Executive Summary
Meeting of ITU-T SG17 'Security', Geneva, 21 February – 3 March 2023
Hot topics
- Intelligent transport system security
- 5G security
- IoT security
- Cloud security
- Cybersecurity
- Quantum based security
- Simulation for security
1. Meeting outputs (meeting statistics see Annex E below)
- Output standards (20, see Annex A):
- TAP approval (9): Details are in Annex A a).
- TAP not approved (2): Details are in Annex A b).
- TAP (re-)determined (6): 5 new Recommendations and 1 Technical Corrigendum. Details are in Annex A c).
- AAP consented (4): 4 new Recommendations for AAP Last Call. Details are in Annex A d).
- Agreed (1): 1 new Technical Report. Details are in Annex A e).
- New work items (23, see Annex C).
- Discontinued work items (1, see Annex D).
-
ITU Workshop on "DLT security, identity management and privacy" was held successfully on 20 February 2023
- Replacement of the SG17 vice-chairman from Algeria
- Replacement of WP3/17 vice-chairman by Afnan Alromi (Saudi Arabia)
- Survey on countering spam fraud launched
- SG17 sub-groups:
- JCAs:
- JCA-COP: remains dormant
-
JCA-IdM: continued with revised ToR, and held its 31st meeting on Friday 24 February 2023
- (JCA-DCC: meeting on Friday 24 February 2023)
- Correspondence Groups
- CG-SG17-wtsa24-prep: continued
- CG-secapa (Correspondence Group on Security Capability and Architecture): continued
- CG-FIDO (Correspondence Group on FIDO standards): terminated
-
Advisory group on X.509: continued
2. Next SG17 meetings
-
WP3/17 plenary, Fully virtual, 8 May 2023 to consent revised ITU-T X.1051 |ISO/IEC 27011
-
2nd ITU X.509 Day event, Fully virtual, 9 May 2023
-
4th SG17 meeting,Korea, Tuesday 29 August - Friday 8 September 2023 (9 working days, physical meeting with remote participation)
- ITU workshop on "Zero trust and identity management security", Monday 28 August 2023, 09:30-17:30
-
Open and extended management team meeting, Monday 28 August 2023, 19:00-21:00.
-
32nd JCA-IdM meeting, Friday 1 September 2023, 14:30-16:00
-
24 Candidate texts for action, details see Annex B.
- (ITU-WHO workshop on DCC (TBD) on 11 September 2023 followed by 5th JCA-DCC meeting on 12 September 2023.)
-
5th SG17 meeting: Feb/Mar 2024, Malaysia (tbc)
3. Interim RGMS
7 Questions plan to hold the following 9 RGMs before next SG17 meeting:
#
|
Q/17 |
Date |
Place/Host |
Subject/objective |
1
| 2/17 | 18-19 May 2023
| Seoul, Korea
(Hosted by SCH University)
| -
To prepare texts for action in next SG17 meeting: X.5Gsec-ctrl and TR.cpn-col-sec.
- To review all work items and identify future topics for Q2/17
|
2
| 3/17
| 13 April 2023
|
e-meeting
|
|
3
| 3/17 | 13 -14 June 2023 | e-meeting | X.sup-cdc (Clause 7: Context: CDC in the bigger context of operational security)
|
4
| 4/17 | 29 June 2023 | e-meeting | - To address and discuss X.stie and X.taeii
|
5
| 10/17 | 6 June 2023 | e-meeting | - progress all the work of Q10/17
|
6
| 11/17 | 20 - 24 March 2023
| Wien, Austria | - Generic technologies (such as Directory, PKI, formal languages, object identifiers) to support secure applications.
|
7
| 13/17
| 14 - 15 June 2023
| e-meeting | - prepare the final texts for X.itssec-5, X.1373rev
- address all work items and future topics.
|
8
| 15/17 | 30
May - 1
June 2023
| Singapore
(Hosted by IMDA/NUS)
| |
| 9 | 15/17 | 7 June 2023 | e-meeting | |
Annex A
Actions taken on Recommendations, and other texts at SG17 closing plenary on 3 March 2023
a)
TAP Recommendations approved (WTSA-20 Resolution 1)
|
# |
Q |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of text |
Equivalent
e.g., ISO/IEC |
Start of work |
Timing |
1.
