Communication-and-Security-in-M2M
Download
Report
Transcript Communication-and-Security-in-M2M
Communication and Security in
Machine-to-Machine Systems
Date │ 2016 02 03
Reporter │ 李雅樺
1
Outline
•
•
•
•
Introduction
M2M architecture defined by ETSI
Communication establishment
Research opportunities and standardization challenges in
M2M systems
• Conclusions
• Architecture and functionality in M2M standards
2
Introduction
• oneM2M
– Goal is to develop technical specifications which address the need for
a common M2M service layer, which can be realized through various
hardware and software implementations, to connect diverse M2M
devices with M2M servers.
• ETSI
– One of the most influential standardization organizations involved in
creating common standards for M2M communication.
3
M2M architecture defined by ETSI
• Work with
–
–
–
–
3GPP : 3rd Generation Partnership Project
3GPP2
OMA : Open Mobile Alliance
BBF : Broadband Forum
• Work on
– They define a high-level architecture view that identifies all
constituents of M2M systems.
– They also define a functional architecture view together with
reference points between different entities in M2M systems.
4
High-level Architecture
M2M Device
It runs DA using DSCL
5
High-level Architecture
M2M Gateway
It runs GA using GSCL
6
High-level Architecture
M2M Area Network
It provides connectivity
base on Personal or
local area network tech
(e.g. Zigbee, Bluetooth)
7
High-level Architecture
Access Network
It allows M2M devices and
gateways to communicate
with core network.
8
High-level Architecture
Core Network
It enables interconnection
with other networks.
It provides IP connectivity or
other connectivity options,
service and control functions,
and roaming.
9
High-level Architecture
M2M Management
Functions
They consist of all the
functions required to
manage M2M service
capabilities in the network
domain.
10
High-level Architecture
Network Management
Functions
They consist of all the
functions required to
manage access and core
networks.
11
Functional Architecture
• One of the main M2M standardization objectives is the
development of functionalities that will allow efficient
deployment for M2M applications.
• Each M2M domain has its own SCL, which provides functions
that are exposed on the mIa, dIa, mId, and mIm reference
points.
• mIm reference point extends the reachability of services
offered over mId reference point.
12
Functional Architecture
xAE
Application enablement
xGC
Generic communication
xRAR
Reachability, addressing, and repository
xCS
Communication selection
xREM
Remote entity management
xSEC
Security
xHDR
History and data retention
xTM
Transaction management
xIP
Interworking proxy
xCB
Compensation brokerage
NTOE
Telco operator exposure
13
Communication establishment
• M2M Device
• Implement ETSI M2M service capabilities ( => D )
• Not ( => D’ )
• Connect to the network domain through gateway
• Directly (via M2M access network)
• Indirectly (via M2M area network)
14
Communication establishment
Device 1 ( D )
Directly through mId to NSCL
15
Communication establishment
Device 2 ( D’)
Indirectly through dIa to GSCL
16
Communication establishment
Device 3 ( D’)
Directly through dIa to NSCL
17
Communication establishment
• However, an M2M device may not support IP protocol
for communication.
• A legacy device can be connected to M2M network
domain by three ways.
• M2M Device
• Implement ETSI M2M service capabilities ( => D )
• Not ( => D’ )
• Legacy device
18
Communication establishment
Device 4 (legacy)
Indirectly through GIP on G
Gateway Interworking Proxy
19
Communication establishment
Device 5 (legacy)
Indirectly through DIP on D
20
Communication establishment
Device 6 (legacy)
Directly through NIP
21
Application Registration
• Involves local registration of an M2M application with the
local SCL.
• Purpose : allow the M2M application to use M2M services
offered by the local SCL. As a result, the local SCL obtains
context information on the registered applications.
• Kmc obtained from the Kmr root key after mutual
authentication may be used to protect application registration.
22
Application Registration
• Network Bootstrap & Network Registration
– Purpose of Bootstrap : configure an M2M device or gateway in order
to connect and register to the access network.
– Registration involves the registration of the M2M device/gateway with
the access network, based on the corresponding access network
standards.
