slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
SCP(14)000229 SCP Plenary #65 August 2014 PowerPoint Presentation
Download Presentation
SCP(14)000229 SCP Plenary #65 August 2014

SCP(14)000229 SCP Plenary #65 August 2014

166 Views Download Presentation
Download Presentation

SCP(14)000229 SCP Plenary #65 August 2014

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SCP(14)000229 SCP Plenary #65 August 2014

  2. oneM2M Standardization Partnership oneM2M is (like 3GPP) a Joint Partnership between telecom SDOs ETSI (Europe), TTC / ARIB (Japan), TIA / ATIS (North America), TTA (Korea) and CCSA (China) Type 2 partners: OMA, BroadBand Forum, Home Gateway Initiative, Continua, New Generation M2M Consortium oneM2M provides international consolidation of regional efforts to standardize a “horizontal” M2M service layer May rely on services provided by underlying Access Networks Providing an API to vertical applications: Energy, Transport, Health... The Initial Release of oneM2M Specifications is now available for public review at Comments received by November 1 will be considered and addressed in the official release to be published Q1 2015 by the partner SDOs

  3. Horizontal M2M Service Platform Pipe (vertical): 1 Application, 1 NW, 1 (or few) type of Device Horizontal (based on common Layer) Applications share common infrastructure, environments and network elements BusinessApplication Business Business Business Application #i Application #1 Application #N Common Application Infrastructure CommunicationNetwork (mobile, fixed, Powerline ..) CommunicationNetwork 2 CommunicationNetwork 1 Gateway Local NW IP Gateway Local NW Device Device Device Device Device

  4. Leveraging on existing technologies • M2M Area Networks • PLC • SRD • UWB • ZigBee • M-BUS • Wireless M-BUS • IEEE 802.15 • Core Networks • 3GPP (GPRS, EPC) • ETSI TISPAN • ATTM • NGN • Access Networks • xDSL • Hybrid FiberCoax • PLC • Satellite • GERAN, UTRAN, eUTRAN • WLAN • SRDs • UWB • WiMAX M2M Area Network M2M Application Smart Energy DIRECT CONNECT M2MCore Service Capabilities Smart User M2MGateway Smart Health Client Application Smart Transport DIRECT CONNECT Application Domain Network Domain M2M Device Domain

  5. oneM2M Initial Release deliverables Published Candidate Specification package: TS-0002 Service Requirements, TS-0011 Definitions and Acronyms TS-0001 Functional Architecture (RESTful API to access M2M Services) TS-0005 System Management Enablement, OMA TS-0006 System Management Enablement, BBF TS-0003 Security Solutions (Provisioning, Authentication, Authorization) TS-0004 Core Protocols TS-0008 CoAP Binding TS-0009 HTTP Binding Supporting TRs are published independently from the Release TR-0001 Use Cases, TR-0008 Security Analysis, TR-0007 Abstraction & Semantics, TR-0009 Protocol Analysis…

  6. oneM2M status and future plans oneM2M candidate specifications are quite comparable in terms of features to ETSI M2M specifications (TS 102 690, TS 102 921) Horizontal platform with RESTful architecture Support for CoAP and HTTP protocol bindings oneM2M main specificities System management options include not only BBF TR069 and OMA DM 1.3 but also OMA DM 2.0 and OMA LWM2M (LightWeight M2M) Additional protocol bindings may come later: MQTT, XMPP? Service-Oriented architecture features are under definition Security is the object of a dedicated specification for easier readability More open and flexible framework, especially for provisioning No redundant options (EAP/PANA solutions not included in oneM2M)

