Committed to connecting the world

Advanced Search

Sep21-summary

Executive Summary

Meeting of ITU-T SG17 'Security', virtual, 24 August - 3 September 2021

Hot topics

o PKI, OID, TTCN-3

o Countering spam and website spoofing

o 5G security

o IoT security

o Cloud security

o Big data infrastructure security

o Web based online customer service security

o DLT based service security

o Key management of QKDN

o Security multi-party computation

Meeting Output

TAP approval (1): X.1233, Details are in Annex A a).
TAP determined (11): 9 new and 2 revised Recommendations. Details are in Annex A d).
AAP consented (19): 7 new, 10 revised Recommendations and 1 Corrigendum, 1 Amendment, for AAP Last Call. Details are in Annex A e).
Agreed (2): 1 new Supplement and 1 new Technical Report. Details are in Annex A c).
New work items (7): Details are in Annex B.
Work items discontinued (4): Details are in Annex C.
New Registry authority for Annex C of ITU-T X.666 | ISO/IEC 9834-7 (pending agreement by ISO/IEC/JTC 1/SC 6)

Standards Council of Canada (SCC)

Workshops:

2^nd ITU/WHO workshop on Digital Vaccination Certificate, jointly organized by ITU-T SG17, SG16 and SG20, date tbd in 2021 during ITU Digital World.

Next SG17 meetings

Friday 7 Jan 2022, SG17 e-plenary (virtual, 11:00-16:00)

Open and extended management team meeting on Wed 5 Jan 2022, 12:00-15:00.
Tasks:

Final review of SG17 reports to WTSA-20;
Planning of future SG17 meeting after WTSA-20;
12 work items identified (X.pki-em for AAP consent + 11 determined texts for TAP approval) for action, see Annex A f).

May/June 2022 SG17 meeting [virtual, 10/9 working days, 10:00-16:00] | [physical in Geneva, 8 working days]

Open and extended management team meeting, tbd, virtual 13:00-15:00 | physical?

2^nd SG17 meeting in next study period: Aug/Sep 2022?
Interim RGMs: 6 Questions plan to hold 8 RGMs before 1^st SG17 meeting after WTSA-20.

	Q	Date	Place/Host	Subject/objective
1.	2/17	24-25 Nov 2021	e-meeting	To progress on work items of Q2/17 planned for action in 1^st SG17 meeting after WTSA-20.
2.	3/17	5 Oct 2021	e-meeting	To review 3rd Revised baseline text for X.1051-rev2 (1st CD 27011) and prepare reply to SC27 LS/i Contribution deadline is 2 Oct 2021
3.	3/17	Feb 2022	e-meeting	Tbd by the previous Q3/17 RGM
4.	Q6/17	Dec 2021 or Feb 2022	e-meeting	To progress all the work items of Q6/17
5.	10/17	Nov 2021	e-meeting	To progress all the work items of Q10/17
6.	10/17	Feb 2022	e-meeting
7.	14/17	Nov/Dec 2021	e-meeting	As a joint session with Q22/16 work on the action items: X.ss-dlt, TR.qs-dlt preparation for workshops: Joint workshop with TC 307 review of deliverables from other study groups, focus groups and other SDOs
8.	15/17	20-21 Jan 2022	e-meeting	To address and discuss draft X.sec_QKDN_intrq for consent in the next study period Contribution deadline is 13 Jan 2022

Tutorial

SG17 overview TD3787

Statistics of participants

	participants	countries	Member States	Sector Members	SG17 Associates	Academia	Invited Experts
Announced	252	37	27	31	3	2	8
Final	223	28	21	31	3	2	8

SG17 Correspondence Group/task force

CG-SG17-meeting: new (ToR in TD4006R2)
CG-wtsa20-prep (Correspondence Group on SG17 preparation for WTSA-20): continued

Meeting input and organization

Contributions: 98 – stable, DDP: 99%.

APT 81 (83%) [China 41 (42%), Korea 30 (31%), Japan 10 (10%)]
Americas 8 (8%) [US 8]
EUR 7 (7%) [Denmark 1, UK 1, Germany 4, Switzerland 1]
AFR 2 (Kenya, Senegal, and Ghana)
LAM (0), ARAB (0), RCC (0).

