Abbie Barbir, profile picture
Uploaded byAbbie Barbir
PPT, PDF599 views

Itu ics-pii

This document summarizes Abbie Barbir's presentation on ITU-T's work regarding privacy and personally identifiable information. ITU-T is an international standards organization that develops standards for information and communication technologies. Several of ITU-T's study groups address issues relating to privacy and security in emerging technologies such as RFID, Internet of Things, and machine-to-machine communication. ITU-T has published recommendations that identify privacy threats and provide guidelines for protecting personally identifiable information in applications using tag-based identification and RFID systems. ITU-T is continuing its work on privacy issues through various study groups and initiatives.

Embed presentation

Download to read offline
ITU-T Security and Privacy International Cloud Symposium Washington DC October 2012 Abbie Barbir, Ph.D. Rapporteur, Q10/17 Identity Management Question Abbie.barbir@ties.itu.int International Telecommunication Union
ITU-T Objectives  International Telecommunication Union  Develop and publish standards for global ICT interoperability  Identify areas for future standardization  Provide an attractive and effective forum for the development of international standards  Promote the value of ITU standards  Disseminate information and know-how  Cooperate and collaborate  Provide support and assistance
ITU-T Key Features  Truly global public/private partnership  95% of work is done by private sector  Continuously adapting to market needs  Pre-eminent global ICT standards body
ITU-T Study Groups TSAG SG 2 Numbering SG 12 Quality SG 3 Tariffs SG 13 Future Networks Climate Change SG 5 & EMC Access & SG 15 Transport Networks SG 9 Cable TV SG 16 Multimedia Protocols SG 11 & Testing SG 17 Security 4/48
Personally Identifiable Information (PII)  Aspects of privacy and protection of PII data is a key concern to the ITU-T (SG 17 )  Recommendations published have identified security threats and provide guidelines in that area.  Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.  Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system  Joint Coordination Activity on Internet of Things (JCA-IoT)  Focus Group on Machine-to-Machine Service Layer
SG 17 Questions involved in “privacy” studies  Question 3/17 “Telecommunications information security management”  Question 4/17 “Cybersecurity”  Question 6/17 “Security aspects of ubiquitous telecommunication services”  Question 7/17 “Secure application services”  Question 9/17 “Telebiometrics”  Question 10/17 “Identity management architecture and mechanisms”  Further candidate Questions could be  Question 8/17 “Cloud computing security”  Question 11/17 “Directory services, Directory systems, and public- key/attribute certificates”
Definitions of Privacy in ITU-T Recommendations Privacy  ITU-T X.1252 (04/2010) “Baseline identity management terms and definitions”  The right of individuals to control or influence what personal information related to them may be collected, managed, retained, accessed, and used or distributed.  ITU-T Y.2720 (01/2009) “NGN identity management framework”  The protection of personally identifiable information.
Recommendation X.1171 Threats and requirements for protection of PII in applications using tag-based identification Basic model of a B2C application 8/48
X.1171 Threats PII infringement through information leakage 9/48
ITU-T X.1275  Guidelines on protection of personally identifiable information in the application of RFID technology  Privacy principles (based on privacy principles of: Council of Europe], EC Directive 95/46, EC Directive 2002/58/EC, OECD, and UNHCR)  Threats and infringements of PII in RFID  Typical RFID applications and possible threats to PII  Supply-chain management  Transportation and logistics  Healthcare and medical application  e-government  Information service  Guidelines on protection for personally identifiable information 10/48
X.1275 RFID applications and threats to PII Information Field Typical applications Possible privacy threats in RFID tag Tracking, profiling of persons Inventory management Product performing of inventory Supply chain Tracking, profiling Retail (e.g., supermarket) Product (after purchasing good) Public transportation User's ID, charging, etc. Tracking, profiling ticket Highway toll User's ID, charging, etc. Tracking, profiling Transportation and logistics Vehicle tracking Product Tracking, profiling Fleet/container Tracking, profiling of persons Product management handling of containers Patient's ID, medical history, Tracking patients Tracking, profiling, invisibility etc. Preventing medication Patient's ID, medical history, Tracking, profiling Healthcare errors prescription, etc. Blood or medicines tracking for anti- Product × counterfeiting People's ID, nationality, Tracking, profiling, e-government e-passport biometric counterfeiting PII Information services Smart poster Product × 11/48
Other Work  X.gpim  Draft Recommendation, Guideline for management of personally identifiable information for telecommunication organizations  Big Data view  Scope  provides a guideline of management PII in the context of telecommunications  Possibly joint work Liaison cooperation with ISO/IEC JCT 1/SC 27/WG 1
Summary  Internet-of-Things (IoT), ubiquitous sensor networks (USN), Machine- to-Machine (M2M) and network aspects of identification systems, including RFID (NID) play an important role in ITU-T’s standardization activities.  Various ITU-T Study Groups and ITU-T initiatives are addressing RFID/NID, IoT, USN and M2M including the security aspects thereof; an initial suite of ITU-T Recommendations has already been developed in that domain and serves as a tool set for standard developers and implementers; yet the comprehensive subject is still emerging and forthcoming drafts are in preparation by the ITU-T Global Standards Initiative (GSI-IoT) where those standards are being developed in cooperation among the experts.  Aspects of privacy and protection of PII (personally identifiable information) data is a key concern and first set of ITU-T Recommendations published have identified security threats and provide guidelines in that area.  Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.  Recommendation ITU-T X.1275 standardizes a possible, privacy 13/48 impact assessment (PIA) process for the entire RFID system.
THANK YOU For further information http://www.itu.int/ITU-T http://www.itu.int/ITU- T/studygroups/com17 14/48
Itu ics-pii