• M2M Service bootstrap & M2M Service connection
Entity B
Entity A
Entity Z
23
Application Registration
• Network Bootstrap & Network Registration
– Purpose of Bootstrap : configure and M2M device or gateway in order
to connect and register to the access network.
– Registration involves the registration of the M2M device/gateway with
the access network, based on the corresponding access network
standards.
• M2M Service bootstrap & M2M Service connection
Unique identifier
Entity B
Unique identifier
Entity Z
Unique identifier
Entity A
24
Identifiers used during
M2M service bootstrap and connection
• Pre-provisioned Identifier
– Needs to be pre-provisioned by the M2M device/gateway
manufacturer
• M2M Node Identifier (Node-ID)
– Uniquely identifies a particular M2M entity on a global level.
• M2M Service Connection Identifier (Connection-ID)
– Identifies an M2M service connection.
NSCL
authenticated
authorized
D/GSCL
25
M2M connection establishment
26
Application Registration
•
•
•
•
Bit 0 : Bluetooth
Bit 1 : Wi-Fi
Bit 2 : Wireless M-Bus
Bit 3 : ZigBee
• Value 0
– M2M device does not support that communication tech.
• Last bit value 1
– expand the header with other bytes.
• Those identifiers/ addresses are of different lengths
27
SCL Registration
• The architecture defines three ways the mId may be secured
• Via access network layer security
– if the underlying access network is already physically secured.
• Via channel security
– It can be established after the M2M service connection procedure
takes place.
• Via object security
– M2M implementation may also rely on object security by applying
security at the protocol payload level.
28
Research opportunities and standardization
challenges in M2M systems
• Research opportunities: Communication and identification
– IP protocol may be too complex for small devices.
• GIP allows communication between IP and non-IP devices by providing interfaces.
• Developing simplified IP stacks over existing low energy protocol suites. (6LoWPAN)
– May applications in distributed system rely on flat because of different
communication tech.
• Without an M2M gateway regardless of communication tech
• Modify current applications in such a way that they work
– Always accessible
• Switch between sleep and job mode – Rich Presence Information (RPI)
• Gateway needs to wake up the sleeping device – trigger
– Management functionalities due to a huge number of entities.
29
Research opportunities and standardization
challenges in M2M systems
• Research opportunities: Communication and identification
– IP protocol may be too complex for small devices.
• GIP allows communication between IP and non-IP devices by providing interfaces.
• Developing simplified IP stacks over existing low energy protocol suites. (6LoWPAN)
– May applications in distributed system rely on flat because of different
communication tech.
• Without an M2M gateway regardless of communication tech
• Modify current applications in such a way that they work
– Always accessible
• Switch between sleep and job mode – Rich Presence Information (RPI)
• Gateway needs to wake up the sleeping device – trigger
– Management functionalities due to a huge number of entities.
30
Research opportunities and standardization
challenges in M2M systems
• Research opportunities: Communication and identification
– IP protocol may be too complex for small devices.
• GIP allows communication between IP and non-IP devices by providing interfaces.
• Developing simplified IP stacks over existing low energy protocol suites. (6LoWPAN)
– May applications in distributed system rely on flat because of different
communication tech.
• Without an M2M gateway regardless of communication tech
• Modify current applications in such a way that they work
– Always accessible
• Switch between sleep and job mode – Rich Presence Information (RPI)
• Gateway needs to wake up the sleeping device – trigger
– Management functionalities due to a huge number of entities.
31
Research opportunities and standardization
challenges in M2M systems
• Research opportunities: Communication and identification
– IP protocol may be too complex for small devices.
• GIP allows communication between IP and non-IP devices by providing interfaces.
• Developing simplified IP stacks over existing low energy protocol suites. (6LoWPAN)
– May applications in distributed system rely on flat because of different
communication tech.
• Without an M2M gateway regardless of communication tech
• Modify current applications in such a way that they work
– Always accessible
• Switch between sleep and job mode – Rich Presence Information (RPI)
• Gateway needs to wake up the sleeping device – trigger
– Management functionalities due to a huge number of entities.
