP 4/17 Application
security
WP 5/17 Formal
languages
Q6/17
Ubiquitous services
Q7/17
Applications
Q9/17
Telebiometrics
Q12/17
Languages + Testing
Q1/17
Telecom./ICT security
coordination
Q2/17 Security
architecture and framework
Q3/17
ISM
Q4/17
Cybersecurity
Q5/17
Countering spam
Q8/17
Cloud Computing
Security
Q10/17
IdM
Q11/17 Directory,
PKI, PMI, ODP, ASN.1,
OID, OSI
SG17 Management Team
4/89
Chairman Arkadiy KREMER Russian Federation
Vice-Chairmen
Khalid BELHOUL United Arab Emirates Mohamed M.K. ELHAJ Sudan Antonio GUIMARAES Brazil George LIN P.R. China Patrick MWESIGWA Uganda Koji NAKAO Japan Mario FROMOW RANGEL Mexico Sacid SARIKAYA Turkey Heung Youl YOUM Korea (Republic of)
Working Party 1/17 Fundamental security
Q1/17 Telecommunication/ICT security coordination
Q2/17 Security architecture and framework
Q3/17 Telecommunication information security management
Chairman: Koji NAKAO
5/89
Working Party 2/17 Network and information security
Q4/17 Cybersecurity
Q5/17 Countering spam by technical means
Chairman: Sacid SARIKAYA
6/89
Working Party 3/17 Identity management and cloud computing security
Q10/17 Identity management architecture and mechanisms
7/89
Q8/17 Cloud computing security
Working Party 4/17 Application Security
Q9/17 Telebiometrics
Q7/17 Secure application services
Q6/17 Security aspects of ubiquitous telecommunication services
8/89
Question 6/17 Security aspects of ubiquitous telecommunication services Responsible for multicast security, home network security, mobile security,
networked ID security, IPTV security, ubiquitous sensor network security, intelligent transport system security, and smart grid security
13 Recommendations approved in last study period. 1 Recommendation and 1 Supplement approved in this study period. Recommendations currently under study include:
X.msec-7, Guidelines on the management of infected terminals in mobile networks X.msec-8, Secure application distribution framework for communication devices X.sgsec-1, Security functional architecture for smart grid services using
telecommunication network X.unsec-1, Security requirements and framework of ubiquitous networking X.itssec-1, Secure Software Update for ITS communications devices X.itssec-2. Security Guidelines for V2X communication systems
Close relationship with JCA-IPTV and ISO/IEC JTC 1/SC 6/WG 7 Close relationship with SG16 Question 27 on ITS security Rapporteur: Jonghyun BAEK