More Related Content

PDF
Security and Privacy in IoT and Cyber-physical Systems
byBob Marcus
 
PPT
ITU Standardization of Telebiometric applications
byITU
 
PDF
ITU-T Study Group 17 Introduction
byITU
 
PDF
ITU-T Study Group 2 Introduction
byITU
 
PDF
ITU-T Study Group 3 Introduction
byITU
 
PPT
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
byAbbie Barbir
 
PDF
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010
byDr David Probert
 
PPTX
CTO-CybersecurityForum-2010-Daisy francis
bysegughana
 
Security and Privacy in IoT and Cyber-physical Systems
byBob Marcus
 
ITU Standardization of Telebiometric applications
byITU
 
ITU-T Study Group 17 Introduction
byITU
 
ITU-T Study Group 2 Introduction
byITU
 
ITU-T Study Group 3 Introduction
byITU
 
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
byAbbie Barbir
 
UN/ITU: Cybersecurity Skills Development - Salta, Argentina - 2010
byDr David Probert
 
CTO-CybersecurityForum-2010-Daisy francis
bysegughana
 

What's hot

PPTX
Data Science for IoT
byOlivera Kotevska, Ph.D.
 
PPT
CTO-CybersecurityForum-2010-Jayantha Fernando
bysegughana
 
PPT
Cloud Monitoring And Forensic Using Security Metrics
bySandeep Saxena
 
PDF
Marco Armoni AIPSI - SMAU Milano 2017
bySMAU
 
PDF
The Internet of Things: Privacy and Security Issues
byEuropean Union Agency for Network and Information Security (ENISA)
 
PDF
Review on Vulnerabilities of IoT Security
byijtsrd
 
PDF
IRJET - A Study on Smart Way for Securing IoT Devices
byIRJET Journal
 
PDF
509286-Aki_Koivu-Review
byAki Koivu
 
PDF
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
byIJNSA Journal
 
PPTX
The European cyber security cPPP strategic research & innovation agenda
byEUBrasilCloudFORUM .
 
PDF
Wearable Technology for Enhanced Security.
byDr. Michael Agbaje
 
PDF
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...
byAssespro Nacional
 
PDF
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
byLillie Coney
 
PDF
Enisa report guidelines for securing the internet of things
bynajascj
 
PDF
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
byIJCSIS Research Publications
 
DOCX
Chapter-2.docx
byAmir Khan
 
PDF
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
byCableLabs
 
PDF
Steganography - Muheeb Ghallab
byFahmi Albaheth
 
PPTX
Automatski - The Internet of Things - Privacy in IoT
byautomatskicorporation
 
PDF
IoT: Security & Privacy at IGNITE 2015
byHildebrand Technology
 
Data Science for IoT
byOlivera Kotevska, Ph.D.
 