| 2/17 | X.1815 (X.5Gsec-ecs) | Security guidelines and requirements for IMT-2020 edge computing services | New | Feng GAO, Jae Hoon NAH, Junjie XIA, Bo YU, Xiaojun ZHUANG |
TD1015 | | 2019-01 | 2022-09 |
| 2. | 2/17 | X.1816 (X.5Gsec-ssl) | Guidelines and requirements for classifying security capabilities in IMT-2020 network slice | New | Zhiyuan HU, Li SU, Ke WANG, Bo YANG |
TD915 | | 2020-09 | 2022-09 |
| 3. | 8/17,
(14/17) | X.1411 (X.BaaS-sec) | Guidelines on blockchain as a service (BaaS) security | New | Nan MENG, Kyeong Hee OH, Zixiang WANG, Xuan ZHA |
R20 | | 2019-09 | 2022-09 |
| 4. | 8/17 | X.1644 (X.sgdc) | Security guidelines for distributed cloud | New | Mark MCFADDEN, Ye TAO, Lei XU, Laifu WANG |
R21 | | 2019-01 | 2022-09 |
| 5. | 13/17 | X.1380 (X.edr-sec) | Security guidelines for cloud-based data recorders in automotive environments | New | Sang-Woo LEE,
Seungwook PARK |
R22 | | 2018-03 | 2022-09 |
| 6. | 13/17 | X.1381 (X.eivn-sec) | Security guidelines for Ethernet-based In-Vehicle networks | New | Sang-Woo LEE, You-Sik LEE |
TD917 | | 2018-09 | 2022-09 |
| 7. | 13/17 | X.1382 (X.fstiscv) | Guidelines for sharing security threat information on connected vehicles | New | Min SHU, Wenlei WANG,
Xiaochun YUN, Yunwei ZHAO |
TD918 | | 2018-09 | 2022-09 |
| 8. | 13/17 | X.1383 (X.srcd) | Security requirements for categorized data in vehicle-to-everything (V2X) communication | New | Takamasa ISOHARA, Nan MENG, Yaping SUN, Huirong TIAN |
TD919 | | 2018-09 | 2022-09 |
| 9. | 14/17 | X.1410 (X.sa-dsm) | Security architecture for data-sharing management based on the distributed ledger technology | New | Feng GAO,
Zhiyuan HU,
Min SHU,
Yunwei ZHAO |
TD900 | | 2020-09 | 2022-09 |
b) TAP Recommendations not approved (WTSA-20 Resolution 1)
| # | Q | Acronym | Title | New / Revised | Editor(s) | Location of Text | Equivalent
e.g., ISO/IEC | Start of work | Determined | Decision |
| 1 | 6/17 | X.1353
(X.ztd-iot) | Security methodology for zero-touch deployment in massive IoT based on blockchain | New
| Xin KANG, Haiguang WANG, Weidong WANG | R18 |
| 2020-09 | 2022-09 | Re-determined (see Table c) #3 below) |
| 2 | 7/17 | X.1454 (X.sles) | Security measures for location enabled smart office service | New | Hao Dong,
Feng Gao,
Jae Hoon Nah, Junjie Xia | R19 | | 2019-09 | 2022-09 | Postponed to next SG17 meeting
|
c) TAP Recommendations determined (WTSA-20 Resolution 1)
|
# |
Q |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of Text |
Equivalent
e.g., ISO/IEC |
Start of work |
Timing |
| 1 | 2/17 | X.1817
(X.5Gsec-message) | Security requirements for 5G message service | New | Hang DONG,
Le YU,
Hongyang ZHANG
|
TD939 (A.5 in
TD934) |
| 2021-04 | 2023-03 |
| 2 | 6/17 | X.1333 Cor. 1 | Corrigendum 1 to X.1333: Security guidelines for use of remote access tools in Internet-connected control systems | New | Gunhee Lee
|
TD958 | | 2023-02 | 2023-03 |
| 3 | 6/17 | X.1353
(X.ztd-iot) | Security methodology for zero-touch deployment in massive IoT based on blockchain | New | Xin KANG, Haiguang WANG,
Weidong WANG |
TD937 | | 2020-09 | 2022-09 |
| 4 | 7/17 | X.1471
(X.websec-7) | Reference monitor for online analytics services | New | Jongyoul Park,
Junjie Xia,
Hyungjin Lim,
Jah Hoon Nah |
TD936 | | 2014-09 | 2023-03 |
| 5 | 7/17 | X.1771
(X.rdda) | Requirements for data de-identification assurance | New | Feng Gao,
I Seok Kang, Soonseok Kim,
Jihun Kim, Byunghoon Lee, Yunsik Park, Hyungjin Lim,
Heung Youl Youm |
TD1012 | | 2019-01 | 2023-03 |
| 6 | 8/17 | X.1645
(X.nssa-cc) | Requirements of network security situational awareness platform for cloud computing | New | Maofei CHEN, Huamin JIN,
Zhaoji LIN,
Laifu WANG,
Yi ZHANG |
TD965 | | 2019-09 | 2023-03 |
d)
