abbie barbir, ph.d. rapporteur, q10/17 identity management question firstname.lastname@example.org
Post on 08-Jan-2016
Embed Size (px)
DESCRIPTIONITU-T Security and Privacy International Cloud Symposium Washington DC October 2012. Abbie Barbir, Ph.D. Rapporteur, Q10/17 Identity Management Question Abbie.email@example.com. ITU-T Objectives. International Telecommunication Union - PowerPoint PPT Presentation
*ITU-T ObjectivesInternational Telecommunication UnionDevelop and publish standards for global ICT interoperabilityIdentify areas for future standardizationProvide an attractive and effective forum for the development of international standards Promote the value of ITU standards Disseminate information and know-howCooperate and collaborate Provide support and assistance
*ITU-T Key FeaturesTruly global public/private partnership95% of work is done by private sectorContinuously adapting to market needsPre-eminent global ICT standards body
TSAGITU-T Study Groups*/48
Personally Identifiable Information (PII)Aspects of privacy and protection of PII data is a key concern to the ITU-T (SG 17 )Recommendations published have identified security threats and provide guidelines in that area. Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification. Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system Joint Coordination Activity on Internet of Things (JCA-IoT) Focus Group on Machine-to-Machine Service Layer
SG 17 Questions involved in privacy studies Question 3/17 Telecommunications information security management Question 4/17 Cybersecurity Question 6/17 Security aspects of ubiquitous telecommunication services Question 7/17 Secure application services Question 9/17 Telebiometrics Question 10/17 Identity management architecture and mechanisms Further candidate Questions could be Question 8/17 Cloud computing security Question 11/17 Directory services, Directory systems, and public- key/attribute certificates
Definitions of Privacy in ITU-T Recommendations PrivacyITU-T X.1252 (04/2010) Baseline identity management terms and definitionsThe right of individuals to control or influence what personal information related to them may be collected, managed, retained, accessed, and used or distributed. ITU-T Y.2720 (01/2009) NGN identity management frameworkThe protection of personally identifiable information.
Recommendation X.1171 Threats and requirements for protection of PII in applications using tag-based identificationBasic model of a B2C application \*/48
X.1171 ThreatsPII infringement through information leakage*/48
Guidelines on protection of personally identifiable information in the application of RFID technology Privacy principles (based on privacy principles of: Council of Europe], EC Directive 95/46, EC Directive 2002/58/EC, OECD, and UNHCR)Threats and infringements of PII in RFIDTypical RFID applications and possible threats to PIISupply-chain managementTransportation and logisticsHealthcare and medical applicatione-governmentInformation serviceGuidelines on protection for personally identifiable information ITU-T X.1275*/48
X.1275RFID applications and threats to PII*/48
FieldTypical applicationsInformation in RFID tagPossible privacy threatsSupply chainInventory managementProductTracking, profiling of persons performing of inventoryRetail (e.g., supermarket)ProductTracking, profiling (after purchasing good)Transportation and logisticsPublic transportation ticketUser's ID, charging, etc.Tracking, profilingHighway tollUser's ID, charging, etc.Tracking, profilingVehicle trackingProductTracking, profilingFleet/container managementProductTracking, profiling of persons handling of containersHealthcareTracking patientsPatient's ID, medical history, etc.Tracking, profiling, invisibilityPreventing medication errorsPatient's ID, medical history, prescription, etc.Tracking, profilingBlood or medicines tracking for anti-counterfeitingProducte-governmente-passportPeople's ID, nationality, biometricTracking, profiling, counterfeiting PIIInformation servicesSmart posterProduct
Other WorkX.gpim Draft Recommendation, Guideline for management of personally identifiable information for telecommunication organizations Big Data viewScopeprovides a guideline of management PII in the context of telecommunicationsPossibly joint work Liaison cooperation with ISO/IEC JCT 1/SC 27/WG 1
Internet-of-Things (IoT), ubiquitous sensor networks (USN), Machine-to-Machine (M2M) and network aspects of identification systems, including RFID (NID) play an important role in ITU-Ts standardization activities.
Various ITU-T Study Groups and ITU-T initiatives are addressing RFID/NID, IoT, USN and M2M including the security aspects thereof; an initial suite of ITU-T Recommendations has already been developed in that domain and serves as a tool set for standard developers and implementers; yet the comprehensive subject is still emerging and forthcoming drafts are in preparation by the ITU-T Global Standards Initiative (GSI-IoT) where those standards are being developed in cooperation among the experts.
Aspects of privacy and protection of PII (personally identifiable information) data is a key concern and first set of ITU-T Recommendations published have identified security threats and provide guidelines in that area.
Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.
Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system.
THANK YOUFor further information