CTO-CybersecurityForum-2010-Jayantha Fernando
bysegughana
 
Cloud Monitoring And Forensic Using Security Metrics
bySandeep Saxena
 
Marco Armoni AIPSI - SMAU Milano 2017
bySMAU
 
The Internet of Things: Privacy and Security Issues
byEuropean Union Agency for Network and Information Security (ENISA)
 
Review on Vulnerabilities of IoT Security
byijtsrd
 
IRJET - A Study on Smart Way for Securing IoT Devices
byIRJET Journal
 
509286-Aki_Koivu-Review
byAki Koivu
 
SECURITY& PRIVACY THREATS, ATTACKS AND COUNTERMEASURES IN INTERNET OF THINGS
byIJNSA Journal
 
The European cyber security cPPP strategic research & innovation agenda
byEUBrasilCloudFORUM .
 
Wearable Technology for Enhanced Security.
byDr. Michael Agbaje
 
[GPATS 2013] Makoto (Mac) Yokozawa - Cyber Immune Systems That Helps Trust a...
byAssespro Nacional
 
LConey-Journal_of_Physical_Security-Article_The-Ability-to-Defend-Against-the...
byLillie Coney
 
Enisa report guidelines for securing the internet of things
bynajascj
 
A Review on Privacy and Security Challenges in the Internet of Things (IoT) t...
byIJCSIS Research Publications
 
Chapter-2.docx
byAmir Khan
 
IoT and Cybersecurity: What can be done? by Gerald Faulhaber at Inform[ED] Io...
byCableLabs
 
Steganography - Muheeb Ghallab
byFahmi Albaheth
 
Automatski - The Internet of Things - Privacy in IoT
byautomatskicorporation
 
IoT: Security & Privacy at IGNITE 2015
byHildebrand Technology
 

Viewers also liked

PPTX
Centre for blinds and visually impaired
byMayur karodia
 
PDF
Trust elevation-share
byAbbie Barbir
 
PDF
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
byAbbie Barbir
 
PPTX
EVOLVE'16 | Enhance | Anil Kalbag & Anshul Chhabra | Comparative Architecture...
byEvolve The Adobe Digital Marketing Community
 
PPT
Abbie Barbir Tcg Final
byAbbie Barbir
 
PPT
Trust elevation-abbie-v1
byAbbie Barbir
 
PDF
3rd deliverable preso v1.2a
byAbbie Barbir
 
Centre for blinds and visually impaired
byMayur karodia
 
Trust elevation-share
byAbbie Barbir
 
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
byAbbie Barbir
 
EVOLVE'16 | Enhance | Anil Kalbag & Anshul Chhabra | Comparative Architecture...
byEvolve The Adobe Digital Marketing Community
 
Abbie Barbir Tcg Final
byAbbie Barbir
 
Trust elevation-abbie-v1
byAbbie Barbir
 
3rd deliverable preso v1.2a
byAbbie Barbir
 

Similar to Itu ics-pii

PDF
Rfid ppt
byNamitha Kapoor
 
PDF
Rfid Technology And Applications 1st Edition Stephen B Miles
bytoeppaashipc
 
PPT
Access controls
byCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
PPTX
Automatic Data Capture.pptx
byHarikrishnanLakshmin1
 
DOCX
An Ethical Exploration of Privacy andRadio Frequency Ident.docx
bynettletondevon
 
PPT
Josep Domingo Jordi Castella
byUniversidad Internacional Menendez Pelayo
 
PDF
28032012 Irma vander Ploeg: e portfolio als digitale identiteit
byStichting ePortfolio Support
 
PDF
Privacy in the Work Place
byAndres Baytelman
 
PDF
2 cyber security challenges in io t
byChintan Patel
 
PPTX
Internet of Things TCLG Oct 23 2014
byLisa Abe-Oldenburg, B.Comm., JD.
 