AAP Recommendations consented (Recommendation ITU-T A.8)
|
# |
Q(1) |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of Text |
Equivalent
e.g., ISO/IEC |
Start of work |
Timing |
| 1 | 4/17 | X.1219
(ex X.arc-ev) | Functional requirements for a secured process to evaluate technical vulnerabilities | New | Wei Li,
Shan Xue,
Chen Zhang |
TD930 |
| 2019-08 | 2023-03 |
| 2 | 10/17 | X.1278.2 (X.ctap21) | Client to authenticator protocol version 2.1 | New | Abbie Barbir |
TD886 (A.5 in
TD887) | FIDO CTAP2.1 | 2022-05 | 2023-03 |
| 3 | 10/17 | X.1277.2 (X.uaf12) | Universal authentication framework version 1.2 | New | Abbie Barbir |
TD888 (A.5 in
TD889) | FIDO UAF1.2 | 2022-05 | 2023-03 |
| 4 | 14/17 | X.1412
(X.srscm-dlt) | Security Requirements for Smart Contract Management based on the distributed ledger technology | New | Kepeng Li,
Kyeong Hee Oh, Dong Bin Choi, Yang Wu, Min Shu |
TD920 | | 2020-09 | 2023-02 |
e)
Non-normative texts (Technical Report, Supplement, Implementers' Guide, etc) agreed
|
# |
Q |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of text |
Equivalent
e.g., ISO/IEC |
Start of work |
Timing |
-
| 6/17 | TR.ibc-cd | Guidelines for identity based cryptosystems used for cross-domain secure communications | New | Fuwen Liu,
Li Su,
Junzhi Yan,
Bo Yang |
TD956 | | 2021-04 | 2023-03 |
Annex B
Recommendations planned for action in SG17 Aug/Sep 2023 meeting
a)
TAP Recommendations planned for TAP approval (WTSA-20 Resolution 1)
|
# |
Q |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of Text |
Equivalent
e.g., ISO/IEC |
Start of work |
Timing |
-
| 7/17 | X.1454 (X.sles)* | Security measures for location enabled smart office services | New | Junjie Xia,
Feng Gao,
Jae Hoon Nah,
Hang Dong |
TD985 | | 2019-09 | 2022-09 |
b)
TAP Recommendations planned for TAP determination (WTSA-20 Resolution 1)
|
# |
Q(1) |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of Text |
Equivalent
e.g., ISO/IEC |
Start of work |
Timing |
| 1 | 2/17 | X.5Gsec-ctrl* | Security controls for operation and maintenance of 5G network systems | New | Ayumu KUBOTA, Koji NAKAO, Yutaka MIYAKE |
TD1016 | | 2022-09
| 2023-09
|
| 2 | 4/17 | X.spmoh* | Security framework for storage protection against malware attacks on hosts
| New | Jonghyun Woo,
Bongchan Kim
Heejun Shin
Jonghyun Kim
Sujung Park | TD929 | | 2022-05
| 2023-09 |
| 3 | 4/17 | X.sr-ctea* | Security requirements and countermeasures for targeted email attacks | New | Chunghan Kim
Jonghyun Kim
Sujung Park | TD924 | | 2022-05
| 2023-09 |
| 4 | 4/17 | X.stie* | Structured Threat Information Expression | New | Michael ROSA, Duncan SPARRELL |
TD972 | OASIS STIX Version 2.1 | 2022-09 | 2023-09 |
| 5 | 4/17 | X.taeii* | Trusted Automated Exchange of Intelligence Informa | New | Michael ROSA, Duncan SPARRELL
|
TD971 | OASIS TAXII Version 2.1 | 2022-09 | 2023-09 |
| 6 | 6/17 | X.sc-iot* | Security Controls for Internet of Things (IoT) systems | New | Koji Nakao,
Liu Lijun
|
TD1032 | | 2018-09 | 2023-09 |
| 7 | 10/17 | X.oob-sa* | Framework for out-of-band server authentication using mobile devices | New | Il Jin JUNG,
Sujung PARK, Heejun SHIN, Jonghyun WOO |
TD1044 | | 2022-01
| 2023-09
|
| 8 | 13/17 | X.itssec-5* | Security guidelines for vehicular edge computing | New | Sang-Woo Lee |
TD981 | | 2017-09 | 2023-09 |
| 9 | 13/17 | X.1373rev* | Secure software update capability for intelligent transportation system communication devices | Revised | Koji Nakao,
Sang-Woo Lee,
Aram Cho,
Seungwook Park |
TD997 | | 2018-08 | 2023-09 |
Notes:
(1) In case of joint Question activity, the lead Question is given without parentheses and other Questions are shown in parentheses; such entries are only shown in the table against the lead Question.
