Introduction of ITU-T Study Group 17 Security for ITS perspective

Transcription

1 Introduction of ITU-T Study Group 17 Security for ITS perspective (Primary focus in SG17 is to build confidence and security in the use of Information and Communication Technologies (ICTs)) July 29, 2015 Koji Nakao ITU-T SG17 vice-chair

2 Study Group 17 is the Lead Study Group on: Security Identity management (IdM) Languages and description techniques A study group may be designated by WTSA or TSAG as the lead study group for ITU-T studies forming a defined programme of work involving a number of study groups. This lead study group is responsible for the study of the appropriate core Questions. In addition, in consultation with the relevant study groups and in collaboration, where appropriate, with other standards bodies, the lead study group has the responsibility to define and maintain the overall framework and to coordinate, assign (recognizing the mandates of the study groups) and prioritize the studies to be carried out by the study groups, and to ensure the preparation of consistent, complete and timely Recommendations. * Extracted from WTSA-12 Resolution 1 2/89

3 SG17, Security Study Group 17 WP 1/17 Fundamental security WP 2/17 Network and information security WP 3/17 IdM + Cloud computing security WP 4/17 Application security WP 5/17 Formal languages Q1/17 Telecom./ICT security coordination Q4/17 Cybersecurity Q8/17 Cloud Computing Security Q6/17 Ubiquitous services Q11/17 Directory, PKI, PMI, ODP, ASN.1, OID, OSI Q2/17 Security architecture and framework Q5/17 Countering spam Q10/17 IdM Q7/17 Applications Q12/17 Languages + Testing Q3/17 Q9/17 ISM Telebiometrics 3/89

4 SG17 Management Team Chairman Arkadiy KREMER Russian Federation Vice- Chairmen Khalid BELHOUL Mohamed M.K. ELHAJ Antonio GUIMARAES George LIN Patrick MWESIGWA Koji NAKAO Mario FROMOW RANGEL Sacid SARIKAYA Heung Youl YOUM United Arab Emirates Sudan Brazil P.R. China Uganda Japan Mexico Turkey Korea (Republic of) 4/89

5 Working Party 1/17 Fundamental security Chairman: Koji NAKAO Q1/17 Telecommunication/ICT security coordination Q2/17 Security architecture and framework Q3/17 Telecommunication information security management 5/89

6 Working Party 2/17 Network and information security Chairman: Sacid SARIKAYA Q4/17 Cybersecurity Q5/17 Countering spam by technical means 6/89

7 Working Party 3/17 Identity management and cloud computing security Q8/17 Cloud computing security Q10/17 Identity management architecture and mechanisms 7/89

8 Working Party 4/17 Application Security Q6/17 Security aspects of ubiquitous telecommunication services Q7/17 Secure application services Q9/17 Telebiometrics 8/89

9 Question 6/17 Security aspects of ubiquitous telecommunication services Responsible for multicast security, home network security, mobile security, networked ID security, IPTV security, ubiquitous sensor network security, intelligent transport system security, and smart grid security 13 Recommendations approved in last study period. 1 Recommendation and 1 Supplement approved in this study period. Recommendations currently under study include: X.msec-7, Guidelines on the management of infected terminals in mobile networks X.msec-8, Secure application distribution framework for communication devices X.sgsec-1, Security functional architecture for smart grid services using telecommunication network X.unsec-1, Security requirements and framework of ubiquitous networking X.itssec-1, Secure Software Update for ITS communications devices X.itssec-2. Security Guidelines for V2X communication systems Close relationship with JCA-IPTV and ISO/IEC JTC 1/SC 6/WG 7 Close relationship with SG16 Question 27 on ITS security Rapporteur: Jonghyun BAEK 9/89

10 Scope of the Recommendation X.itssec-1 Functionality of Server! Stored Data Definition Auth info Log Audit With considerations of privacy concerns Communication protocol! Between Car and Manufacturer / Garage! Encryption! Authentication Functionality of Head Unit! Status check of ECUs! Log collection! In-car diagnosis function Diagnosis of on-board devices! Status check of ECUs! Log collection! Verification of update module Aftermarket Information Device On-board Information Device Car Manufacturer / Garage center Power Management Control ECU Seat Belt Control ECU Driving Support ECU Supplier Communication Path Update Server / log database Communication Path Vehicle Mobile Gateway Parking Assist ECU Skid Control ECU etc., 10

11 Model data flow of remote software update Supplier..... Vehicle mobile gateway Update Server at Car Manufacturer.. ECU (VMG) User Interface 1. Supplier provides an update module to a car update manufacturer. request 2. Vehicle mobile gateway requests ECUs to diagnose themselves and submit their software list. list 3. ECUs generate a software list and submit it to the Vehicle mobile gateway. report 4. The vehicle mobile gateway gathers the lists of software and submit them to update server. receipt 5. Update server issues a receipt of the software list for vehicle mobile gateway. 6. Update server determines necessary software modules for each ECU. request 7. After a certain period of time, the vehicle mobile gateway requests update modules for the vehicle. update 8. Update software modules are delivered to vehicle mobile gateway. notification 9. The gateway pushes a notification to a user interface. confirmation 10. The car owner confirms to apply the update via the user interface. update update 11. Vehicle mobile gateway delivers the updates to corresponding ECUs and request them to apply the updates. 12. Each ECU applies the update and reports the application result to the vehicle mobile gateway. update 13. Finally the vehicle mobile gateway submits a report of application results to the update server. receipt 14. Finally the vehicle mobile gateway submits a report of application results to the update server. 11

