International Telecommunication Union Confidence & security in the use of ICT Malaysia, 21 August 2003 ICT Security - The Need for International Standards.

Slides:



Advertisements
Similar presentations
Computer Concepts – Illustrated 8th edition
Advertisements

Computer Networks TCP/IP Protocol Suite.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
International Telecommunication Union Plenary Session on ITU-T Standards 15th Biennial TDI International Conference – Las Vegas, Nevada, USA Total Conversation.
Thema: Menü Ansicht, Master, Folien-Master 1 ITU - IP Telephony Workshop June Standards for IP-telephony P.A.Probst, External Relations Swisscom.
Tutorial for leadership teams of ITU-T study groups, TSAG, tariff groups and focus groups Standard Communications Toby Johnson Communications Officer,
ATU-ITU|TATU-ITU|T Preparing for WTSA Issues on SG Structure Gary Fishman ITU-T TSAG Chairman Preparatory Meeting for Africa for WTSA-04 Victoria Falls,
Contact: African Region Involvement in ITU-T Activities and Africa’s Participation in WTSA 12 Raynold C. Mfungahema Contact:
International Telecommunication Union Preparatory Meeting of African Countries for WTSA-04 Victoria Falls, Zimbabwe, June 2004 Numbering, naming,
Joint UNCTAD-ITU-UNESCAP Workshop Information Society Measurements in Asia-Pacific Bangkok, July 2006 Ms. Esperanza C. Magpantay Statistician Market,
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.
International Telecommunication Union TSAG Newbie Session, July 2004 TSAG Newbie Session TSAG Chairman
Committed to connecting the world WELCOME TO ITU-T 1.
International Telecommunication Union ITU-T Seminar – Madrid, December 2002 Main standardization areas Gary Fishman ITU-T Telecommunication Standardization.
Interoperability, why it is important Dr. Ghassem Koleyni FORUM ON NEXT GENERATION STANDARDIZATION (Colombo, Sri Lanka, 7-10 April 2009) Colombo, Sri Lanka,
International Telecommunication Union ITU-T Seminar – Lisbon, 25 June 2002 ITU-T Activities Greg Jones ITU Telecommunication Standardization Sector (ITU-T)
ITU-T Study Group 13 Structure and Responsibilities Brian Moore Study Group 13 Chairman Lucent Technologies.
ITU-T ITU-T Standardization Areas Tatiana Kurakova, Telecommunication Standardization Sector Engineer 7 October 2003, Tashkent.
ITU-T Workshop on Security : ITU-T Special Study Group on IMT-2000 and Beyond John VisserKrishna Sirohi ChairmanVice-Chairman SSG IMT-2000 and Beyond Tel
International Telecommunication Union ITU-T Seminar – Lisbon, 25 June 2002 ITU-T Activities on Security Greg Jones ITU Telecommunication Standardization.
ITU-D STUDY GROUPS A unique and neutral worldwide Forum where developed and developing countries meet to study through Questions matters of priority to.
1 Importance and challenges of measuring the information society: ITU and Partnership advances and perspectives Vanessa Gray Market, Economics, Finance.
1 ITU Interconnection Workshop 17 August 2001 Role of the Regulator K S Wong Office of the Telecommunications Authority Hong Kong, China.
Joint ITU/ECA Regional Workshop on Information and Communication Technologies (ICT) Indicators Gaborone, Botswana October 2004
19/04/2001 Abossé AKUE-KPAKPO TOGO TELECOM 1 Abossé AKUE-KPAKPO Telecommunication Manager Chief, Internet and Business Services Division Tel. : (228) 21.
Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.
Module N° 7 – Introduction to SMS
Computer Security CIS326 Dr Rachel Shipsey.
Communicating over the Network
1 Chapter One Introduction to Computer Networks and Data Communications.
EMS Checklist (ISO model)
Effectively applying ISO9001:2000 clauses 6 and 7.
Chapter 1: Introduction to Scaling Networks
IP Multicast Information management 2 Groep T Leuven – Information department 2/14 Agenda •Why IP Multicast ? •Multicast fundamentals •Intradomain.
United Nations Economic Commission for Europe Transport Division United Nations Economic Commission for Europe Transport Division ITU - Inland Transport.
Maputo, Mozambique, April 2014 Standardization activities on optical access transport systems in ITU-T SG15 Hiroshi OTA Study Group Engineer, ITU/TSB.
WORKSHOP ON SATELLITES IN IP & MULTIMEDIA Geneva, 9-11 December 2002 Contribution of Mr. Ahmed Toumi Director General & CEO International Telecommunications.
Purple Market Research at INSIGHT 2006 November 2006 OLD MEETS NEW : using the Delphi Method to research the latest technology.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Registry system data exchange General design requirements Pre-sessional Consultations on Registries 19 October 2002 New Delhi, India UNFCCC secretariat.
TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.
Cloud computing security related works in ITU-T SG17
DOCUMENT #:GSC15-IPR-03 FOR:Presentation SOURCE:ITU AGENDA ITEM:4 IPR issues and ITU’s standardization activities Antoine.
Security Controls – What Works
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Week 1 Things you want to know. Week 1 This is a series of things you want to know as you walk away from the course. What elements make up a communication.
Telecommunication and Networks
The need for further standards and technical developments Brian Moore ITU-T Study Group 13 Chairman Lucent Technologies.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
International Telecommunication Union eInfrastructures Open Workshop (Internet & Grids), 15 April 2004) What ITU-T can do for GRIDs – or ITU-T in an 8-minute.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
International Telecommunication Union Eighth Global Standards Collaboration (GSC) Meeting - Ottawa, Canada, 27 April-1 May 2003 Security Standardization.
Geneva, Switzerland, 13 July 2013 Welcome Stephen J. Trowbridge, Chairman, ITU-T Study Group 15 Joint IEEE-SA and ITU Workshop on Ethernet.
1 International Telecommunication Union ITU CHALLENGES AND RESPONSES (Fabio Bigi – TSB Deputy Director) (
Mr. Cleveland Thomas Vice Chairman Working Party 2/3 Study Group 3 ITU-T.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
ITU-T Activities in Bridging The Standardization Gap Vijay Mauree Programme Coordinator, TSB ITU ITU Regional Standardization Forum for Asia-Pacific (Jakarta,
International Telecommunication Union 5th Annual Meeting for Telecom Development Beirut, May 2003 ITU-T standardization directions Greg Jones ITU.
Inter-American Telecommunication Commission
Inter-American Telecommunication Commission
ITU Telecommunication Standardization Sector (ITU-T)
Independent Telecommunications Consultant
ITU-T – ITS PROCESS, PRODUCTS AND SERVICES
ITU-T Products & Services
IP and NGN Projects in ITU-T Jean-Yves Cochennec France Telecom SG13 Vice Chair Workshop on Satellites in IP and Multimedia - Geneva, 9-11 December 2002.
Stephen J. Trowbridge, Chairman, ITU-T Study Group 15
Presentation transcript:

