SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: 2014-05-07 Discussion  Source: OBERTHUR Technologies Information  Contact:

Slides:



Advertisements
Similar presentations
Is a Node or not Node? ARC Node_resolution Group Name: ARC Source: Barbara Pareglio, NEC, Meeting Date: ARC#9.1 Agenda.
Advertisements

IoT in ODL Lionel Florit, Principal Engineer, ODL ID lflorit
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
Facing the Challenges of M2M Security and Privacy
Credential Identifiers Group Name: SEC#14.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
Report of ETSI NGN IPTV activities Rainer Münch, TISPAN Chairman Presenter: Ian Spiers DOCUMENT #:GSC13-PLEN-56 FOR:Presentation SOURCE:Rainer Münch, Ian.
Device Management using mgmtCmd resource Group Name: WG2/WG5 Source: InterDigital Communications Meeting Date: Agenda Item: TBD.
On Persistent AE Identifiers Group Name: SEC#12.2 Source: Phil Hawkes, Qualcomm Inc (TIA), Francois Ennesser,
RoA and SoA Integration for Message Brokers Group Name: WG2-ARC Source: ALU Meeting Date: Agenda Item:
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
I-D: draft-rahman-mipshop-mih-transport-01.txt Transport of Media Independent Handover Messages Over IP 67 th IETF Annual Meeting MIPSHOP Working Group.
oneM2M-OIC Interworking Technical Comparison
Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
Introduction of PRO WG activities Group Name: TP Source: Shingo Fujimoto, FUJITSU, Meeting Date: Agenda Item:
End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date:
Authorization for IoT Group Name: oneM2M SEC WG Source: Francois Ennesser, Gemalto NV Meeting Date: Agenda Item:
Application Layer Security Mike Pajevski (NASA/JPL) April 2009.
TS0001 Identifiers way forward Group Name: WG2 Source: Elloumi, Foti, Scarrone, Lu (tbc), Jeong (tbc) Meeting Date: Agenda Item: ARC11/PRO11.
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
SEC Identity_of_registrar_CSE Identity of Registrar CSE Group Name: SEC, ARC and PRO Source:FUJITSU Meeting Date: Agenda Item: Authentication.
Fuctional Procedure for oiC interworking
Certificate Enrolment STEs Group Name: SEC#17.3 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:
Step by step approach Group Name: WG2 Source: Michael hs. Yang, LG uplus, Jaeseung Song, NEC Europe, Meeting.
Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Node-Specific Resource Group Name: ARC&MAS Source: LGE, Meeting Date: Agenda Item: Contribution.
Primitive End-to-End Security Requirements Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting.
An introduction to oneM2M
OneM2M Challenges of M2M Security and Privacy
Interworking with an External Dynamic Authorization System Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.2,
SEC Conference calls following TP#11 Group Name: WG4 (SEC ) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information.
Access Control Status Report Group Name: ARC/SEC Source: Dragan Vujcic, Oberthur Technologies, Meeting Date: 09/12/2013 Agenda Item:
Device Management using mgmtCmd resource Group Name: WG2/WG5 Source: InterDigital Communications Meeting Date: Agenda Item: TBD.
LWM2M Interworking Group Name: Architecture
M2M Service Session Management (SSM) CSF
Routing Problem of the Current Architecture Group Name: ARC Source: Hongbeom Ahn, LG Electronics, Meeting Date: Agenda.
M2M Service Subscription Profile Discussion Group Name: oneM2M TP #19.2 Source: LG Electronics Meeting Date: Agenda Item:
App and Management End- to-End Security Requirements Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm,
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:
SEC #11 WG4 Status & Release 1 Outlook Group Name: Source:,, Meeting Date: Agenda Item:
M2M Service Session Management (SSM) CSF Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP8 Agenda Item:
Clarification of Access Control Mechanism on Rel-1 & Rel-2 Group Name: SEC ( ARC & PRO for information) Source: FUJITSU Meeting Date: Agenda.
Authorization Architecture Discussion Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 28 MAY, 2014 Agenda.
Draft way Forward on Access Control Model and associated Terminology Group Name: SEC Source: Dragan Vujcic, Oberthur Technologies,
Issues about management Group Name: MAS9.2 Source: Jiaxin Yin, Huawei Technologies Co., Ltd., Meeting Date: Agenda Item:
Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
DM Collaboration – OMA & BBF: Deployment Scenarios Group Name: WG5 - MAS Source: Tim Carey, ALU, Meeting Date:
Directions for Release 3 Group Name: SEC Source: NEC Europe Ltd. Meeting Date: SEC22, Agenda Item: Discuss directions.
Introduction to Service Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP8 Agenda Item:
Possible options of using DDS in oneM2M Group Name: ARC Source: KETI, Huawei, Hitachi, China Unicom Meeting Date: Agenda Item: DDS binding.
Specifying the Address of Management Client of Managed Entity Group Name: ARC Source: Hongbeom Ahn, SK Telecom, Meeting Date: TP#21 Agenda.
Interworking with an External Dynamic Authorization System Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.1,
Resource subscription using DDS in oneM2M
Provisional Architecture for oneM2M
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
Possible options of using DDS in oneM2M
Discussion about Use Case and Architecture in Developer Guide
Application Layer Security Mike Pajevski (NASA/JPL) April 2009
Proposed design principles for modelling interworked devices
oneM2M Service Layer Protocol Version Handling
MAF&MEF Interface Specification discussion of the next steps
Proximal IoT Interworking solution discussion
Considering issues regarding handling token
Maryna Komarova (ENST)
An introduction to oneM2M
3GPP V2X Interworking Potential Impact
Summary of the MAF and MEF Interface Specification TS-0032
Presentation transcript:

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact: Other  Agenda Item:

Authentication & Protocol Stack Layers Field Node HTTP/CoAP/MQTT TLS/DTLS Infrastr.ucture Node IP Data Link Layer PHY Layer Application oneM2M Layer TCP/UDP HTTP/CoAP/MQTT TLS/DTLS IP Application oneM2M Layer TCP/UDP – All data used in oneM2M security protocol should be protected using a secure protocol (such as TLS) – Authentication can be handled within the application layer, while using transport layer security for confidentiality and integrity. – When app. layer delegate the authentication to the transport layer security then security channel binding mechanism is to be used, based on RFC 5056 (On the Use of Channel Bindings to Secure Channels), RFC 5929(Channel Bindings for TLS) and/or RFC 5705(Keying Material Exporters for TLS).

Authentication in Application Layer AE CSE Mca ASN/MN/IN Authentication protocol at Application Layer performed when AE and CSE reside in the same Node.

Delegation of Authentication to lower layer Delegation of Authentication to transport security layer (use of channel binding) when AE and CSE reside in different Nodes RFC 5056: « The concept of channel binding allows applications to establish that the two end- points of a secure channel at one network layer are the same as at a higher layer by binding authentication at the higher layer to the channel at the lower layer” INADN ? AE CSE Mca AE Mca Mcc CSE ASN MN Mcc

Other clarification (to be cont. …) What’s to be authenticated by the oneM2M security Protocol: – AE-ID – CSE-ID – Node (i.e; device or gateway) - Out of scope Which entity shall get oneM2M Service Subscription prior consuming M2M Service/Resource? – AE Should ACP be applied to the AE and CSE or only the AE? – It applies to both. – The case when host CSE request registration to the remote CSE, the remote CSE may forbid the access to some specific CSE. Can we assume multiple Roles for an AE in Rel1, knowing that sessions feature is not part of Rel1 ? TBD

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.