LS: (matrix in TD3801)

incoming 46 - stable
Outgoing 26 - stable

TDs: 336 - stable

Annex A
Actions taken on Recommendations, and other texts at SG17 closing plenary on 3 Sept 2021

a) TAP Recommendations approved (WTSA-16 Resolution 1):

#	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
	4/17	X.1233 (X.gcims)	Guidelines for countering spam over instant messaging	New	Huamin Jin, ChangOh Kim, Laifu Wang, Shuai Wang, Yanbin Zhang	R83		2017-09	2021-09

b) TAP Recommendations not approved (WTSA-16 Resolution 1):

none

c) Other texts (Supplement, Implementers' Guide, etc) agreed:

The SG17 plenary meeting approved the following texts by agreement:

#	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	3/17	X.Suppl.36 (X.sup-csc)	Supplement to X.1051: Critical security controls for telecommunication organization	New	Patrice Payen, Arnaud Taddei, Mustafa Thaib	TD4087		2018-09	2021-09
2.	8/17	TR.XAASL	Technical Report: Framework for security standardization for virtualized services	New	Mark McFadden	TD4041		2020-09	2021-09

d) Recommendation determined (TAP – WTSA-16 Resolution 1):

#	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent (e.g., ISO/IEC)	Start of work	Timing
1.	2/17	X.1812 (X.5Gsec-t)	Security framework based on trust relationship for IMT-2020 ecosystem	New	Minpeng Qi, Li Su, Junzhi Yan, HeungYoul Youm	TD3976		2018-09	2021-09
2.	4/17	X.1246Amd.1	Technologies involved in countering voice spam in telecommunication organizations	New	Dmitry Cherkesov, Yanbin Zhang	TD4000		2019-09	2021-09
3.	4/17	X.1247Amd.1	Technical framework for countering mobile messaging spam	New	Dmitry Cherkesov, Yanbin Zhang	TD4000		2019-09	2021-09
4.	4/17	X.1234 (X.gcmms)	Guideline for countering Multimedia Messaging Service (MMS) spam	New	Jinfeng Kou, Zhaoji Lin, Wei Liu, Ye Tao	TD4040		2018-09	2021-09
5.	4/17	X.1235 (X.tecwes)	Technologies in countering website spoofing for telecommunication organizations	New	Ruzhen Hu, Meng Nan, Chen Zhang	TD4043		2018-03	2021-09
6.	6/17	X.1333 (X.sg-rat)	Security guidelines for use of remote access tools in Internet-connected control systems	New	Gunhee Lee	TD4004		2019-09	2021-09
7.	6/17	X.1369 (X.ssp-iot)	Security requirements for IoT service platform	New	Hao Dong, Yanfei Guo, Lijun Liu, Jae Hoon Nah, Wenxin Wang, Junjie Xia	TD4068		2018-03	2021-09
8.	6/17	X.1453 (X.strvms)	Security threats and requirements for video management systems	New	Jong Wook Han, Geon Woo Kim, Kyungsoo Lim	TD4011		2018-03	2021-09
9.	8/17	X.1752 (X.sgBDIP)	Security guidelines for big data infrastructure and platform	New	Arnaud Taddei, Ye Tao, Laifu Wang	TD4045		2018-03	2021-09
10.	8/17	X.1643 (X.sgcc)	Security guidelines for container in cloud computing environment	New	Lanfang Ren, Ye Tao, Laifu Wang, Lei Xu	TD4048		2018-09	2021-09
11.	14/17	X.1407 (X.srip-dlt)	Security requirements for digital integrity proofing service based on distributed ledger technology	New	Jung Yeon Hwang, Juhee Ki, Min Shu, Wenlei Wang, Yang Wu, Yunwei Zhao	TD4014		2018-09	2021-09

e) AAP Recommendations consented for Last Call (Recommendation ITU-T A.8):

The SG17 plenary meeting gave consent (AAP) to the following new/revised ITU-T Recommendations for Last Call according to Recommendation ITU-T A.8:

