SlideShare a Scribd company logo

Itu ics-pii

Download as PPT, PDF
Abbie Barbir
Abbie Barbir

Privacy ITU

1 of 15
ITU-T Security and Privacy International Cloud Symposium Washington DC October 2012 Abbie Barbir, Ph.D. Rapporteur, Q10/17 Identity Management Question Abbie.barbir@ties.itu.int International Telecommunication Union
ITU-T Objectives  International Telecommunication Union  Develop and publish standards for global ICT interoperability  Identify areas for future standardization  Provide an attractive and effective forum for the development of international standards  Promote the value of ITU standards  Disseminate information and know-how  Cooperate and collaborate  Provide support and assistance
ITU-T Key Features  Truly global public/private partnership  95% of work is done by private sector  Continuously adapting to market needs  Pre-eminent global ICT standards body
ITU-T Study Groups TSAG SG 2 Numbering SG 12 Quality SG 3 Tariffs SG 13 Future Networks Climate Change SG 5 & EMC Access & SG 15 Transport Networks SG 9 Cable TV SG 16 Multimedia Protocols SG 11 & Testing SG 17 Security 4/48
Personally Identifiable Information (PII)  Aspects of privacy and protection of PII data is a key concern to the ITU-T (SG 17 )  Recommendations published have identified security threats and provide guidelines in that area.  Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.  Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system  Joint Coordination Activity on Internet of Things (JCA-IoT)  Focus Group on Machine-to-Machine Service Layer
SG 17 Questions involved in “privacy” studies  Question 3/17 “Telecommunications information security management”  Question 4/17 “Cybersecurity”  Question 6/17 “Security aspects of ubiquitous telecommunication services”  Question 7/17 “Secure application services”  Question 9/17 “Telebiometrics”  Question 10/17 “Identity management architecture and mechanisms”  Further candidate Questions could be  Question 8/17 “Cloud computing security”  Question 11/17 “Directory services, Directory systems, and public- key/attribute certificates”
Definitions of Privacy in ITU-T Recommendations Privacy  ITU-T X.1252 (04/2010) “Baseline identity management terms and definitions”  The right of individuals to control or influence what personal information related to them may be collected, managed, retained, accessed, and used or distributed.  ITU-T Y.2720 (01/2009) “NGN identity management framework”  The protection of personally identifiable information.
Recommendation X.1171 Threats and requirements for protection of PII in applications using tag-based identification Basic model of a B2C application 8/48
X.1171 Threats PII infringement through information leakage 9/48
ITU-T X.1275  Guidelines on protection of personally identifiable information in the application of RFID technology  Privacy principles (based on privacy principles of: Council of Europe], EC Directive 95/46, EC Directive 2002/58/EC, OECD, and UNHCR)  Threats and infringements of PII in RFID  Typical RFID applications and possible threats to PII  Supply-chain management  Transportation and logistics  Healthcare and medical application  e-government  Information service  Guidelines on protection for personally identifiable information 10/48
X.1275 RFID applications and threats to PII Information Field Typical applications Possible privacy threats in RFID tag Tracking, profiling of persons Inventory management Product performing of inventory Supply chain Tracking, profiling Retail (e.g., supermarket) Product (after purchasing good) Public transportation User's ID, charging, etc. Tracking, profiling ticket Highway toll User's ID, charging, etc. Tracking, profiling Transportation and logistics Vehicle tracking Product Tracking, profiling Fleet/container Tracking, profiling of persons Product management handling of containers Patient's ID, medical history, Tracking patients Tracking, profiling, invisibility etc. Preventing medication Patient's ID, medical history, Tracking, profiling Healthcare errors prescription, etc. Blood or medicines tracking for anti- Product × counterfeiting People's ID, nationality, Tracking, profiling, e-government e-passport biometric counterfeiting PII Information services Smart poster Product × 11/48
Other Work  X.gpim  Draft Recommendation, Guideline for management of personally identifiable information for telecommunication organizations  Big Data view  Scope  provides a guideline of management PII in the context of telecommunications  Possibly joint work Liaison cooperation with ISO/IEC JCT 1/SC 27/WG 1
Summary  Internet-of-Things (IoT), ubiquitous sensor networks (USN), Machine- to-Machine (M2M) and network aspects of identification systems, including RFID (NID) play an important role in ITU-T’s standardization activities.  Various ITU-T Study Groups and ITU-T initiatives are addressing RFID/NID, IoT, USN and M2M including the security aspects thereof; an initial suite of ITU-T Recommendations has already been developed in that domain and serves as a tool set for standard developers and implementers; yet the comprehensive subject is still emerging and forthcoming drafts are in preparation by the ITU-T Global Standards Initiative (GSI-IoT) where those standards are being developed in cooperation among the experts.  Aspects of privacy and protection of PII (personally identifiable information) data is a key concern and first set of ITU-T Recommendations published have identified security threats and provide guidelines in that area.  Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.  Recommendation ITU-T X.1275 standardizes a possible, privacy 13/48 impact assessment (PIA) process for the entire RFID system.
THANK YOU For further information http://www.itu.int/ITU-T http://www.itu.int/ITU- T/studygroups/com17 14/48
Itu ics-pii