International Telecommunication Union Confidence & security in the use of ICT Malaysia, 21 August 2003 ICT Security - The Need for International Standards Deputy to the Director Telecommunication Standardization Bureau International Telecommunication Union

2 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Outline 1. Why ICT security is becoming important 2. The complex world of ICT Security 3. Security standards [ICT = Information & Communication Technology]

3 Confidence & security in the use of ICT - Malaysia, 21 August Why ICT security is becoming important

4 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Security: Telephony vs. Internet o Telephone network: Control Offers basically one service Network operators control if new service offered Clear distinction: Interface user – network Interface network – network o Internet: Anarchy (no negative meaning here) Lots of services (many of them not yet imagined …) Everyone can set up a new services All links network – network Many protocols

5 Confidence & security in the use of ICT - Malaysia, 21 August 2003 A Fundamental Shift is Happening o Computers & networks are becoming a utility (like water, electricity, gas, telephone) o Business and personal life are more and more dependent on computers o Prerequisite: adequate security. o [9/11 terrorist attack confirmed the already existing trend of emphasizing security]

6 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Basic Security Services o Privacy / Confidentiality: To know that no 3 rd party can read a message exchanged between 2 people o Authentication: To know that someone is who he/she says he/she is o Integrity: To know that a message has not been modified in transit o Non-repudiation: To know that someone is not able to deny later that she/he sent a message

7 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Security Applications o The previous basic security services can be used to build many security applications: Digital Signature Anonymous e-cash Certified Secure elections Simultaneous contract signing [add your ideas …]

8 Confidence & security in the use of ICT - Malaysia, 21 August The complex world of ICT security

9 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Some Security Risks o Social engineering attack: Amateurs hack systems, professionals hack people (Bruce Schneier) An organizations own employees may pose largest risk: Incompetence, indifference, misconduct o New technologies bring new security problems (e.g., WiFi) o Buggy software o Viruses o Malicious hackers braking into systems o Denial of Service attacks o…o…

