Cybersecurity trusted exchange

Within the Information Exchange Framework, the actual exchange of structured information can occur many different ways – via a network or physically transported. A key element for this exchange is trust – trust in the identity of the parties as well as the information being conveyed. The latter can have additional requirements imposed if the exchanged information is subsequently used for evidentiary purposes.

Trust Assurance

Many different trust assurance mechanisms are used in conjunction with the exchange of cybersecurity information. Several are included as part of this framework.

Rec. ITU-T X.eaa (document not available), Entity authentication assurance. This Recommendation | International Standard provides an authentication life cycle framework for managing the assurance of an entity’s identity and its associated identity information in a given context. Specifically it provides methods to 1) qualitatively measure and assign relative assurance levels to the authentication of an entity’s identities and its associated identity information, and 2) communicate relative authentication assurance levels. 2nd Status Report: Correspondence Group (CG) for the Harmonization of Liberty Alliance Identity Assurance Framework (IAF) and SG 17's Entity Authentication Assurance (X.eaa) work

Rec. ITU-T X.evcert, Extended Validation Certificate Framework. The Extended Validation Certificate Framework consists of an integrated combination of technologies, protocols, identity proofing, lifecycle management, and auditing practices that describe the minimum requirements that must be met in order to issue and maintain Extended Validation Certificates (“EV Certificates”) concerning a subject organization. The framework accommodates a wide range of security, localization and notification requirements.

ETSI TS102042 V.2.1 (document not available), Policy requirements for certification authorities issuing public key certificates. The present document specifies policy requirements relating to Certification Authorities (CAs) issuing public key certificates, including Extended Validation Certificates (EVC). It defines policy requirements on the operation and management practices of certification authorities issuing and managing certificates such that subscribers, subjects certified by the CA and relying parties may have confidence in the applicability of the certificate in support of cryptographic mechanisms.

Information Exchange Protocols

This section contains specific exchange protocols that are used in diverse cybersecurity information exchange contexts.

Rec. ITU X.cybex-tp, Transport Protocols supporting Cybersecurity Information Exchange. This recommendation provides an overview of exchange protocols which have been adopted and or adapted for use within the Cybersecurity Information Exchange Framework, Cybex.

Rec. ITU-T X.cybex-beep, Blocks eXtensible eXchange Protocol Framework for CYBEX. RFC3080 describes a generic application protocol kernel for connection-oriented, asynchronous interactions called BEEP. At BEEP's core is a framing mechanism that permits simultaneous and independent exchanges of messages between peers. Messages are arbitrary MIME content, but are usually textual (structured using XML). All exchanges occur in the context of a channel -- a binding to a well-defined aspect of the application, such as transport security, user authentication, or data exchange. Each channel has an associated "profile" that defines the syntax and semantics of the messages exchanged. Implicit in the operation of BEEP is the notion of channel management. In addition to defining BEEP's channel management profile, this document defines: the TLS transport security profile; and, the SASL family of profiles. Other profiles, such as those used for data exchange, are defined by an application protocol designer.

Rec. ITU-T, X.cybex-soap (document not available), Simple Object Access Protocol for CYBEX. SOAP is a lightweight protocol for exchange of information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses. SOAP can potentially be used in combination with a variety of other protocols; however, the only bindings defined in this document describe how to use SOAP in combination with HTTP and HTTP Extension Framework.

Transport of Real-time Inter-network Defense (RID) Messages. This specification specifies the transport of RID messages within HTTP Request and Response messages transported over TLS. [HTTP is defined in RFC2616, Real-time Inter-network Defense (RID) is defined in RFC6045 and the Transport for Real-time Inter-network Defense (RID) is defined in RFC6046.]

ETSI TS102232-1 (document not available), Handover Interface and Service-Specific Details (SSD) for IP delivery. The -1 module of the Handover Interface and Service-Specific Details (SSD) for IP delivery specification contains protocols and their implementation for trusted delivery of forensic information to law enforcement and security authorities.