Recommended

ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)Abbie Barbir
 
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010Dr David Probert
 
ITU Standardization of Telebiometric applications
ITU Standardization of Telebiometric applications ITU Standardization of Telebiometric applications
ITU Standardization of Telebiometric applications ITU
 
ITU-T Study Group 17 Introduction
ITU-T Study Group 17 IntroductionITU-T Study Group 17 Introduction
ITU-T Study Group 17 IntroductionITU
 
ITU-T Study Group 2 Introduction
ITU-T Study Group 2 IntroductionITU-T Study Group 2 Introduction
ITU-T Study Group 2 IntroductionITU
 
ITU-T Study Group 3 Introduction
ITU-T Study Group 3 IntroductionITU-T Study Group 3 Introduction
ITU-T Study Group 3 IntroductionITU
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsBob Marcus
 

Recommended

ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)Abbie Barbir
 
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010Dr David Probert
 
ITU Standardization of Telebiometric applications
ITU Standardization of Telebiometric applications ITU Standardization of Telebiometric applications
ITU Standardization of Telebiometric applications ITU
 
ITU-T Study Group 17 Introduction
ITU-T Study Group 17 IntroductionITU-T Study Group 17 Introduction
ITU-T Study Group 17 IntroductionITU
 
ITU-T Study Group 2 Introduction
ITU-T Study Group 2 IntroductionITU-T Study Group 2 Introduction
ITU-T Study Group 2 IntroductionITU
 
ITU-T Study Group 3 Introduction
ITU-T Study Group 3 IntroductionITU-T Study Group 3 Introduction
ITU-T Study Group 3 IntroductionITU
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
Security and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsSecurity and Privacy in IoT and Cyber-physical Systems
Security and Privacy in IoT and Cyber-physical SystemsBob Marcus
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
IRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT DevicesIRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT DevicesIRJET Journal
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesEuropean Union Agency for Network and Information Security (ENISA)
 
Data Science for IoT
Data Science for IoTData Science for IoT
Data Science for IoTOlivera Kotevska, Ph.D.
 
Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017SMAU
 
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGSSECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGSIJNSA Journal
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Dr. Michael Agbaje
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...IJCSIS Research Publications
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-ReviewAki Koivu
 
Review on Vulnerabilities of IoT Security
Review on Vulnerabilities of IoT SecurityReview on Vulnerabilities of IoT Security
Review on Vulnerabilities of IoT Securityijtsrd
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015Hildebrand Technology
 
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...Assespro Nacional
 
Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsnajascj
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsSandeep Saxena
 
Steganography - Muheeb Ghallab
Steganography - Muheeb GhallabSteganography - Muheeb Ghallab
Steganography - Muheeb GhallabFahmi Albaheth
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docxAmir Khan
 
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...Lillie Coney
 
Trust elevation-abbie-v1
Trust elevation-abbie-v1Trust elevation-abbie-v1
Trust elevation-abbie-v1Abbie Barbir
 
3rd deliverable preso v1.2a
3rd deliverable preso v1.2a3rd deliverable preso v1.2a
3rd deliverable preso v1.2aAbbie Barbir
 

More Related Content

What's hot

CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
IRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT DevicesIRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT DevicesIRJET Journal
 
Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017SMAU
 
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGSSECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGSIJNSA Journal
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Dr. Michael Agbaje
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...IJCSIS Research Publications
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-ReviewAki Koivu
 