#	Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	2/17	X.1047 (X.nsom-sec)	Security requirements and architecture for network slice orchestration and management	New	Zhiyuan Hu, Huamin Jin, Ye Tao, Junzhi Yan	TD3975 (A.5 TD3900)		2019-09		2021-09
2.	2/17	X.1011 (X.rf-csap)	Guidelines for continuous protection of service access process	New	Chao Huang, Min Shu, Weilei Wang, Chen Zhang	TD3974		2019-09		2021-09
3.	7/17	X.1470 (X.sgos)	Security guidelines of web-based online customer service	New	Hao Dong, Lijun Liu, Jae Hoon Nah, Wenxin Wang	TD4071 (A.5 TD4094)		2018-03		2021-09
4.	10/17	X.1080.2 (X.b2m)	Biology to machine protocol	New	Erik Andersen, John Caras, Myung Geun Chun	TD3977		2018-09		2021-09
5.	11/17	X.501Amd.1	Information Technology - Open systems Interconnection - The Directory – Models	New	Erik Andersen	TD3971	ISO/IEC 9594-2	2021-04		2021-09
6.	11/17	X.509Cor.1	Information Technology - Open systems Interconnection - The Directory – Public-key and attribute certificate frameworks	New	Erik Andersen	TD3972	ISO/IEC 9594-8	2021-04		2021-09
7.	11/17	X.672rev	Information technology – Open systems interconnection – Object identifier resolution system	Rev	Zhou Liang, Zhihui Liu, RuiFen Mu, Linjian Song	TD4009	ISO/IEC 29168-1	2020-03		2021-09
8.	11/17	Z.161rev	Testing and Test Control Notation version 3: TTCN-3 core language	Rev	Dieter Hogrefe	TD3978 (A.5 TD3979)	ETSI ES 201 873-1			2021-09
9.	11/17	Z.161.2rev	Testing and Test Control Notation version 3: TTCN-3 language extensions: Configuration and deployment support	Rev	Dieter Hogrefe	TD3980 (A.5 TD3981)	ETSI ES 202 781			2021-09
10.	11/17	Z.161.3rev	Testing and Test Control Notation version 3: TTCN-3 language extensions: Advanced parameterization	Rev	Dieter Hogrefe	TD3982 (A.5 TD3983)	ETSI ES 202 784			2021-09
11.	11/17	Z.161.4rev	Testing and Test Control Notation version 3: TTCN-3 language extensions: Behaviour types	Rev	Dieter Hogrefe	TD3984 (A.5 TD3985)	ETSI ES 202 785			2021-09
12.	11/17	Z.161.7rev	Testing and Test Control Notation version 3: TTCN-3 language extensions: Object-Oriented Features	Rev	Dieter Hogrefe	TD3986 (A.5 TD3987)	ETSI ES 230790			2021-09
13.	11/17	Z.167rev	Testing and Test Control Notation version 3: Using ASN.1 with TTCN-3	Rev	Dieter Hogrefe	TD3988 (A.5 TD3989)	ETSI ES 201873-7			2021-09
14.	11/17	Z.168rev	Testing and Test Control Notation version 3: The IDL to TTCN-3 mapping	Rev	Dieter Hogrefe	TD3990 (A.5 TD3991)	ETSI ES 201873-8			2021-09
15.	11/17	Z.169rev	Testing and Test Control Notation version 3: Using XML schema with TTCN-3	Rev	Dieter Hogrefe	TD3992 (A.5 TD3993)	ETSI ES 201873-9			2021-09
16.	11/17	Z.171rev	Testing and Test Control Notation version 3: Using JSON with TTCN-3	Rev	Dieter Hogrefe	TD3994 (A.5 TD3995)	ETSI ES 201873-11			2021-09
17.	14/17	X.1408 (X.das-mgt)	Security threats and requirements for data access and sharing based on distributed ledger technology	New	Zhiyuan Hu, Mee Yeon Kim, Keundug Park, Heung Youl Youm	TD4017		2018-03		2021-09
18.	15/17	X.1712 (X.sec-QKDN_km)	Security requirements and designs for quantum key distribution networks - key management	New	Kaoru Kenyoshi, Jiajun Ma, Hao Qin, Dong-Hi Sim	TD3939		2019-01		2021-09
19.	15/17	X.1770 (X.tf-mpc)	Technical guidelines for secure multi-party computation	New	Xiaoyuan Bai, Cheng Hong, Jung Yeon Hwang, Zhaoji Lin, Hongru Zhu	TD4035		2019-09		2021-09

f) Recommendations planned for action in SG17 Jan 2022 meeting:

#		Q	Acronym	Title	New / Revised	Editor(s)	Location of text	Equivalent e.g., ISO/IEC	Start of work	Timing
1.	AAP consent	11/17	X.pki-em	Information Technology – Public Key Infrastructure: Establishment and maintenance	New	Erik Andersen	TD3658R1	TBD	2012-08	2022-01
2.	TAP approval	2/17	X.1812 (X.5Gsec-t)	Security framework based on trust relationship for IMT-2020 ecosystem	New	Li Su, Minpeng Qi, Junzhi Yan, HeungYoul Youm	R102		2018-09	2022-01
3.	TAP approval	4/17	X.1246Amd	Technologies involved in countering voice spam in telecommunication organizations	New	Dmitry Cherkesov, Yanbin Zhang	R94		2019-09	2022-01
4.	TAP approval	4/17	X.1247Amd	Technical framework for countering mobile messaging spam	New	Dmitry Cherkesov, Yanbin Zhang	R95		2019-09	2022-01
5.	TAP approval	4/17	X.1234 (X.gcmms)	Guideline for countering Multimedia Messaging Service (MMS) spam	New	Jinfeng Kou, Wei Liu, Ye Tao, Lin Zhaoji	R92		2018-09	2022-01
6.	TAP approval	4/17	X.1235 (X.tecwes)	Technologies in countering website spoofing for telecommunication organizations	New	Ruzhen Hu, Meng Nan, Chen Zhang	R93		2018-03	2022-01
7.	TAP approval	6/17	X.1333 (X.sg-rat)	Security guidelines for use of remote access tools in Internet-connected control systems	New	Gunhee Lee	R96		2019-09	2022-01
8.	TAP approval	6/17	X.1369 (X.ssp-iot)	Security requirements for IoT service platform	New	Hao Dong, Yanfei Guo, Lijun Liu, Jae Hoon Nah, Wenxin Wang, Junjie Xia	R97		2018-03	2022-01
9.	TAP approval	6/17	X.1453 (X.strvms)	Security threats and requirements for video management systems	New	Jong Wook Han, Geon Woo Kim, Kyungsoo Lim	R99		2018-03	2022-01
10.	TAP approval	8/17	X.1752 (X.sgBDIP)	Security guidelines for big data infrastructure and platform	New	Arnaud Taddei, Ye Tao, Laifu Wang	R101		2018-03	2022-01
11.	TAP approval	8/17	X.1643 (X.sgcc)	Security guidelines for container in cloud computing environment	New	Lanfang Ren, Ye Tao, Laifu Wang, Lei Xu	R100		2018-09	2022-01
12.	TAP approval	14/17	X.1407 (X.srip-dlt)	Security requirements for digital integrity proofing service based on distributed ledger technology	New	Jung Yeon Hwang, Juhee Ki, Min Shu, Wenlei Wang, Yang Wu, Yunwei Zhao	R98		2018-09	2022-01

Annex B
New work items

The following new work items were agreed to be added to the SG17 Work Programme:

#	Question	NWI	TD	Title	C
1.	2/17	XSTP-5Gsec-RM**	TD4090	Technical paper: 5G security standardization roadmap	C1113
2.	2/17	TR.zt-acp**	TD4049	Technical report: Guideline for zero trust based access control platform in telecommunication network	C1174
3.	6/17	X.ra-iot*	TD4096	Security risk analysis framework for IoT devices	C1096
4.	7/17	X.saf-dfs	TD4056	Security assurance framework for digital financial services	C1135
5.	10/17	X.oob-sa*	TD4029	Framework for out-of-band server authentication using mobile devices	C1132
6.	10/17	X.srdidm	TD4018	Security requirements for decentralized identity management systems using distributed ledger technology	C1128
7.	13/17	X.idse	TD4005	Evaluation methodology for in-vehicle intrusion detection system	C1175

Notes:

*: for TAP determination, **: for agreement, others for consent

Annex C
Work items discontinued

#	Question	Acronym	Title
1.	1/17	TP.sec-arch	Technical Paper: Implications and further considerations of security architecture patterns
2.	10/17	X.upu	Postal identity management framework
3.	10/17	X.tas	Telebiometric authentication using speaker recognition
4.	14/17	X.tf-spd-dlt	Technical framework for secure software programme distribution mechanism based on distributed ledger technology