1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1582 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2014) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cybersecurity information exchange Assured exchange Transport protocols supporting cybersecur
2、ity information exchange Recommendation ITU-T X.1582 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.50
3、0X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 T
4、elebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.
5、1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity
6、X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 CLOUD COMPUTING SECURITY Overview of cloud
7、computing security X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computing security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For further details, please refer to the list of ITU-T Rec
8、ommendations. Rec. ITU-T X.1582 (01/2014) i Recommendation ITU-T X.1582 Transport protocols supporting cybersecurity information exchange Summary Recommendation ITU-T X.1582 provides an overview of transport protocols that have been adopted and adapted for use within the Cybersecurity Information Ex
9、change (CYBEX). The Recommendation outlines applications of transport, transport protocol characteristics, as well as security considerations. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X.1582 2014-01-24 17 11.1002/1000/12037 Keywords Cybersecurity information, informat
10、ion exchange protocols, information transfer. _ * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T X.1582 (01/2014) FOREWORD The
11、 International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technic
12、al, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in
13、 turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC.
14、NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensur
15、e, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does
16、not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning t
17、he evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents,
18、which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2014 All rights reserved. No part of this publicatio
19、n may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1582 (01/2014) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 1 4 Abbreviations and acronyms 2 5 C
20、onventions 2 6 Transport protocols supporting cybersecurity information exchange 2 6.1 Application of transport 2 6.2 Transport protocol considerations 3 6.3 Security considerations . 4 6.4 Transport and session layer considerations 5 Bibliography. 6 iv Rec. ITU-T X.1582 (01/2014) Introduction A num
21、ber of exchange mechanisms and protocols already exist and are in use in the exchange of cybersecurity information. However, many, if not most of them, are either in private use and not well documented or not widely known, thus making their use in the global exchange of cybersecurity information dif
22、ficult. Also, most current exchange applications are among limited exchange partners, limited either in number or area of cybersecurity operations. To support a more global and interoperable exchange of cybersecurity information among a wider array of application spaces possible, “Cybersecurity Info
23、rmation Exchange“ (CYBEX) provides an overview of a family of protocol specific specifications supporting the globalization of cybersecurity information exchange among and between as wide range of application spaces as possible. Rec. ITU-T X.1582 (01/2014) 1 Recommendation ITU-T X.1582 Transport pro
24、tocols supporting cybersecurity information exchange 1 Scope This Recommendation provides an overview of transfer and exchange protocols that have been standardized for and/or in current usage within the application space of cybersecurity information transfer and exchange and that have been adopted
25、and adapted for use within the ITU-T Recommendations in the X.1500 series. This Recommendation is most applicable to application designers and implementers whose responsibility is to enable the transfer and exchange of cybersecurity information on local, regional or global scales. 2 References The f
26、ollowing ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this R
27、ecommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does
28、not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.1500 Recommendation ITU-T X.1500 (2011), Overview of cybersecurity information exchange (CYBEX). 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1 cybersecuri
29、ty b-ITU-T X.1205: The collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and users assets. Organization and us
30、ers assets include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cybersecurity strives to ensure the attainment and maintenance of the security properties
31、 of the organization and users assets against relevant security risks in the cyber environment. The general security objectives comprise availability, integrity (which may include authentication and non-repudiation) and confidentiality. NOTE (not part of b-ITU-T X.1205) Some specific national regula
32、tion and legislation may require implementation of mechanisms to protect personally identifiable information. 3.1.2 exchange protocol ITU-T X.1500: A set of technical rules and format governing the exchange of information between two or more entities. 3.2 Terms defined in this Recommendation This Re