PDF
Healthcare Security Essentials jean pawluk april 28 2011
byslides2010
 
PDF
Legal Circle Corporate Brochure
bylegalinfo
 
PDF
Real-time Security Extensions for EPCglobal Networks (Disputation)
byMatthieu Schapranow
 
PDF
Brokerage 2007 presentation security
byimec.archive
 
PPT
4. florence dupre new usagesprivacy legal framework fd
byGlobalForum
 
PDF
Datacard ID Card Printers - Claryco
bytraffordaiden
 
PDF
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
byThomas Gross
 
PPTX
Cloud Computing security Challenges for Defense Forces
bycommandersaini
 
PDF
Net-Enabled Test Environment: a Federated Approach to Establishing an Inter-a...
byWen Zhu
 
PDF
IDM & IAM 2012
byAriel Evans
 
Rfid ppt
byNamitha Kapoor
 
Rfid Technology And Applications 1st Edition Stephen B Miles
bytoeppaashipc
 
Access controls
byCapt SB Tyagi, COAC'CC*,FISM,CSC,
 
Automatic Data Capture.pptx
byHarikrishnanLakshmin1
 
An Ethical Exploration of Privacy andRadio Frequency Ident.docx
bynettletondevon
 
Josep Domingo Jordi Castella
byUniversidad Internacional Menendez Pelayo
 
28032012 Irma vander Ploeg: e portfolio als digitale identiteit
byStichting ePortfolio Support
 
Privacy in the Work Place
byAndres Baytelman
 
2 cyber security challenges in io t
byChintan Patel
 
Internet of Things TCLG Oct 23 2014
byLisa Abe-Oldenburg, B.Comm., JD.
 
Healthcare Security Essentials jean pawluk april 28 2011
byslides2010
 
Legal Circle Corporate Brochure
bylegalinfo
 
Real-time Security Extensions for EPCglobal Networks (Disputation)
byMatthieu Schapranow
 
Brokerage 2007 presentation security
byimec.archive
 
4. florence dupre new usagesprivacy legal framework fd
byGlobalForum
 
Datacard ID Card Printers - Claryco
bytraffordaiden
 
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
byThomas Gross
 
Cloud Computing security Challenges for Defense Forces
bycommandersaini
 
Net-Enabled Test Environment: a Federated Approach to Establishing an Inter-a...
byWen Zhu
 