9/89
Scope of the Recommendation X.itssec-1
On-board Information Device
10
Power Management Control ECU
Seat Belt Control ECU
Driving Support ECU
Parking Assist ECU
Skid Control ECU
etc.,
Vehicle Mobile Gateway
Aftermarket Information Device
Update Server / log database
Car Manufacturer / Garage center
Communication Path
..... ... Communication Path Supplier
Functionality of Head Unit
! Status check of ECUs ! Log collection ! In-car diagnosis function
Diagnosis of on-board devices
! Status check of ECUs ! Log collection ! Verification of update module
Communication protocol
! Between Car and Manufacturer / Garage
! Encryption ! Authentication
Functionality of Server
! Stored Data Definition Auth info Log Audit
With considerations of
privacy concerns
1. Supplier provides an update module to a car manufacturer.
2. Vehicle mobile gateway requests ECUs to diagnose themselves and submit their software list.
3. ECUs generate a software list and submit it to the Vehicle mobile gateway.
4. The vehicle mobile gateway gathers the lists of software and submit them to update server.
5. Update server issues a receipt of the software list for vehicle mobile gateway.
6. Update server determines necessary software modules for each ECU.
7. After a certain period of time, the vehicle mobile gateway requests update modules for the vehicle.
8. Update software modules are delivered to vehicle mobile gateway.
9. The gateway pushes a notification to a user interface.
10. The car owner confirms to apply the update via the user interface.
11. Vehicle mobile gateway delivers the updates to corresponding ECUs and request them to apply the updates.
12. Each ECU applies the update and reports the application result to the vehicle mobile gateway.
13. Finally the vehicle mobile gateway submits a report of application results to the update server.
14. Finally the vehicle mobile gateway submits a report of application results to the update server.
Model data flow of remote software update
11
ECU Vehicle mobile gateway (VMG) Update Server at Car Manufacturer
..... .... User Interface Supplier
update
request
list
report
receipt
request
notification
update
confirmation
update
update
update
receipt
Structure of the Recommendation X.itssec-1 6. Basic model of remote software update
6.1. Modules of ITS environment for software update 6.2 . Model of software update process
7. Threats and Risk analysis and Security Objectives 7.1. Definition of Target System of Evaluation 7.2. Identification of threats 7.3. Risk analysis 7.4. Security Objectives
8. Functional requirements for the secure software update 8.1. Countermeasures against each identified threat (T.1-1 ~ T.11-6)
8.2. Recommended architecture of secure software update (P.1-1 ~ P.11-6)
9. How to utilize this Recommendation 9.1. Example of protocol specification
12
Working Party 5/17 Formal languages
Q11/17 Generic technologies to support secure applications
Q12/17 Formal languages for telecommunication software and testing
Chairman: George LIN
13/89
Security Coordination Security activities in other ITU-T Study Groups
14/89
ITU-T SG2 Operational aspects & TMN – International Emergency Preference Scheme, ETS/TDR – Disaster Relief Systems, Network Resilience and Recovery – Network and service operations and maintenance procedures, E.408 – TMN security, TMN PKI,
ITU-T SG5 Environment and climate change – protection from lightning damage, from Electromagnetic Compatibility (EMC) issues and also the
effects of High-Altitude Electromagnetic Pulse (HEMP) and High Power Electromagnetic (HPEM) attack and Intentional Electromagnetic Interference (IEMI)
ITU-T SG9 Integrated broadband cable and TV – Conditional access, copy protection, HDLC privacy, – DOCSIS privacy/security – IPCablecom 2 (IMS w. security), MediaHomeNet security gateway, DRM,
ITU-T SG11 Signaling Protocols and Testing – EAP-AKA for NGN – methodology for security testing and test specification related to security testing
ITU-T SG13 Future networks including cloud computing, mobile, NGN, SDN – Security and identity management in evolving managed networks – Deep packet inspection
ITU-T SG15 Networks and infrastructures for transport, access and home – Reliability, availability, Ethernet/MPLS protection switching
ITU-T SG16 Multimedia – Secure VoIP and multimedia security (H.233, H.234, H.235, H.323, JPEG2000)
(especially for ITS security)
Coordination with other bodies
ITU-D, ITU-R, xyz…
Study Group 17
15/89
Reference links Webpage for ITU-T Study Group 17
• http://itu.int/ITU-T/studygroups/com17 Webpage on ICT security standard roadmap
• http://itu.int/ITU-T/studygroups/com17/ict Webpage on ICT cybersecurity organizations
• http://itu.int/ITU-T/studygroups/com17/nfvo Webpage for JCA on identity management
• http://www.itu.int/en/ITU-T/jca/idm Webpage for JCA on child online protection
• http://www.itu.int/en/ITU-T/jca/COP Webpage on lead study group on security
• http://itu.int/en/ITU-T/studygroups/com17/Pages/telesecurity.aspx Webpage on lead study group on identity management
• http://itu.int/en/ITU-T/studygroups/com17/Pages/idm.aspx Webpage on lead study group on languages and description techniques
• http://itu.int/en/ITU-T/studygroups/com17/Pages/ldt.aspx ITU Security Manual: Security in Telecommunications and Information Technology
• http://www.itu.int/pub/publications.aspx?lang=en&parent=T-HDB-SEC.05-2011 16/89
ITU-T SG 17 Security Workshop (15th-16th September, 2014 at Geneva)
Structure of Sessions Opening Session (by George Lin) Session 1 (by Patrick Mwesigwa) - ICT infrastructure development, new security threats and counter-
measures Session 2 (by Koji Nakao) - End user security round table from both public and private sectors
(ITS sector, Health sector, Mobile-banking, ITU-D sector, and Ted) Session 3 (by Sacid Sarikaya) - Cybersecurity and data protection Session 4 (by Antonio Guimaraes) - ICT role in critical infrastructure protection
17 27-28 May 2004
18 27-28 May 2004
Structure of Sessions (cont.) Session 5 (by Heung Youl Youm) - Trust services and cloud security Session 6 (by Herb Bertine) - Security standardization challenges
1) ISO/IEC JTC1/SC27 - Walter Fumy, chairman of SC27 2) OASIS - Abbie Barbir to advise on appropriate representative to ask 3) ETSI - Charles Brookson, chairman of new ETSI TC CYBER Technical Committee 4) CSA (Cloud Security Alliance) - Andreas Fuchsberger and Eric A. Hibbard are co-
chairmen of its International Standardization Council (ISC) 5) 3GPP SA3 - Anand Prasad is chairman 6) RAISE Forum - Koji Nakao is co-chairman 7) CTO (Commonwealth Telecommunication Organization) – cybersecurity initiatives 8) Q1/17 representative (Hua Jiang)
Future plan for SG17 and ITS standardization on X.itssec-1
• Next ITU-T SG 17 meeting September 8 – 19, 2015 in Geneva
• Next Interim meeting on Q6/17 for ITS security December 2015 maybe in Seoul (Date is not fixed)
------------- • By the middle of August 2015: a Stable Draft will be
submitted to ITU-T SG17 for considerations in SG17; • After the next SG17, the agreed draft text will be asked
to review by related stakeholders on ITS in order to obtain the nearly final text on this Recommendation.
19 27-28 May 2004