33、commendation defines the following term: 3.2.1 cybersecurity entity: Any entity possessing or seeking cybersecurity information. 2 Rec. ITU-T X.1582 (01/2014) 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: BEEP Blocks Extensible Exchange Protocol CAPE
34、C Common Attack Pattern Enumeration and Classification CYBEX Cybersecurity information Exchange DDoS Distributed Denial of Service EVCERT Extended Validation Certificate HTTP Hypertext Transfer Protocol HSTS Hypertext transfer protocol Strict Transport Security IODEF Incident Object Description Exch
35、ange Format MIME Multi-purpose Internet Mail Extensions RID Real-time Inter-network Defence RSS Really Simple Syndication SCTP Stream Control Transmission Protocol SOAP Simple Object Access Protocol TCP Transmission Control Protocol TLS Transport Layer Security UDP User Datagram Protocol URI Uniform
36、 Resource Identifier XML extensible Markup Language 5 Conventions None. 6 Transport protocols supporting cybersecurity information exchange 6.1 Application of transport Cybersecurity information exchange encompasses wide variety of usage scenarios that can be implemented with several transport proto
37、cols, each with unique characteristics. In order to contrast their characteristics, four representative applications of transport are described here. 6.1.1 Information dissemination Cybersecurity entities may disseminate information on a non-discriminatory basis. This can be accomplished through wid
38、ely available protocols for feeding data, such as RSS. In such information dissemination purposes, the same set of information can be provided to anyone without filtering or tailoring the data to specific party. 6.1.2 Publish-subscribe A cybersecurity entity may subscribe to a certain information pr
39、ovider on a bilateral basis, and the information provider may feed custom-tailored data that are relevant to the specific requesting party. In such scenario, the information provider can act as intermediary between information publisher (e.g., software vendors) and subscriber. Such publish-subscribe
40、 services require filtering at the Rec. ITU-T X.1582 (01/2014) 3 intermediary that, in turn, necessitates enumeration and query, e.g., enumeration of assets or query for relevant information. 6.1.3 Assured exchange of information Cybersecurity entities with similar capabilities may exchange informat
41、ion among themselves, in order to increase coverage or to expedite incident response. Incident object description exchange format (IODEF) b-ITU-T X.1541 and real-time inter-network defence (RID) b-ITU-T X.1580 are two such protocols for communicating details. Cybersecurity entities will identify com
42、municating endpoints, and they will require authentication and assurance with each other. In such assured exchange purposes, each cybersecurity entity may need to initiate communication to other entities. This can be accomplished through bidirectional transport protocols. 6.1.4 Proof of information
43、possession Cybersecurity entities may wish to communicate with involved parties that observed particular event or incident, without disclosing details to other unaffected neighbours. This can be accomplished through certain class of cryptographic protocol, e.g., through privacy-preserving set inters
44、ection b-Kissner. Essentially, such cryptographic protocol exchanges proof of information possession without exchanging information itself, thus guaranteeing confidentiality of sensitive information. Such cryptographic protocols can be implemented on top of bidirectional transport protocols. 6.2 Tra
45、nsport protocol considerations Depending on the roles assigned to cybersecurity entities, communication endpoints may operate asymmetrically or as peers. In a typical case where roles of both endpoints are fixed in asymmetric fashion, request-response protocols are considered appropriate, as one end
46、 always initiates communication. When both endpoints work as peers, both ends may initiate communication, thus bidirectional protocols are considered appropriate. 6.2.1 Request-response protocols In request-response protocols, the client is the initiator of connection and the server is the responder
47、. Here, the flow of information is irrelevant from the client-server distinction; clients may provide information, or clients may consume information, depending on the separation of roles. With request-response protocols, servers may not be able to disseminate information to clients in a timely mann
48、er, unless clients keep polling servers. In other words, clients are the initiator of information exchange, and servers are the responders of information exchange. Available request-response protocols are summarized in Table 1. 4 Rec. ITU-T X.1582 (01/2014) Table 1 Available request-response protoco
49、ls for transfer and exchange Protocol name Characteristics References Hypertext transfer protocol (HTTP) HTTP provides basic mechanisms to retrieve information from, or submit information to the responder. HTTP can be used to exchange any type of information that can be identified by a uniform resource identifier (URI) and whose type can be specified with multi-purpose Internet mail extensions (MIME) types. b-IETF RFC 2616 Simple object access protocol (SOAP) SOAP is built on top of HTTP to faci
