International Telecommunication Union ICT Security Role in National Trusted Identities Initiatives Abbie Barbir, PhD ITU-T Study Group 17 Identity Management.

Slides:



Advertisements
Similar presentations
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Advertisements

Trust Elevation through Contextual Authentication Regional Arab Forum on Cybersecurity Giza (Smart Village)-Egypt, December 2011 Abbie Barbir,
Electronic commerce EDI (8 decade) – base of EC – “Netscape” – propose SSL (Secure Sockets Layer) 1995 – “Amazon.com” “eBay.com” 1998 – DSL (Digital.
Cloud computing security related works in ITU-T SG17
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
International Telecommunication Union An Emerging Global Convergence on Identity Management Tony Rutkowski mailto: Vice President,
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Standards for Shared ICT Jeju, 13 – 16 May 2013 Gale Lightfoot Senior Staff Program Manager, Office of the CTO, SPB Cisco ATIS Cybersecurity Standards.
Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.
DOCUMENT #:GSC15-GTSC-05 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:4.1 NGN, Testing specification and Beyond Chaesub.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
DOCUMENT #:GSC15-PLEN-29 FOR:Presentation or Information SOURCE:ITU-T AGENDA ITEM:6.4 Identity Management Jianyong.
DOCUMENT #:GSC15-PLEN-29 FOR:Presentation or Information SOURCE:ITU-T AGENDA ITEM:6.4 Identity Management Jianyong.
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant and Naomi.
1 National Strategy for Trusted Identities in Cyberspace Identity in Cyberspace: Improving Trust via Public-Private Partnerships Jeremy Grant Senior Executive.
1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.
ITU-T Focus Group on Digital Financial Services 1st Athens Digital Payments Summit Athens, Greece 30 September 2015 Hiroshi Ota, Study Group Advisor, ITU.
International Telecommunication Union Eighth Global Standards Collaboration (GSC) Meeting - Ottawa, Canada, 27 April-1 May 2003 Security Standardization.
JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 Identity Management Anthony M. Rutkowski V-P, Regulatory Affairs and Standards VeriSign,
1 GSC: Standardization Advancing Global Communications ISACC Opening Plenary Presentation GSC-11 SOURCE:ISACC TITLE:ISACC Opening Plenary Presentation.
1 International Telecommunication Union ITU CHALLENGES AND RESPONSES (Fabio Bigi – TSB Deputy Director) (
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
International Telecommunication Union Accra, Ghana, June 2009 AN AFRICAN VIEW ON THE OUTCOMES OF WTSA-08 Joshua Peprah Director, Regulatory Administration,
Geneva, Switzerland, September 2014 ITU-T SG 17 Identity management (IdM) Progress Report Abbie Barbir Ph.D., ITU-T Study Group 17 Q10/17 (Identity.
Fostering worldwide interoperabilityGeneva, July 2009 IdM and Identification Systems Arkadiy Kremer ITU-T SG 17 Chairman Global Standards Collaboration.
International Telecommunication Union Accra, Ghana, June 2009 Telecommunication Security Standardization in ITU-T SG 17 Georges Sebek, ITU/TSB ITU.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.
1 IoT for Smart Cities Where we are at and where we could be Olga Cavalli CCAT LAT Argentina Forum on "Powering Smart Sustainable Cities With the Internet.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Jeju Island, Korea, 13 – 16 May 2013Identity Management and Identification Systems GSC17-PLEN-43 ITU-T IDENTITY MANAGEMENT UPDATE Bilel Jamoussi, Chief,
Fostering worldwide interoperabilityGeneva, July 2009 ITU-T Telecom Security Update Arkadiy Kremer ITU-T SG 17 Chairman Global Standards Collaboration.
ITU - Empowering global ICT development Malcolm Johnson DOCUMENT #:GSC13-PLEN-44 FOR:Presentation SOURCE:ITU AGENDA ITEM:Opening Plenary, 4.6 CONTACT(S):Malcolm.
ITU-T Activities in Bridging The Standardization Gap Vijay Mauree Programme Coordinator, TSB ITU ITU Regional Standardization Forum for Asia-Pacific (Jakarta,
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016.
Trust in Trust Frameworks, the missing link  Abbie Barbir, Ph.D  OASIS Board of Directors,
Overview of ITU, ITU-T and ITU-T Study Group 17 Odessa, Ukraine, June 2016 Martin Euchner Adviser, ITU-T ITU Regional Workshop for the CIS countries.
Inter-American Telecommunication Commission
Broadband Challenges 2017 Christopher Tamarin
Inter-American Telecommunication Commission
Identity on the Internet
Higher Education’s Role in the Identity Ecosystem
Federated IdM Across Heterogeneous Clouding Environment
HOSTED BY IN PARTNERSHIP WITH SUPPORTED BY Barcelona iCapital 2015.
Standards for success in city IT and construction projects
The ITU-T SG 17 Q10/17 IdM standardization activity
ITU Regional Standardization Forum For Arab Region SESSION 1 10:30-11:05 Introduction to ITU-T Standardization Process.
E-Commerce for Developing Countries (EC-DC)
IP and NGN Projects in ITU-T Jean-Yves Cochennec France Telecom SG13 Vice Chair Workshop on Satellites in IP and Multimedia - Geneva, 9-11 December 2002.
Sameer Sharma, ITU 7 August, 2018 Dhaka, Bangladesh.
ITU Overview Empowering global ICT development Malcolm Johnson
ITU-T SG17 Q.3 Telecommunication information security management
ITU-T Study Group 17 Security
Martin Euchner, Advisor, ITU-T Study Group 17
Reinhard Scholl, GTSC-7 Chairman
Reiniger LLC.
National Strategy for Trusted Identities in Cyberspace
ITU-T activity in ICT security
Jeremy Grant Coordinator Better Identity Coalition
Collaborative regulation in the digital economy
Presentation transcript:

International Telecommunication Union ICT Security Role in National Trusted Identities Initiatives Abbie Barbir, PhD ITU-T Study Group 17 Identity Management Rapporteur

May 2004 ITU-T Geneva

3 ITU-T Objectives History Established 17 May 1865 Decisions by consensus (voting almost never occurs) Participation through national Government channels Telecom does not mean that focus is only on Telecom Objectives Develop and publish standards for global ICT interoperability Identify areas for future standardization Provide an effective forum for the development of international standards Disseminate information and knowhow Cooperate and collaborate ITU-T Key Features Truly global public/private partnership 95% of work is done by private sector Continuously adapting to market needs Pre-eminent global ICT standards body

4 Study groups ( ) SG 2Operational aspects of service provision and telecommunications management SG 3 Tariff & accounting principles including related telecommunication economic & policy issues SG 5Environment and climate change SG 9Television and sound transmission and integrated broadband cable networks SG 11Signalling requirements, protocols and test specifications SG 12Performance, QoS and QoE SG 13Future networks including mobile and NGN SG 15Optical transport networks and access network infrastructures SG 16Multimedia coding, systems and applications SG 17 Lead study group on telecom security, identity management (IdM) and languages

5 SG 17 structure WP 1WP 2WP 3 Network and information security Application security Identity management and languages Q10 IdM Q11 Directory Q12 ASN.1, OID Q13 Languages Q14 Testing Q15 OSI Q8 SOA Q9 Telebiometrics Q7 Applications Q6 Ubiquitous services Security project Q1 Q2 Architecture Q3 ISM Q4 Cybersecurity Q5 Countering spam

6 Identity management (IdM) (Q10/17) Motovtaion IdM is a security enabler by providing trust in the identity of both parties to an e-transaction Provides network operators opportunity to increase revenues through advanced identity-based services Focus on global trust and interoperability Leveraging and bridging existing solutions Current Recommendations o Identity management X Baseline capabilities for enhanced global identity management trust and interoperability X A framework for user control of digital identity X Baseline identity management terms and definitions X.1253 (X.idmsg), Security guidelines for identity management systems X.eaa/ISO 29115, Entity authentication assurance framework X.atag, Attribute aggregation framework X.authi, Guideline to implement the authentication integration of the network layer and the service layer X.discovery. Discovery of identity management information X.giim, Mechanisms to support interoperability across different IdM services X.idmcc, Requirement of IdM in cloud computing X.idmgen, Generic identity management framework X.idm-ifa, Framework architecture for interoperable identity management systems X.mob-id, Baseline capabilities and mechanisms of identity management for mobile applications and environment X.oitf, Open identity trust framework X.priva, Criteria for assessing the level of protection for personally identifiable information in identity management Working with OASIS SAML 2.0 and XACML and their equivalent ITU-T Recommendations

