1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T Y.3052 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (03/2017) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS, NEXT-GENERATION NETWORKS, INTERNET OF THINGS AND SMART CITIES Future networks Overview
2、 of trust provisioning in information and communication technology infrastructures and services Recommendation ITU-T Y.3052 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS, NEXT-GENERATION NETWORKS, INTERNET OF THINGS AND SMART CITIES GLOBAL INFORMATION IN
3、FRASTRUCTURE General Y.100Y.199 Services, applications and middleware Y.200Y.299 Network aspects Y.300Y.399 Interfaces and protocols Y.400Y.499 Numbering, addressing and naming Y.500Y.599 Operation, administration and maintenance Y.600Y.699 Security Y.700Y.799 Performances Y.800Y.899 INTERNET PROTOC
4、OL ASPECTS General Y.1000Y.1099 Services and applications Y.1100Y.1199 Architecture, access, network capabilities and resource management Y.1200Y.1299 Transport Y.1300Y.1399 Interworking Y.1400Y.1499 Quality of service and network performance Y.1500Y.1599 Signalling Y.1600Y.1699 Operation, administr
5、ation and maintenance Y.1700Y.1799 Charging Y.1800Y.1899 IPTV over NGN Y.1900Y.1999 NEXT GENERATION NETWORKS Frameworks and functional architecture models Y.2000Y.2099 Quality of Service and performance Y.2100Y.2199 Service aspects: Service capabilities and service architecture Y.2200Y.2249 Service
6、aspects: Interoperability of services and networks in NGN Y.2250Y.2299 Enhancements to NGN Y.2300Y.2399 Network management Y.2400Y.2499 Network control architectures and protocols Y.2500Y.2599 Packet-based Networks Y.2600Y.2699 Security Y.2700Y.2799 Generalized mobility Y.2800Y.2899 Carrier grade op
7、en environment Y.2900Y.2999 FUTURE NETWORKS Y.3000Y.3499 CLOUD COMPUTING Y.3500Y.3999 INTERNET OF THINGS AND SMART CITIES AND COMMUNITIES General Y.4000Y.4049 Definitions and terminologies Y.4050Y.4099 Requirements and use cases Y.4100Y.4249 Infrastructure, connectivity and networks Y.4250Y.4399 Fra
8、meworks, architectures and protocols Y.4400Y.4549 Services, applications, computation and data processing Y.4550Y.4699 Management, control and performance Y.4700Y.4799 Identification and security Y.4800Y.4899 Evaluation and assessment Y.4900Y.4999 For further details, please refer to the list of ITU
9、-T Recommendations. Rec. ITU-T Y.3052 (03/2017) i Recommendation ITU-T Y.3052 Overview of trust provisioning in information and communication technology infrastructures and services Summary Recommendation ITU-T Y.3052 provides an overview of trust provisioning in information and communication techno
10、logy (ICT) infrastructures and services. Recommendation ITU-T Y.3052 introduces necessity of trust to cope with potential risks due to lack of trust. The concept of trust provisioning is explained in the context of trusted ICT infrastructures and services. From the general concept of trust, the key
11、characteristics of trust are described. In addition, a trust relationship model and trust evaluation based on the conceptual model of trust provisioning are introduced. Recommendation ITU-T Y.3052 then describes trust-provisioning processes in ICT infrastructures and services. Details of potential r
12、isks and trustworthiness attributes, and use cases of trust provisioning are also provided in appendices. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T Y.3052 2017-03-29 13 11.1002/1000/13252 Keywords Trust, trust provisioning, trust index, trusted ICT infrastructure * To
13、access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T Y.3052 (03/2017) FOREWORD The International Telecommunication Union (ITU) is the U
14、nited Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recomm
15、endations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The a
16、pproval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administ
17、ration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compl
18、iance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation i
19、s required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Int
20、ellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendatio
21、n. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2017 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without
22、 the prior written permission of ITU. Rec. ITU-T Y.3052 (03/2017) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 1 4 Abbreviations and acronyms 1 5 Conventions 2 6 Introduction . 2 6.1 Potential risks a
23、nd necessity of trust 2 6.2 Trust provisioning in ICT infrastructures and services 3 7 Overview of trust and trust provisioning 4 7.1 Concept of trust 4 7.2 Fundamental characteristics of trust . 7 7.3 Model for trust provisioning . 7 7.4 Trust evaluation for trust provisioning . 9 8 Trust-provision
24、ing processes 11 8.1 Data collection 11 8.2 Data management . 11 8.3 Trust information analysis 11 8.4 Dissemination of trust information . 11 8.5 Trust information lifecycle management 11 9 Security considerations . 12 Appendix I Detailed potential risks in ICT infrastructures and services 13 I.1 R
25、isks in the physical world . 13 I.2 Risks in the cyber world . 13 I.3 Risks in the social world . 14 I.4 Risks arising from the integration of physical, cyber and social worlds 16 Appendix II Trustworthiness attributes 17 Appendix III Trust provisioning use cases . 20 III.1 Trustworthy peer-to-peer
26、accommodation service . 20 III.2 Smart office sharing . 22 III.3 Document-sharing service 24 III.4 Intermediate device selection in device-to-device environment 26 III.5 Used car transaction service . 28 Bibliography. 33 Rec. ITU-T Y.3052 (03/2017) 1 Recommendation ITU-T Y.3052 Overview of trust pro
27、visioning in information and comunication technology infrastructures and services 1 Scope This Recommendation provides an overview of trust provisioning in information and communication technology (ICT) infrastructures and services. More specifically, this Recommendation covers the following: potent
28、ial risks and necessity of trust; trusted ICT infrastructures and services; the concept of trust and characteristics of trust; a trust relationship model and trust evaluation based on the conceptual model of trust provisioning; trust-provisioning processes. NOTE Detailed potential risks are provided
29、 in Appendix I, trustworthiness attributes are described in Appendix II, and use cases of trust provisioning are provided in Appendix III. 2 References None. 3 Definitions 3.1 Terms defined elsewhere None. 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.
