Presentation is loading. Please wait.

Presentation is loading. Please wait.

Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2014-01-15.

Published byTracy Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2014-01-15."— Presentation transcript:

1 Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, shingo_fujimoto@jp.fujitsu.com Meeting Date: 2014-01-15 Agenda Item: Security TS © 2013 oneM2M Partners -SEC-2014-0012-Issues_on_Registration

2 © 2013 oneM2M Partners -SEC-2014-0012-Issues_on_Registration Introduction Security procedure on Registration is introduced as SEC-2014-0009. Contributor felt the need to share some thoughts on security issues behind procedure. 2

3 © 2013 oneM2M Partners -SEC-2014-0012-Issues_on_Registration Registration General Concept – Registration (REG) CSF is responsible for handling an Application or another CSE to register with a CSE in order to allow the registered entities to use the services offered by the registered-with CSE. The REG CSF handles registration of a Device also, so as to allow registration of Device's properties/attributes with the CSE. 3

4 © 2013 oneM2M Partners -SEC-2014-0012-Issues_on_Registration Who can use ‘service’ ? Subscriber who own the resource (management purpose) Application owned by Subscriber (=Device?) Application used by Subscriber Application authorized to access the resource which is owned by Subscriber Note: ownership can be given by M2M service provider with limited scope 4

5 © 2013 oneM2M Partners -SEC-2014-0012-Issues_on_Registration Issues regarding Registration Trust on non-infrastructure node is limited Sharing master credential between non- infrastructure nodes may cause secret leakage. API calls should be session-less to enable scale out (=parallel processing with multiple servers) 5

6 © 2013 oneM2M Partners -SEC-2014-0012-Issues_on_Registration Possible Solution (using token) 1.Application request Infrastructure node to issue the token for API calls (ex. for uploading measured data to be stored on hosting CSE) 2.Infrastructure node will return the token information for both hosting CSE and Application. 3.Application provides issued token along with the request message for API call 6

7 © 2013 oneM2M Partners -SEC-2014-0012-Issues_on_Registration Registration Before/After M2M App Trust M2M App Trust Routing Information Shared credentials Access Policy Provides resource Before After Trust UPDATE NOTIFY Registration Shared credential Provides resource CSEs are registered to communicate each other Applications are registered to use service on specific CSE (=hosting CSE) NOTIFY Application Node Infrastructure Node 7

8 © 2013 oneM2M Partners -SEC-2014-0012-Issues_on_Registration Token delivery patterns 1.Receiving as response to the authorization request 2.Receiving as redirected request (OAuth 2.x method) 3.Delivered from Service Provider (provisioning) 4.Delivered from Subscriber (enabling service) 8

9 © 2013 oneM2M Partners -SEC-2014-0012-Issues_on_Registration Potential Requirements Issuing token associated with Role (single point management at infrastructure node) Accepting token information as local access policy Handing expiration of token, and triggering to update invalidated token 9

Download ppt "Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date: 2014-01-15."

Similar presentations

Access Control Mechanism Discussion

Access Control Mechanism Discussion
CMDH Refinement Contribution: oneM2M-ARC-0397

CMDH Refinement Contribution: oneM2M-ARC-0397
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: 2014-05-07 Discussion  Source: OBERTHUR Technologies Information  Contact:

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Summary on the M2M CMDH Policies Management Object (MCMDHMO)

Summary on the M2M CMDH Policies Management Object (MCMDHMO)
Is a Node or not Node? ARC-2014-1194-Node_resolution Group Name: ARC Source: Barbara Pareglio, NEC, Meeting Date: ARC#9.1 Agenda.

Is a Node or not Node? ARC Node_resolution Group Name: ARC Source: Barbara Pareglio, NEC, Meeting Date: ARC#9.1 Agenda.
Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.

Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.
Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.

Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:

Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
App-ID Ad-Hoc Technical Issues TP AppID-2014-0003R02 Group Name: App-ID Ad-Hoc Group Source: Darold Hemphill, iconectiv,

App-ID Ad-Hoc Technical Issues TP AppID R02 Group Name: App-ID Ad-Hoc Group Source: Darold Hemphill, iconectiv,
Device Management using mgmtCmd resource Group Name: WG2/WG5 Source: InterDigital Communications Meeting Date: 2013-10-16 Agenda Item: TBD.

Device Management using mgmtCmd resource Group Name: WG2/WG5 Source: InterDigital Communications Meeting Date: Agenda Item: TBD.
OneM2M-ARC-2013-0365-Service_examples_and_evolution Service examples and evolution Group Name: WG2 Source: Philip Jacobs, Cisco Systems,

OneM2M-ARC Service_examples_and_evolution Service examples and evolution Group Name: WG2 Source: Philip Jacobs, Cisco Systems,
RoA and SoA Integration for Message Brokers Group Name: WG2-ARC Source: ALU Meeting Date: 2013-10-21 Agenda Item:

RoA and SoA Integration for Message Brokers Group Name: WG2-ARC Source: ALU Meeting Date: Agenda Item:
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:

Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!

1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
Common Service Entities

Common Service Entities
Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: 2013-10-18 Agenda Item:

Focus on developing RESTful API Group Name: TP Source: Shingo Fujimoto, FUJITSU (TTC), Meeting Date: Agenda Item:
An Operators Input for oneM2M Baseline  Group name: TP#2/WG1  Source: DTAG, Vodafone Group  Meeting Date: 2012-12-10  Agenda Item: WG1 agenda item.

An Operators Input for oneM2M Baseline  Group name: TP#2/WG1  Source: DTAG, Vodafone Group  Meeting Date:  Agenda Item: WG1 agenda item.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-19 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date: 2015-07-08.

Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:

Similar presentations

Ads by Google