Review on Vulnerabilities of IoT Security
Review on Vulnerabilities of IoT SecurityReview on Vulnerabilities of IoT Security
Review on Vulnerabilities of IoT Securityijtsrd
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTautomatskicorporation
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015Hildebrand Technology
 
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...Assespro Nacional
 
Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsnajascj
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...CableLabs
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsSandeep Saxena
 
Steganography - Muheeb Ghallab
Steganography - Muheeb GhallabSteganography - Muheeb Ghallab
Steganography - Muheeb GhallabFahmi Albaheth
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docxAmir Khan
 
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...Lillie Coney
 

What's hot (20)

CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
 
IRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT DevicesIRJET - A Study on Smart Way for Securing IoT Devices
IRJET - A Study on Smart Way for Securing IoT Devices
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
Data Science for IoT
Data Science for IoTData Science for IoT
Data Science for IoT
 
Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017Marco Armoni AIPSI - SMAU Milano 2017
Marco Armoni AIPSI - SMAU Milano 2017
 
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGSSECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
 
Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.Wearable Technology for Enhanced Security.
Wearable Technology for Enhanced Security.
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-Review
 
Review on Vulnerabilities of IoT Security
Review on Vulnerabilities of IoT SecurityReview on Vulnerabilities of IoT Security
Review on Vulnerabilities of IoT Security
 
Automatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoTAutomatski - The Internet of Things - Privacy in IoT
Automatski - The Internet of Things - Privacy in IoT
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
 
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...
 
Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of things
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security Metrics
 
Steganography - Muheeb Ghallab
Steganography - Muheeb GhallabSteganography - Muheeb Ghallab
Steganography - Muheeb Ghallab
 
Chapter-2.docx
Chapter-2.docxChapter-2.docx
Chapter-2.docx
 
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
 

Viewers also liked

Trust elevation-abbie-v1
Trust elevation-abbie-v1Trust elevation-abbie-v1
Trust elevation-abbie-v1Abbie Barbir
 
3rd deliverable preso v1.2a
3rd deliverable preso v1.2a3rd deliverable preso v1.2a
3rd deliverable preso v1.2aAbbie Barbir
 
Trust elevation-share
Trust elevation-shareTrust elevation-share
Trust elevation-shareAbbie Barbir
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir
 
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...Abbie Barbir
 
Centre for blinds and visually impaired
Centre for blinds and visually impairedCentre for blinds and visually impaired
Centre for blinds and visually impairedMayur karodia
 

Viewers also liked (7)

Trust elevation-abbie-v1
Trust elevation-abbie-v1Trust elevation-abbie-v1
Trust elevation-abbie-v1
 
3rd deliverable preso v1.2a
3rd deliverable preso v1.2a3rd deliverable preso v1.2a
3rd deliverable preso v1.2a
 
Trust elevation-share
Trust elevation-shareTrust elevation-share
Trust elevation-share
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg Final
 
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
 
EVOLVE'16 | Enhance | Anil Kalbag & Anshul Chhabra | Comparative Architecture...
EVOLVE'16 | Enhance | Anil Kalbag & Anshul Chhabra | Comparative Architecture...EVOLVE'16 | Enhance | Anil Kalbag & Anshul Chhabra | Comparative Architecture...
EVOLVE'16 | Enhance | Anil Kalbag & Anshul Chhabra | Comparative Architecture...
 
Centre for blinds and visually impaired
Centre for blinds and visually impairedCentre for blinds and visually impaired
Centre for blinds and visually impaired
 

Similar to Itu ics-pii

Abbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateAbbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateJamie Clark
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Journée thématique "Évaluation d’Impact sur la Vie Privée des Applications RFID"
Journée thématique "Évaluation d’Impact sur la Vie Privée des Applications RFID"Journée thématique "Évaluation d’Impact sur la Vie Privée des Applications RFID"
Journée thématique "Évaluation d’Impact sur la Vie Privée des Applications RFID"CNRFID
 
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...ijait
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Amitabh Singh_Technology_Business_Case_Investigation_Project
Amitabh Singh_Technology_Business_Case_Investigation_ProjectAmitabh Singh_Technology_Business_Case_Investigation_Project
Amitabh Singh_Technology_Business_Case_Investigation_ProjectA Singh
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security IssuesBrent Muir
 
An Ethical Exploration of Privacy andRadio Frequency Ident.docx
An Ethical Exploration of Privacy andRadio Frequency Ident.docxAn Ethical Exploration of Privacy andRadio Frequency Ident.docx
An Ethical Exploration of Privacy andRadio Frequency Ident.docxnettletondevon
 