  7. oneM2M Security WG Deliverables TR-0008: Threat Analysis and background technical information Already published as ETSI TR 118 503 TS-0003 Security Solutions: Scenarios for Security provisioning in M2M Systems Relying on PKI Certificates (asymmetric) for Devices or Applications, or on Pre-Shared (symmetric) keys Pre-Provisioning (e.g. through Secure Element / UICC), or derivation from pre-existing Network Access credentials (via GBA), or Remote Provisioning with M2M Enrolment Function operated by a Trusted Party Remote security administration (OTA or over IP) with support of SE / TEE Authentication, confidentiality and integrity of communication May rely on M2M Authentication Function operated by a Trusted Party Hop-by-hop or End-to-end (depending on provisioning) Authorization to access M2M Resources based on configured Policies

  8. oneM2M Security WG Next Steps oneM2M specifications will be enhanced by gradual “point releases” after January 2015 Expected security WG enhacements: “End-to-end Security and Group Authentication” (New Work Item) Dynamic Authorization model (token based, e.g. Oauth, rather than preconfigured access rules) Secure Environment Abstraction layer Huge variety of applications and specific threats, from logistics optimization to critical infrastructures, require different protection levels This can be provided by various Secure Environment technologies, e.g. Independent Secure Element, e.g. UICC Trusted Execution Environment, e.g. GP A Secure Environment technology independent API should be exposed to M2M applications through the Secure Environment Abstraction Layer

  9. TS-0003 UICC application framework: “1M2MSM” TS-0003 Annexes specify the oneM2M Service Module UICC Application (1M2MSM) supporting PSK-based M2M Service Provisioning and Key Derivation very similar, though not backward compatible, with the M2MSM UICC application specified by ETSI TC M2M as part of ETSI TS 102 921 ETSI M2M and oneM2M each defined their own identifiers etc. oneM2M RID requested in ISO 7816-5 will be communicated to TC SCP Though ETSI M2M specifications were contributed to oneM2M, oneM2M specifications are not backward compatible with ETSI M2M TC SmartM2M now only maintains Release 2 of the ETSI M2M specifications, which include the M2MSM UICC application As oneM2M standards were not available, current implementations comply with ETSI M2M specifications and are expected to migrate to oneM2M standards when officially published

  10. M2M / IoT standardization landscape From M2M to IoT Traditional M2M model could accommodate “siloed” applications Client-Server, One-to-Many communication (Mainframe to Devices) Static security setup: Authentication and Authorization can be coupled Emerging IoT paradigm requires cross-sector interoperability Many-to-Many communication: intelligent machines act as devices or servers! Dynamic security model where authorization requires additional granularity Most SDOs and fora want to be involved in the IoT ISO/IEC, IEEE SA, ITU are all stepping up their own IoT activities… and considering the horizontal platform concept! Consolidation of standardization efforts will be critical to their success! Indian Telecom SDO and CEN/CENELEC now expressing interest in oneM2M

  11. Status on M/490 Standardization Mandate M/490 (Smart Grids: SG) now consolidates activities from M/441 (Smart Metering) and parts of M/468 (Electric Vehicles Charging) Mandates accepted jointly by ETSI/CEN/CENELEC ETSI TC SmartM2M still coordinates ETSI activities for these mandates Smart Grid Information Security (SGIS) Working Group of M/490 Finalizing updated SGIS report by end 2014: now including security certification standards (ISO 15408, ISO 19790) Open Risk Assessment approach illustrated by practical examples Further activities (beyond 2014) may be assigned by the EC

  12. Other EU activities in Smart Energy Expert Group 2 tasks to support EC regulation around Privacy: Former Privacy Directive (interpreted by Member States) now replaced by EU wide Regulation Smart Grid Data Protection Impact Assessment Framework: Now endorsed by Member States Data Protection Authorities SG Security Recommendations: Promoted by ENISA, advocating importance to enforce a common Security Certification scheme for SG components (link to other Critical Infrastructure Protection activities) Wider “Stakeholders Forum” created to select “Best Available Techniques” for SG privacy, among the ones collected by EG2 Activities to support a “Smart Appliance” EU label Also handled by ETSI TC SmartM2M Main challenge is to find interoperable semantics between appliances!