32
Research opportunities and standardization
challenges in M2M systems
• Research opportunities: Security and privacy
– Given the limitations on the computational capabilities of many
sensing and actuating platforms, security tech must be developed to
cope with heterogeneous devices, some of which may be very limited.
– As distributed and autonomous trust mechanisms will be required,
trust must be established on an M2M device from the start.
• Trusted computing group has proposed autonomous and remote validation models.
– Anonymity and liability are two interrelated security requirements for
M2M applications.
33
Research opportunities and standardization
challenges in M2M systems
• Research opportunities: Security and privacy
– Given the limitations on the computational capabilities of many
sensing and actuating platforms, security tech must be developed to
cope with heterogeneous devices, some of which may be very limited.
– As distributed and autonomous trust mechanisms will be required,
trust must be established on an M2M device from the start.
• Trusted computing group has proposed autonomous and remote validation models.
– Anonymity and liability are two interrelated security requirements for
M2M applications.
34
Research opportunities and standardization
challenges in M2M systems
• Research opportunities: Security and privacy
– Given the limitations on the computational capabilities of many
sensing and actuating platforms, security tech must be developed to
cope with heterogeneous devices, some of which may be very limited.
– As distributed and autonomous trust mechanisms will be required,
trust must be established on an M2M device from the start.
• Trusted computing group has proposed autonomous and remote validation models.
– Anonymity and liability are two interrelated security requirements for
M2M applications.
35
Research opportunities and standardization
challenges in M2M systems
• Standardization challenges
– M2M can replace proprietary tech such as SCADA in the future. Unlike
SCADA, M2M devices are able to push data to a server and M2M also
works with standardized tech. Such factors will push towards the
replacement of proprietary tech with M2M solutions in the long term.
– The security co-processor may enable efficient cryptographic
operations in low-end sensing and actuating platforms, and more
complete hardware-based security solutions can also be used, such as
the one currently proposed with Trustchip.
36
Research opportunities and standardization
challenges in M2M systems
• Standardization challenges
– M2M can replace proprietary tech such as SCADA in the future. Unlike
SCADA, M2M devices are able to push data to a server and M2M also
works with standardized tech. Such factors will push towards the
replacement of proprietary tech with M2M solutions in the long term.
– The security co-processor may enable efficient cryptographic
operations in low-end sensing and actuating platforms, and more
complete hardware-based security solutions can also be used, such as
the one currently proposed with Trustchip.
37
Conclusions
• Because M2M systems are primarily characterized by
heterogeneity, we propose a new pre-provisioned device
identifier, transparent of the underlying communication tech.
• As in the current Internet architecture, security will remain of
prime important and will in fact represent a fundamental
enabling factor of most of the current applications of M2M
communication.
38
Pros and Cons
• To overview, this document integrated and arranged the
introduction of M2M works and challenges clearly.
• However, it didn’t provide something new of communication
and security tech in M2M system.
39
2014 previous research
40
2015 future research
41
Architecture and Functionality in M2M Standards
• The paper investigates current standards in M2M. The architecture of ETSI
M2M and OneM2M are compared.
• Because OneM2M is based on ETSI M2M, nodes and other parts of
architecture have different name but denotes similar entities.
• The functional comparison shows similar results.
• Only Open MTC has supported connectivity by Web socket, Diameter and
MQTT. In the future work, authors will concentrate on analysis of
OneM2M platforms.
42
Reference
Communication and Security in Machine-to-Machine Systems
http://agents.usluge.tel.fer.hr/sites/default/files/Communication%20and%20Security%20in%20Machine-to-Machine%20Systems.pdf
Journal papers list of Gordan Jezic
http://dblp.uni-trier.de/pers/hd/j/Jezic:Gordan
Architecture and Functionality in M2M Standards
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7160306
M2M Service Capabilities - Full Scale Technologies
http://ppt.cc/Pmvef
TCG (trusted computing group)
http://www.trustedcomputinggroup.org/
TrustChip
http://koolspan.com/technology/trustchip/
43
Thank you.
44