Io t of actuating things
Io t of actuating thingsIo t of actuating things
Io t of actuating thingsArpan Pal
 
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...PacificResearchPlatform
 
Biometrics: The Key to Securing Smart Cities
Biometrics: The Key to Securing Smart CitiesBiometrics: The Key to Securing Smart Cities
Biometrics: The Key to Securing Smart CitiesBahaa Abdulhadi
 
Meaningful Use Risk Analysis Webinar
Meaningful Use Risk Analysis WebinarMeaningful Use Risk Analysis Webinar
Meaningful Use Risk Analysis Webinardata brackets
 
Biometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security IssuesBiometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security Issuesijtsrd
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protectionproitsolutions
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyUlf Mattsson
 

Similar to Itu ics-pii (20)

Abbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-updateAbbie Barbir ITU IIW-update
Abbie Barbir ITU IIW-update
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Journée thématique "Évaluation d’Impact sur la Vie Privée des Applications RFID"
Journée thématique "Évaluation d’Impact sur la Vie Privée des Applications RFID"Journée thématique "Évaluation d’Impact sur la Vie Privée des Applications RFID"
Journée thématique "Évaluation d’Impact sur la Vie Privée des Applications RFID"
 
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...
DESIGN AND IMPLEMENTATION OF E-PASSPORT SCHEME USING CRYPTOGRAPHIC ALGORITHM ...
 
Towards a Privacy-Friendly Internet of Things
Towards a Privacy-Friendly Internet of ThingsTowards a Privacy-Friendly Internet of Things
Towards a Privacy-Friendly Internet of Things
 
Jacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J BJacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J B
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Amitabh Singh_Technology_Business_Case_Investigation_Project
Amitabh Singh_Technology_Business_Case_Investigation_ProjectAmitabh Singh_Technology_Business_Case_Investigation_Project
Amitabh Singh_Technology_Business_Case_Investigation_Project
 
RFID Privacy & Security Issues
RFID Privacy & Security IssuesRFID Privacy & Security Issues
RFID Privacy & Security Issues
 
An Ethical Exploration of Privacy andRadio Frequency Ident.docx
An Ethical Exploration of Privacy andRadio Frequency Ident.docxAn Ethical Exploration of Privacy andRadio Frequency Ident.docx
An Ethical Exploration of Privacy andRadio Frequency Ident.docx
 
Io t of actuating things
Io t of actuating thingsIo t of actuating things
Io t of actuating things
 
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
TIPPSS for Enabling & Securing our Increasingly Connected World – Trust, Iden...
 
Biometrics: The Key to Securing Smart Cities
Biometrics: The Key to Securing Smart CitiesBiometrics: The Key to Securing Smart Cities
Biometrics: The Key to Securing Smart Cities
 
Meaningful Use Risk Analysis Webinar
Meaningful Use Risk Analysis WebinarMeaningful Use Risk Analysis Webinar
Meaningful Use Risk Analysis Webinar
 
Biometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security IssuesBiometric System and Recognition Authentication and Security Issues
Biometric System and Recognition Authentication and Security Issues
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Data Integrity Protection
Data Integrity ProtectionData Integrity Protection
Data Integrity Protection
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
 