10 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Non-trivial Insights o Technology alone can not fix security problems – Technology is necessary but not sufficient o Security is everyones business, not just the business of security experts o Security decisions must be taken by Management, not by technical staff o Security is risk management – the art to worry about the right things

11 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Cryptography- the Beauty of Mathematics o Cryptographic algorithms are building blocks to construct secure system o Dramatic advances in cryptography in the last 30 years: Public Key Cryptography (1976) Microprocessor: cheap computing power Quantum cryptography (future) o Reminder: security is more a people problem than a technical problem

12 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Secret Key Encryption Plain text encrypt message with decrypt message with secret key same secret key cipher text o Both parties share a single, secret key o Problem: exchanging keys in complete secrecy is difficult o Best-known example: DES (Data Encryption Standard)

13 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Public Key Encryption Plain text encrypt message with decrypt message with public (!) key of receiver (!) private key of receiver cipher text o Each participant has A private key that is shared with no one else, plus A public key known to everyone o Problem: slower than Secret Key Encryption o Best-known example: RSA

14 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Biometrics: your Body – your Password? o Recognize a person upon physiological or behavioral characteristics Fingerprint Face Voice Iris o Currently costs outweigh benefits

15 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Economics & ICT Security o Perverse incentives explain a lot of current information insecurity (Ross Anderson, Univ of Cambridge, UK) o Distributed denial of service attack in 2000: Vandals took over computers on low- security University networks and shut down major websites (e.g. Yahoo) Shouldnt Universities bear some liability for the damages to 3 rd parties o Solution: assign legal liabilities to the parties best able to manage the risk (Hal Varian, Univ of California, Berkeley)

16 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Security is Risk Management o How much money/time to spend on ICT security? o Balance between cost and risk: What are the potential security breaches? Whats the associated loss in each case? What does it cost to defend in each case? Mitigation (e.g. buy technology) Outsource (s.o. else takes over the risk) Insurance (passing risk to insurance company) o Engineers, policymakers, economists, lawyers to forge common approaches

17 Confidence & security in the use of ICT - Malaysia, 21 August Security standards

18 Confidence & security in the use of ICT - Malaysia, 21 August 2003 The Need for Intl. Security Standards o Technical standards should be international: Ensures interoperability - the whole point of most of the standards Economies of scale o Best practice standards would be very helpful to be international Raises awareness o Regulatory issues & law enforcement is a national (or regional, e.g. European Union) matter

19 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Security in International Standards Organizations o ISO/IEC: 17799: Information technology – code of practice for information security management (71 pages; year 2000) addresses organizations, companies o IETF: Protocols, e.g. IPsec, TLS, SMIME … o ITU: see next slides

20 Confidence & security in the use of ICT - Malaysia, 21 August 2003 ITU Plenipo & WSIS o ITU Plenipotentiary Conference 2002: Strengthening the role of ITU in information and communication network security o WSIS = World Summit on Information Society; UN-event 1 st phase: Geneva Dec 03; 2 nd phase: Tunis Nov 05 Target audience: Heads of State + CEOs + civil society Topics include communication network security

21 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Security in ITU-T Study Groups o SG 17 = Lead Study Group for Communication System Security: Coordination / prioritization of security efforts Development of core security Recs. o Existing Recommendations include: Security architecture, model, frameworks, and protocols for open systems (X.800- series; X.270 series, jointly with ISO) Trusted Third Party Services (X.842/X.843, jointly with ISO) Public-key and attribute certificate frameworks (X.509, jointly with ISO)

22 Confidence & security in the use of ICT - Malaysia, 21 August 2003 ITU-T SG 17 Security Focus o Authentication (X.509, jointly with ISO): Ongoing enhancements as a result of more complex uses o Security Architecture for end-to-end communications: Security for management, control and use of network infrastructure, services and applications o Telebiometrics: biometrics via distance Model for security and public safety in telebiometrics o Security Management: Risk assessment, identification of assets and implementation characteristics o Mobile Security: For low power, small memory size and small display devices

23 Confidence & security in the use of ICT - Malaysia, 21 August 2003 ITU-T SG 17: Upcoming Joint Work with ISO / IEC o Information Technology – Security techniques – IT network security Part 1: Network security management Part 2: Network security architecture Part 3: Securing communications between networks using security gateways Part 4: Remote access Part 5: Securing communications between networks using virtual private networks

