💵
ITU DFS Security Assurance Framework
  • Acronyms
  • Executive Summary
  • Introduction
  • ITU-T Recommendation X.805 Overview
  • DFS Provider Business Models
  • Elements of DFS ecosystem
  • Security threats
  • DFS Security Assurance Framework
    • Risk assessment methodology
      • Assessment of DFS security vulnerabilities, threats and mitigation Measures
  • DFS security vulnerabilities, threats and mitigation Measures In order to systematical
    • Account and Session Hijacking
    • Attacks against systems and platforms
    • Code Exploitation Attacks
    • Data Misuse
    • Denial of Service Attacks
    • Insider Attacks
    • Man-in-the-middle and social engineering attacks
    • Compromise of DFS Infrastructure
    • Compromise of DFS Services
    • SIM attacks
    • Unauthorized access to DFS data
    • Malware
    • Rogue Devices
    • Unauthorised Access to Mobile Devices
    • Unintended Disclosure of Personal Information
    • Zero-Day Attacks
    • Attacks against credentials
Powered by GitBook
On this page

ITU-T Recommendation X.805 Overview

PreviousIntroductionNextDFS Provider Business Models

Last updated 1 year ago

The Security Assurance Framework uses the ITU-T Recommendation X.805 as its foundation for applying security control measures to achieve end-to-end network security, it also largely suggests controls based on the recommendations in the technical report “Security Aspects of Digital Financial Services”[1] by the ITU-T Focus group Digital Financial Services.

The end-to-end communications environment of the DFS ecosystem is considered in terms of the ITU-T Recommendation X.805 and provides a useful reference framework for security management. The ITU-T Recommendation X.805 security architecture has eight ‘security dimensions’, which are measures designed to address a particular aspect of network security.

The eight security dimensions that provide a systematic way of encountering network threats are as follows.

  • Access control: Protection against unauthorized use of network resources.

  • Authentication: Methods of confirming the identities of communicating entities.

  • Non-repudiation: Methods to prevent an individual or entity from denying cause of an event or action.

  • Data confidentiality: Protection of data from unauthorized disclosure.

  • Communication security: Assurance that information only flows between authorized endpoints without being diverted or intercepted.

  • Data integrity: Protection of the correctness and accuracy of data.

  • Availability: Prevention of denial of authorized access to network elements and data.

  • Privacy: Protection of data information that might be derived from observing network activity.

Figure 1 - ITU-T Recommendation X.805 Security Dimensions

ITU-T Recommendation X.805 defines a hierarchy of network equipment and facility groupings into three security layers. These security layers provide comprehensive, end-to-end security solutions and identify where security must be addressed in products and solutions because each layer may be exposed to different types of threats and attacks.

The security layers are as follows:

  1. Infrastructure Security Layer: consists of the basic building blocks used to build telecommunications networks, services and applications, and consists of individual transmission links and network elements including their underlying hardware and software platforms.

  2. Services Security Layer: consists of services that customers/end-users receive from networks. These services range from basic connectivity and transport.h

  3. Applications Security Layer: focuses on network-based applications that are accessed by customers/end-users.

[1]ITU-T Focus Group Digital Financial Services, Security Aspects of Digital Financial Services, January 2017, https://www.itu.int/en/ITU-T/studygroups/2017-2020/09/Documents/ITU_FGDFS_SecurityReport.pdf