c)
AAP Recommendations planned for AAP consent (Recommendation ITU-T A.8)
|
# |
Q(1) |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of Text |
Equivalent
e.g., ISO/IEC |
Start of work |
Timing |
| 1 | 7/17 | X.1144rev | The revision of eXtensible Access Control Markup Language (XACML) 3.0 | Rev | Jae Hoon NAH,
Duncan Sparrell |
TD1033 | | 2020-03 | 2023-09 |
| 2 | 7/17 | X.guide-cdd | Security guidelines for combining de-identified data using trusted third party | New | Heung Youl Youm, Sungchae Park,
Jae Nam Ko |
TD978 | | 2021-04 | 2023-09 |
| 3 | 7/17 | X.saf-dfs | Security assurance framework for digital financial services | New | Jacques Francoeur, Jun Hyung Park, Sungchae Park, Heung Youl Youm |
TD966 | | 2021-08 | 2023-09 |
| 4 | 7/17 | X.scpa | Security measures for Countering Password Related Online Attacks | New | Hang Dong,
Qin Qiu, Lijun Liu,
Jung Yeon Hwang,
Feng Gao,
Jae Hoon Nah |
TD1056 | | 2019-08 | 2023-09 |
| 5 | 10/17 | X.pet-auth | Entity authentication service for pet animals using telebiometrics | New | Jae-Sung (Jason) Kim, Taeheon Kim |
TD944 | | 2020-03 | 2023-09 |
| 6 | 10/17 | X.osia | Open Standard Identity APIs (OSIA) specification version 6.1.0 | New | Abbie Barbir |
TD703 | | 2023-03 | 2023-09 |
| 7 | 11/17 | X.508
(X.pki-em) | Public-key infrastructure: Establishment and maintenance | New | Erik Andersen |
TD955 | ISO/IEC 9594-12 | 2012-08 | 2023-09 |
| 8 | 11/17 | X.510 Amd.1 | Information technology – Open Systems Interconnection – The Directory: Protocol specifications for secure operations | New | Erik Andersen |
TD954 | ISO/IEC 9594-11 | 2020-08 | 2023-09 |
| 9 | 15/17 | X.sec-QKDN-tn | Security requirements and designs for quantum key distribution networks - trusted node | New | Qiang Huang, Minghan Li,
Jiajun Ma, Hao Qin |
TD1021 | | 2019-08 | 2023-09 |
d)
Non-normative texts (Technical Report, Supplement, Implementers' Guide, etc) planned for agreement
|
# |
Q |
Acronym |
Title |
New / Revised |
Editor(s) |
Location of text |
Start of work |
Timing |
| 1. | 2/17 | TR.cpn-col-sec | Technical Report: Security consideration of collaboration of multiple computing power networks | New | Xiongwei Jia,
Zhaoji Lin,
Keng Li,
Yuwei Wang |
TD960 | 2022-05 | 2023-09 |
| 2. | 6/17 | TR.ba-iot | Technical Report: Broadcast authentication schemes for IoT system | New | Koji Nakao |
TD977 | 2022-05 | 2023-09 |
| 3. | 7/17 | TR.sgfdm | Technical Report: FHE-based data collaboration in machine learning | New | Jihoon Cho, Jae Hoon Nah, Donggeon Yhee |
TD1035 | 2020-03 | 2023-09 |
| 4. | 14/17 | TR.qs-dlt | Technical Report: Guidelines for quantum-safe DLT system | New | Fuwen Liu, Ke Wang, Bo Yang, Heung Youl Youm |
TD938 | 2020-09 | 2023-09 |
| 5. | 15/17 | TP.inno-2.0 | Technical Paper: Description of the incubation mechanism and ways to improve it | Rev | Arnaud Taddei |
TD991 | 2023.02 | 2023-09 |
Annex C
New work items
The following new work items were agreed to be added to the SG17 Work Programme:
|
# |
Question |
NWI |
Approval |
TD |
Title |
C |
| 1. | 1/17 | TR.SUSSrev | Agreement |
TD1040 | Successful use of security standards |
|
| 2. | 4/17 | TR.verm* | Agreement |
TD1002 | Technical Report: Framework for Verification of Messages |
C210 |
| 3. | 4/17 | X.st-ssc* | TAP |
TD980 | Security threats of software supply chain |
C239 |
| 4. | 6/17 | X.mt-integrity* | TAP |
TD983 | Security guidelines for mobile terminal integrity protection |
C273 |
| 5. | 6/17 | X.mt-feature* | TAP |