7 ITU-T Joint coordination activity in IdM JCA-IdM Q10/17 Coordination and collaboration on identity management

Q10/17 Future direction-Identity management o Interoperability of identity management X.giim, Generic IdM interoperability mechanisms X.idm-ifa, Framework architecture for interoperable identity management systems X.1250, Baseline capabilities for enhanced global identity management trust and interoperability o Trust of identity management X.authi, Authentication integration in IDM X.EVcert, Extended validation certificate X.eaa, Information technology – Security techniques – Entity authentication assurance X. OITF, Open identity trust framework o Discovery of of identity management information X.discovery, Discovery of identity management information o protection of personally identifiable information X.1275, Guidelines on protection of personally identifiable information in the application of RFID technology X.priva, Criteria for assessing the level of protection for personally identifiable information in identity management

Role of ICT in Trusted Identities What is NSTIC? o National Strategy for Trusted Identities in Cyberspace o Called for in President’s Cyberspace Policy Review (May2009) Guiding Principles Privacy Enhancing and Voluntary Secure and Resilient Interoperable Cost Effective Easy To Use o Promotes the development of an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities 9

NSTIC Main Drivers Usernames and passwords are broken People have many different passwords Password reused Strong passwords vulnerable o Identity Theft on the rise Large increase in financial institution Suspicious Activities $17.3 billion estimated cost to economy over 2 years (BJS,2008) o Cybercrime is on the rise Phishing continues to rise, with attacks becoming more sophisticated Main issue How to verify the Carbon entity on the other end of an online transactions Identities are difficult to verify over the internet Problem is more complicated in North America due to the lack of a government based national identity system Privacy remains a challenge o Individuals often are asked more personally identifiable information (PII) than that is needed o PII data is not well protected o No practical means for Individuals to control use of their PII data 10

Characteristics of the Identity Ecosystem Led by the private sector Enable participating consumers to: Acquire a single digital credential for wide use by many relying parties The ability to choose among a diverse market of credential providers use their credential when needed and remain anonymous when desired Enhances privacy through: “need-to-know” restrictions reduced identity theft reduced instances of sensitive information sharing

NISTIC Current Approach Private sector will lead the effort NSTIC is not a government run program Industry is to drive technologies and solutions Industry is best qualified to identify barriers and solutions Government provide support Working on a private sector led governance model Lead development of interoperable standards by example Provide clarity on national policy and legal framework around liability and privacy Act as an early adopter to simulate demand 12

Towards Digital Trust Enterprise Level o Major North American Telco are working on providing Identity Authentication Assurance services to the enterprise o Explosion of Mobile Smart Devices adoption is the Main Deriver o Services includes up to LOA 3 Assurance services include the use of context based identity authentication Use many forms of authentication (OTP, SMS, etc..) Some issues to consider How to ensure Subscriber versus a specific user authentication/identification How can the device be identified and tied to a particular user with the context of a given transaction. How to integrate browser based interaction and native application (they can use different technologies)

Device Identifications From Smart Device perspectives Cookie are increasingly becoming obsolete for device and user identification IP address is not reliable Different Approaches are used Identification in Browser based technologies (SAML, OpenID) is different from Native Application (Aouth2.0 and OpenID connect) Standards are needed Need to move towards interoperable cookie-less device independent identification methods in order to prevent fraud in financial transactions Support for cloud based interactions Support for interoperable token based services 14

Conclusions o Collaboration between Telco, financial with public and private institutions can play key role in enhancing Cybersecurity and enabling of chain of online trust o Value transactions are widely identity based, the key is how to enable Identity based interactions while protecting privacy (PII) o Isolation of Issuer and target Identity o Enable the right to forget o Identity dashboard for user to keep control identity o Enable audit, enforcement and policy enforcement o Transparent transaction message security o … and yes …Simple to use system

Q&A