30、1 Trust: The measurable belief and/or confidence which represents accumulated value from history and the expecting value for the future. NOTE Trust is quantitatively and/or qualitatively calculated and measured. Trust is used to evaluate values of entities, value-chains among multiple stakeholders a
31、nd human behaviours, including decision making. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: CPS Cyber-Physical System DIKW Data, Information, Knowledge and Wisdom ICT Information and Communication Technology IoT Internet of Things 2 Rec. ITU-T Y.30
32、52 (03/2017) 5 Conventions None. 6 Introduction Digital technologies, information and communication technology (ICT) infrastructures and services are increasingly evolving toward a future knowledge society. ICT infrastructure not only improves the transmission speed at which users send and receive m
33、ultimedia data, but also allows individual users to enjoy previously inconceivable tools that improve life and business. The world can be divided into physical, cyber and social worlds. The physical world is composed of physical things that connect to other physical things, controlled by humans and
34、devices. Physical things can have sensing and actuating capabilities that can gather raw data for analysis and actuate the corresponding physical things autonomously. In the cyber world, ICT infrastructures and services provide computing, communication as well as human-to-human and human-to-machine
35、control platforms. Big data analytics and cloud computing technologies are becoming important to drive value creation, as well as fostering new products, processes and markets. Moreover, it may be possible to invent a new ecosystem by extracting accumulated knowledge from the raw data gathered by th
36、ings in the physical world. The social world contains social entities, such as individual human beings and social organization. ICT infrastructures and services enable social entities to connect to the cyber world. With the advent of online social network services, people can share their opinions an
37、d experiences in the cyber world. On the other hand, human-centric computing technologies make it easier for humans to interact with the physical and cyber worlds by using human interfaces (i.e., using the five human senses). Moreover, the knowledge extracted by big data analytics can give wisdom to
38、 human beings b-Chen, J. ICT technologies also provide convergence services for various industrial areas to offer a common service platform. ICT infrastructures and services act as the glue for integrating physical, cyber and social worlds. 6.1 Potential risks and necessity of trust While ICT infras
39、tructures and service have grown in size and complexity, the ICT world has risks, threats and vulnerabilities at component, device, system, service and human levels. There are many potential risks in the world as follows. Risks in nature. Any scientific progress and technology development may incur
40、potential risks. The development of new technologies may sometimes be undesirable if certain levels of controllability and credibility are not guaranteed. Furthermore, the adaptation of new technologies may cause instability and insecurity, since new technologies always have uncertainty. The new tec
41、hnological revolution may provide great advantages for utilizing networking resources; however, it confronts unidentified risk beforehand. Risks in the physical world. Devices and sensors have become more and more integrated into ICT infrastructures, a fact which is sometimes unrecognized by humans.
42、 Physical components are usually resource constrained and computation limited, resulting in poor implementation of security mechanisms. Thus, they are vulnerable to both external and internal attack. Risks in the cyber world. The number of vulnerabilities, threats and cyber-attacks increases in cybe
43、rspace. Cyber security and privacy mechanisms should protect both networks and services from unauthorized access. However, large-scale data collection and data analytics can pose critical privacy, security and trust issues. The risks of unanticipated uses of consumer data (such as human life and bus
44、iness behaviours) may increase. Rec. ITU-T Y.3052 (03/2017) 3 Risks in the social world. Social networking services have given rise to numerous online communities and people use them as communication media. Also, social networking services try to connect as many people as possible. Since many people
45、 share their private activities on social networks, their private information is propagated to others outside their community. Furthermore, artificial intelligence or the social Internet of things, which try to mimic human behaviour, also give rise to unexpected risks. Risks due to the integration o
46、f the physical, cyber and social worlds. In ICT infrastructures and services, entities in the physical, cyber and social worlds are integrated. A cyber-physical system (CPS) cannot be fully operational if the physical and cyber worlds have some mismatch. If the malfunction of a physical system is no
47、t notified to the responsible entities in the cyber world, there is some risk of deteriorating safety in the physical world. Moreover, without recognizing a set of rules and external conditions of a CPS, both humans and devices may understand or perceive CPS operations incorrectly, which may result
48、in risks or failures of the integrated environment. Unintentional or intentional errors, as well as mismatch of the integrated environment, may be primary causes of or contributing factors to risks and accidents. Risks due to data, information, knowledge and wisdom processes. ICT infrastructures and
49、 services provide data, information, knowledge and wisdom (DIKW)1 processes. As numerous data are generated, the number of erroneous data also increases. Malfunctions in a DIKW process, which may be caused by malicious inputs, misbehaviour of the process itself or unintended or intended manipulation, etc., create false or biased results. There are also unidentified risks due to entities that produce and utilize DIKW processes. NOTE Detailed potential risks are explained in Appendix I. ICT has