Internet of things
Internet of thingsInternet of things
Internet of things
 

Itu ics-pii

  • 1. ITU-T Security and Privacy International Cloud Symposium Washington DC October 2012 Abbie Barbir, Ph.D. Rapporteur, Q10/17 Identity Management Question Abbie.barbir@ties.itu.int International Telecommunication Union
  • 2. ITU-T Objectives  International Telecommunication Union  Develop and publish standards for global ICT interoperability  Identify areas for future standardization  Provide an attractive and effective forum for the development of international standards  Promote the value of ITU standards  Disseminate information and know-how  Cooperate and collaborate  Provide support and assistance
  • 3. ITU-T Key Features  Truly global public/private partnership  95% of work is done by private sector  Continuously adapting to market needs  Pre-eminent global ICT standards body
  • 4. ITU-T Study Groups TSAG SG 2 Numbering SG 12 Quality SG 3 Tariffs SG 13 Future Networks Climate Change SG 5 & EMC Access & SG 15 Transport Networks SG 9 Cable TV SG 16 Multimedia Protocols SG 11 & Testing SG 17 Security 4/48
  • 5. Personally Identifiable Information (PII)  Aspects of privacy and protection of PII data is a key concern to the ITU-T (SG 17 )  Recommendations published have identified security threats and provide guidelines in that area.  Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.  Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system  Joint Coordination Activity on Internet of Things (JCA-IoT)  Focus Group on Machine-to-Machine Service Layer
  • 6. SG 17 Questions involved in “privacy” studies  Question 3/17 “Telecommunications information security management”  Question 4/17 “Cybersecurity”  Question 6/17 “Security aspects of ubiquitous telecommunication services”  Question 7/17 “Secure application services”  Question 9/17 “Telebiometrics”  Question 10/17 “Identity management architecture and mechanisms”  Further candidate Questions could be  Question 8/17 “Cloud computing security”  Question 11/17 “Directory services, Directory systems, and public- key/attribute certificates”
  • 7. Definitions of Privacy in ITU-T Recommendations Privacy  ITU-T X.1252 (04/2010) “Baseline identity management terms and definitions”  The right of individuals to control or influence what personal information related to them may be collected, managed, retained, accessed, and used or distributed.  ITU-T Y.2720 (01/2009) “NGN identity management framework”  The protection of personally identifiable information.
  • 8. Recommendation X.1171 Threats and requirements for protection of PII in applications using tag-based identification Basic model of a B2C application 8/48
  • 9. X.1171 Threats PII infringement through information leakage 9/48
  • 10. ITU-T X.1275  Guidelines on protection of personally identifiable information in the application of RFID technology  Privacy principles (based on privacy principles of: Council of Europe], EC Directive 95/46, EC Directive 2002/58/EC, OECD, and UNHCR)  Threats and infringements of PII in RFID  Typical RFID applications and possible threats to PII  Supply-chain management  Transportation and logistics  Healthcare and medical application  e-government  Information service  Guidelines on protection for personally identifiable information 10/48
  • 11. X.1275 RFID applications and threats to PII Information Field Typical applications Possible privacy threats in RFID tag Tracking, profiling of persons Inventory management Product performing of inventory Supply chain Tracking, profiling Retail (e.g., supermarket) Product (after purchasing good) Public transportation User's ID, charging, etc. Tracking, profiling ticket Highway toll User's ID, charging, etc. Tracking, profiling Transportation and logistics Vehicle tracking Product Tracking, profiling Fleet/container Tracking, profiling of persons Product management handling of containers Patient's ID, medical history, Tracking patients Tracking, profiling, invisibility etc. Preventing medication Patient's ID, medical history, Tracking, profiling Healthcare errors prescription, etc. Blood or medicines tracking for anti- Product × counterfeiting People's ID, nationality, Tracking, profiling, e-government e-passport biometric counterfeiting PII Information services Smart poster Product × 11/48
  • 12. Other Work  X.gpim  Draft Recommendation, Guideline for management of personally identifiable information for telecommunication organizations  Big Data view  Scope  provides a guideline of management PII in the context of telecommunications  Possibly joint work Liaison cooperation with ISO/IEC JCT 1/SC 27/WG 1
  • 13. Summary  Internet-of-Things (IoT), ubiquitous sensor networks (USN), Machine- to-Machine (M2M) and network aspects of identification systems, including RFID (NID) play an important role in ITU-T’s standardization activities.  Various ITU-T Study Groups and ITU-T initiatives are addressing RFID/NID, IoT, USN and M2M including the security aspects thereof; an initial suite of ITU-T Recommendations has already been developed in that domain and serves as a tool set for standard developers and implementers; yet the comprehensive subject is still emerging and forthcoming drafts are in preparation by the ITU-T Global Standards Initiative (GSI-IoT) where those standards are being developed in cooperation among the experts.  Aspects of privacy and protection of PII (personally identifiable information) data is a key concern and first set of ITU-T Recommendations published have identified security threats and provide guidelines in that area.  Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.  Recommendation ITU-T X.1275 standardizes a possible, privacy 13/48 impact assessment (PIA) process for the entire RFID system.
  • 14. THANK YOU For further information http://www.itu.int/ITU-T http://www.itu.int/ITU- T/studygroups/com17 14/48

Editor's Notes

  1. http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=X.1171
  2. http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=X.1275
  3. http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=X.1275