TD984 | Security features to assess mobile terminal security |
C226 |
| 6. | 6/17 | X.suppl.tig-iotsec** | Agreement |
TD950 | Supplement to X.1352 (X.suppl.tig-iotsec) “Technical Implementation guidelines for IoT devices and gateway" |
C240 |
| 7. | 7/17 | X.srgsc* | TAP |
TD942 | Security Requirements and guidelines of application and service for smart city platform |
C280 |
| 8. | 8/17 | X.asm-cc* | TAP |
TD988 | Requirements of Attack Surface Management for cloud computing |
C287 |
| 9. | 8/17 | X.sfrms* | TAP |
TD996 | Security framework and requirements of microservice for cloud computing using container technology |
C274 |
| 10. | 10/17 | X.bvm | AAP |
TD1014 | Requirements for biometric variability management |
C253 |
| 11. | 10/17 | X.osia | AAP |
TD1036 | Open Standards Identity APIs (OSIA) version 6.1.0 |
TD703 |
| 12. | 11/17 | X.jss | AAP |
TD925 | JSON Signature Scheme (JSS) |
C217 |
| 13. | 11/17 | X.509 Cor.2
| AAP |
TD949
| Technical Corrigendum to X.509: LDAP schema for attribute certificates |
TD874 |
| 14. | 13/17 | X.ota-sec | AAP |
TD1010 | Implementation and evaluation of security functions to support over-the-air (OTA) update capability in connected vehicles |
C250 |
| 15. | 14/17 | X.DLT-ccs-fr | AAP |
TD962 | Security requirements and framework of cross-chain service for DLT systems |
C277 |
| 16. | 15/17 | TR.hyb-qsafe** | Agreement |
TD1020 | Technical Report: Overview of key management of hybrid approaches for quantum-safe communications |
C256 |
| 17. | 15/17 | X.sec_ QKD_profr | AAP |
TD1019 | Framework of quantum key distribution (QKD) protocols in QKD network |
C269, C321
|
| 18. | 15/17 | TP.inno-2.0** | Agreement |
TD991 | Technical Paper: Description of the incubation mechanism and ways to improve it |
C216 |
| 19. | 15/17 | X.dtns | AAP |
TD995 | Guidelines of using digital twin of network for network security |
C303 |
| 20. | 15/17 | X.gcspcc* | TAP |
TD964 | Guidelines of developing of cybersecurity simulation platform based on cloud computing |
C314 |
| 21. | 15/17 | X.SecaaS | AAP |
TD970 | Security threats to be identified in the domain of security as a service |
C299 |
| 22. | 15/17 | X.so-sap | AAP |
TD941 | Guidelines for security orchestration of service access process |
C302 |
| 23. | 15/17 | TR.srsec** | Agreement |
TD1007 | Technical Report: Security aspects of segment routing IPv6 for the convergence of computing and network for telecommunication operators |
C286 |
Annex D
Discontinued work items
|
Question |
Acronym |
Title |
| 8/17 | X.sr-cphr | Security requirements for cloud-based platform to support low latency and high reliability application scenarios |
Annex E
SG17 meeting statistics
· Participants (TD677R1)
|
|
participants |
countries |
Member States |
Sector Members |
SG17 Associates |
Academia |
Invited Experts |
| Announced | 332 | 58 | 48 |
| | | |
|
Final |
325 |
54 |
48 |
30 |
2 |
4 |
13 |
· Meeting input and organization
Table of SG17 statistics of this and some past meetings
| 2023-03
| 2022-09 | 2022-05* |
C | 119 | 104 | 101 |
LS/i | 70
| 55 | 72 |
LS/o | 23
| 20 | 20 |
TD | 394
| 342 | 331 |
Note * - fully virtual meeting
·
Contributions:
119 – steady increasing, DDP: 98%.
- APT 100.5 (84%) (= China 46.5 + Korea 39 + Japan 10 + India 3 + Singapore 1 + Malaysia 1)
- Americas 14 (12%)) (= US 4)
- AFR 2 (Mali, Ghana)
- EUR 1.5 (= UK 1.5)
- RCC 1 (= Russia 1)
- LAM (0), ARAB (0).
- incoming
61 - stable
- Outgoing
24 - stable
·
TDs:
394 – higher than normal