24 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Security Studies in other ITU-T Study Groups o Security for multimedia systems and services (SG 16) o Emergency Telecommunications Services (SG 16) o IPCablecom project = interactive services over cable TV networks (SG 9) o Telecommunication networks security requirements (SG 2) o Framework to support emergency communications (SG 13)

25 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Strengths of ITU-T o Unique mix of industry & government o Truly global o Consensus decisions guarantee wide acceptance o Fast procedures o Brand name o IPR Policy o World-class meeting facilities o Excellent Secretariat staff

26 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Backup Slides on ITU-T (not to be shown in talk)

27 Confidence & security in the use of ICT - Malaysia, 21 August 2003 ITU-T Structure Workshops Focus Group Joint Group Project Team

28 Confidence & security in the use of ICT - Malaysia, 21 August 2003 ITU-T Study Groups o SG 2 Operational aspects of service provision, networks and performance o SG 3 Tariff and accounting principles including related telecommunications economic and policy issues o SG 4 Telecommunication management, including TMN o SG 5 Protection against electromagnetic environment effects o SG 6 Outside plant o SG 9 Integrated broadband cable networks and television and sound transmission o SG 11 Signalling requirements and protocols o SG 12 End-to-end transmission performance of networks and terminals o SG 13 Multi-protocol and IP-based networks and their internetworking o SG 15 Optical and other transport networks o SG 16 Multimedia services, systems and terminals o SG 17 Data networks and telecommunication software o SSG Special Study Group "IMT-2000 and beyond" o TSAG Telecommunication Standardization Advisory Group

29 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Lead Study Groups o SG 2service definition, numbering and routing o SG 4 TMN o SG 9integrated broadband cable and television networks o SG 11intelligent networks o SG 12Quality of Service and performance o SG 13IP related matters, B-ISDN, Global Information Infrastructure and satellite matters o SG 15access network transport and optical technology o SG 16multimedia services, systems and terminals and on e-business and e-commerce o SG17frame relay, communication system security, languages and description techniques o SSGIMT 2000 and beyond and for mobility

30 Confidence & security in the use of ICT - Malaysia, 21 August 2003 IP project study areas o Integrated architecture o Impact to telecommunications access infrastructures of access to IP applications o Interworking between IP based network and switched- circuit networks, including wireless based networks o Multimedia applications over IP o Numbering and addressing o Transport for IP-structured signals o Signalling support, IN and routing for services on IP-based networks o Performance o Integrated management of telecom and IP-based networks o Security aspects

31 Confidence & security in the use of ICT - Malaysia, 21 August 2003 Other areas to consider o IP-based networks and their interconnection with telecommunication networks; o IP cablecom project; o establishment of GII; o IMT-2000 and mobility; o e-business and e-commerce; o reform of accounting rates and tariff studies; o MEDIACOM-2004 project and related multimedia activities; o security aspects of networks and services; o optical transport network; o access networks enhancements with xDSL techniques; o numbering and routing; o network performances and quality of services; o protocols for new services and intelligent networks.

32 Confidence & security in the use of ICT - Malaysia, 21 August 2003 ITU-T Series (A-L) A. Organization of the work of ITU-T B. Means of expression: definitions, symbols, classification C. General telecommunication statistics D. General tariff principles E. Overall network operation, telephone service, service operation and human factors F. Non-telephone telecommunication services G. Transmission systems and media, digital systems and networks H. Audiovisual and multimedia systems I. Integrated services digital network J. Transmission of television, sound programme and other multimedia signals K. Protection against interference L. Construction, installation and protection of cables and other elements of outside plant

33 Confidence & security in the use of ICT - Malaysia, 21 August 2003 ITU-T Series (M-Z) M. TMN and network maintenance: international transmission systems, telephone circuits, telegraphy, facsimile and leased circuits N. Maintenance: international sound programme and television transmission circuits O. Specifications of measuring equipment P. Telephone transmission quality, telephone installations, local line networks Q. Switching and signalling R. Telegraph transmission S. Telegraph services terminal equipment T. Terminals for telematic services U. Telegraph switching V. Data communication over the telephone network X. Data networks and open system communications Y. Global information infrastructure and Internet protocol aspects Z. Languages and general software aspects for telecommunication systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.