IDM & IAM 2012
byAriel Evans
 

Itu ics-pii

  • 1.
    ITU-T Security and Privacy International Cloud Symposium Washington DC October 2012 Abbie Barbir, Ph.D. Rapporteur, Q10/17 Identity Management Question Abbie.barbir@ties.itu.int International Telecommunication Union
  • 2.
    ITU-T Objectives  InternationalTelecommunication Union  Develop and publish standards for global ICT interoperability  Identify areas for future standardization  Provide an attractive and effective forum for the development of international standards  Promote the value of ITU standards  Disseminate information and know-how  Cooperate and collaborate  Provide support and assistance
  • 3.
    ITU-T Key Features Truly global public/private partnership  95% of work is done by private sector  Continuously adapting to market needs  Pre-eminent global ICT standards body
  • 4.
    ITU-T Study Groups TSAG SG 2 Numbering SG 12 Quality SG 3 Tariffs SG 13 Future Networks Climate Change SG 5 & EMC Access & SG 15 Transport Networks SG 9 Cable TV SG 16 Multimedia Protocols SG 11 & Testing SG 17 Security 4/48
  • 5.
    Personally Identifiable Information (PII)  Aspects of privacy and protection of PII data is a key concern to the ITU-T (SG 17 )  Recommendations published have identified security threats and provide guidelines in that area.  Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.  Recommendation ITU-T X.1275 standardizes a possible, privacy impact assessment (PIA) process for the entire RFID system  Joint Coordination Activity on Internet of Things (JCA-IoT)  Focus Group on Machine-to-Machine Service Layer
  • 6.
    SG 17 Questionsinvolved in “privacy” studies  Question 3/17 “Telecommunications information security management”  Question 4/17 “Cybersecurity”  Question 6/17 “Security aspects of ubiquitous telecommunication services”  Question 7/17 “Secure application services”  Question 9/17 “Telebiometrics”  Question 10/17 “Identity management architecture and mechanisms”  Further candidate Questions could be  Question 8/17 “Cloud computing security”  Question 11/17 “Directory services, Directory systems, and public- key/attribute certificates”
  • 7.
    Definitions of Privacyin ITU-T Recommendations Privacy  ITU-T X.1252 (04/2010) “Baseline identity management terms and definitions”  The right of individuals to control or influence what personal information related to them may be collected, managed, retained, accessed, and used or distributed.  ITU-T Y.2720 (01/2009) “NGN identity management framework”  The protection of personally identifiable information.
  • 8.
    Recommendation X.1171 Threats andrequirements for protection of PII in applications using tag-based identification Basic model of a B2C application 8/48
  • 9.
    X.1171 Threats PII infringement through information leakage 9/48
  • 10.
    ITU-T X.1275  Guidelineson protection of personally identifiable information in the application of RFID technology  Privacy principles (based on privacy principles of: Council of Europe], EC Directive 95/46, EC Directive 2002/58/EC, OECD, and UNHCR)  Threats and infringements of PII in RFID  Typical RFID applications and possible threats to PII  Supply-chain management  Transportation and logistics  Healthcare and medical application  e-government  Information service  Guidelines on protection for personally identifiable information 10/48
  • 11.
    X.1275 RFID applications and threats to PII Information Field Typical applications Possible privacy threats in RFID tag Tracking, profiling of persons Inventory management Product performing of inventory Supply chain Tracking, profiling Retail (e.g., supermarket) Product (after purchasing good) Public transportation User's ID, charging, etc. Tracking, profiling ticket Highway toll User's ID, charging, etc. Tracking, profiling Transportation and logistics Vehicle tracking Product Tracking, profiling Fleet/container Tracking, profiling of persons Product management handling of containers Patient's ID, medical history, Tracking patients Tracking, profiling, invisibility etc. Preventing medication Patient's ID, medical history, Tracking, profiling Healthcare errors prescription, etc. Blood or medicines tracking for anti- Product × counterfeiting People's ID, nationality, Tracking, profiling, e-government e-passport biometric counterfeiting PII Information services Smart poster Product × 11/48
  • 12.
    Other Work  X.gpim  Draft Recommendation, Guideline for management of personally identifiable information for telecommunication organizations  Big Data view  Scope  provides a guideline of management PII in the context of telecommunications  Possibly joint work Liaison cooperation with ISO/IEC JCT 1/SC 27/WG 1
  • 13.
    Summary  Internet-of-Things (IoT),ubiquitous sensor networks (USN), Machine- to-Machine (M2M) and network aspects of identification systems, including RFID (NID) play an important role in ITU-T’s standardization activities.  Various ITU-T Study Groups and ITU-T initiatives are addressing RFID/NID, IoT, USN and M2M including the security aspects thereof; an initial suite of ITU-T Recommendations has already been developed in that domain and serves as a tool set for standard developers and implementers; yet the comprehensive subject is still emerging and forthcoming drafts are in preparation by the ITU-T Global Standards Initiative (GSI-IoT) where those standards are being developed in cooperation among the experts.  Aspects of privacy and protection of PII (personally identifiable information) data is a key concern and first set of ITU-T Recommendations published have identified security threats and provide guidelines in that area.  Recommendation ITU-T X.1171 identifies threats and requirements for PII protection in application using tag-based identification.  Recommendation ITU-T X.1275 standardizes a possible, privacy 13/48 impact assessment (PIA) process for the entire RFID system.
  • 14.
    THANK YOU For furtherinformation http://www.itu.int/ITU-T http://www.itu.int/ITU- T/studygroups/com17 14/48

Editor's Notes

  • #9 http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=X.1171
  • #11 http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=X.1275
  • #12 http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=X.1275