12 Structure of the Recommendation X.itssec-1 6. Basic model of remote software update 6.1. Modules of ITS environment for software update 6.2. Model of software update process 7. Threats and Risk analysis and Security Objectives 7.1. Definition of Target System of Evaluation 7.2. Identification of threats 7.3. Risk analysis 7.4. Security Objectives 8. Functional requirements for the secure software update 8.1. Countermeasures against each identified threat (T.1-1 ~ T.11-6) 8.2. Recommended architecture of secure software update (P.1-1 ~ P.11-6) 9. How to utilize this Recommendation 9.1. Example of protocol specification 12

13 Working Party 5/17 Formal languages Chairman: George LIN Q11/17 Generic technologies to support secure applications Q12/17 Formal languages for telecommunication software and testing 13/89

14 Security Coordination Security activities in other ITU-T Study Groups ITU-T SG2 Operational aspects & TMN International Emergency Preference Scheme, ETS/TDR Disaster Relief Systems, Network Resilience and Recovery Network and service operations and maintenance procedures, E.408 TMN security, TMN PKI, ITU-T SG5 Environment and climate change protection from lightning damage, from Electromagnetic Compatibility (EMC) issues and also the effects of High-Altitude Electromagnetic Pulse (HEMP) and High Power Electromagnetic (HPEM) attack and Intentional Electromagnetic Interference (IEMI) ITU-T SG9 Integrated broadband cable and TV Conditional access, copy protection, HDLC privacy, DOCSIS privacy/security IPCablecom 2 (IMS w. security), MediaHomeNet security gateway, DRM, ITU-T SG11 Signaling Protocols and Testing EAP-AKA for NGN methodology for security testing and test specification related to security testing ITU-T SG13 Future networks including cloud computing, mobile, NGN, SDN Security and identity management in evolving managed networks Deep packet inspection ITU-T SG15 Networks and infrastructures for transport, access and home Reliability, availability, Ethernet/MPLS protection switching ITU-T SG16 Multimedia Secure VoIP and multimedia security (H.233, H.234, H.235, H.323, JPEG2000) (especially for ITS security) 14/89

15 Coordination with other bodies Study Group 17 ITU-D, ITU-R, xyz 15/89

16 Reference links Webpage for ITU-T Study Group 17 Webpage on ICT security standard roadmap Webpage on ICT cybersecurity organizations Webpage for JCA on identity management Webpage for JCA on child online protection Webpage on lead study group on security Webpage on lead study group on identity management Webpage on lead study group on languages and description techniques ITU Security Manual: Security in Telecommunications and Information Technology 16/89

17 ITU-T SG 17 Security Workshop (15 th -16 th September, 2014 at Geneva) Structure of Sessions Opening Session (by George Lin) Session 1 (by Patrick Mwesigwa) - ICT infrastructure development, new security threats and countermeasures Session 2 (by Koji Nakao) - End user security round table from both public and private sectors (ITS sector, Health sector, Mobile-banking, ITU-D sector, and Ted) Session 3 (by Sacid Sarikaya) - Cybersecurity and data protection Session 4 (by Antonio Guimaraes) - ICT role in critical infrastructure protection May

18 Structure of Sessions (cont.) Session 5 (by Heung Youl Youm) - Trust services and cloud security Session 6 (by Herb Bertine) - Security standardization challenges 1) ISO/IEC JTC1/SC27 - Walter Fumy, chairman of SC27 2) OASIS - Abbie Barbir to advise on appropriate representative to ask 3) ETSI - Charles Brookson, chairman of new ETSI TC CYBER Technical Committee 4) CSA (Cloud Security Alliance) - Andreas Fuchsberger and Eric A. Hibbard are cochairmen of its International Standardization Council (ISC) 5) 3GPP SA3 - Anand Prasad is chairman 6) RAISE Forum - Koji Nakao is co-chairman 7) CTO (Commonwealth Telecommunication Organization) cybersecurity initiatives 8) Q1/17 representative (Hua Jiang) May

19 Future plan for SG17 and ITS standardization on X.itssec-1 Next ITU-T SG 17 meeting September 8 19, 2015 in Geneva Next Interim meeting on Q6/17 for ITS security December 2015 maybe in Seoul (Date is not fixed) By the middle of August 2015: a Stable Draft will be submitted to ITU-T SG17 for considerations in SG17; After the next SG17, the agreed draft text will be asked to review by related stakeholders on ITS in order to obtain the nearly final text on this Recommendation May