Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation of ETSI TC M2M security features Group Name: WG4 Securtity Source: Francois Ennesser, Gemalto Meeting Date: 2013-04-15 Agenda Item: SEC.

Published byDamian Warren Modified over 8 years ago

Similar presentations

Presentation on theme: "Presentation of ETSI TC M2M security features Group Name: WG4 Securtity Source: Francois Ennesser, Gemalto Meeting Date: 2013-04-15 Agenda Item: SEC."— Presentation transcript:

1 Presentation of ETSI TC M2M security features Group Name: WG4 Securtity Source: Francois Ennesser, Gemalto Meeting Date: 2013-04-15 Agenda Item: SEC

2 High Level ETSI Architecture M2M Service Capabilities Layer (M2M NSCL ) M2M Gateway M2M Device M2M Device Service Capability (DSCL) M2M Device WIRELESS MOBILE FIXED.. OTHER M2M AREA NETWORK M2M Gateway Service Capability (GSCL) M2M Application M2M Application Proprietary M2M Device Proprietary Interface WIDE AREA NETWORK mId 2 mIa dIa mIa M2M App. M2M Application M2M Network Domain M2M Device & Gateway Domain REFERENCEPOINTS REFERENCE POINTS Network Application (NA) Device Application (DA) 2

3 ETSI M2M architecture principles ETSI M2M adopted a RESTful architecture style – Information represented by resources structured as a tree ETSI M2M standardizes resource structure that resides on an M2M Service Capability Layer (SCL) – Each SCL contains a resource structure where the information is kept M2M Application and/or M2M Service Capability Layer exchange information by means of these resources over the defined reference points ETSI M2M standardizes the procedure for handling the resources 3 3

4 ETSI M2M Security features Identification of the M2M Application and the M2M Devices Mutual authentication between Network Service Capability Layer and Device/Gateway Service Capability Layer that are connected Secure channel for transporting data over mId reference point Device/Gateway Integrity validation at Bootstrap and Service Connection However due to schedule constraints, some security aspects remain unaddressed – Security not addressed “end-to-end” – Security provided for M2M SP, not for M2M Application provider No disociation between “routing” and “trust” based roles at service layer level 4 4

5 ETSI TC M2M Framework © ET SI 201 1. All rig hts res erv ed 5 Security has not been addressed M2M Device/Gateway M2M Network

6 ETSI M2M Security ETSI M2M provides standardized security mechanisms for the reference point mId Devices/gateways hold secret keys protecting the connection in a “secured environment” The device/gateway is provisioned with the key M2M Root Key. The high level procedure are to – Perform mutual mId end point authentication – Perform M2M Service Connection Key agreement – Optionally, establish a secure session over mId. – Perform RESTful operations over mId 6 6

7 M2M Service Layer Procedures 7

8 Service Bootstrap Procedures Access network (AN) dependent vs. access-agnostic bootstrap – May derive M2M service credentials from existing AN credentials (e.g. UICC based) – Or provide independent service layer credentials Bootstrapping of M2M Service Layer Credentials on the field: – Establishment of shared secret Kmr in Device and Network over mId – Pre-provisioning (e.g. Smartcard based) or Automated (infrastructure assisted) methods Automated bootstrap procedures – GBA: NAF serves as MSBF (M2M Service Bootstrap Function) Uses Access Network credentials in UICC (e.g. USIM, CSIM or ISIM application) Uses same HTTP procedure as TLS/TCP for bootstrap parameters delivery – EAP/PANA: Dedicated MSBF + MAS (M2M Authentication Server) Uses any type of credentials (SIM, AKA, PSK, certificates, IBE, OTP, etc.) Access Network based: e.g. UICC with EAP-AKA / Kmr based on EMSK Or Access-agnostic: EAP-IBAKE, or EAP-TLS with certificates – TLS/TCP (Access agnostic) Uses X.509 certificates pre-provisioned on the device/gateway 256 bits encr. key, TLS 1.2 RSA AES 128 CCM or TLS 1.1 RSA AES 128 CBC SHA AES 256 Key Wrap 8

9 Generic Bootstrap Procedure M2M Device/G ateway Node MSBF (M2M Service Bootstrap Function) MAS (M2M Auth’n Server) M2M Network Node Input: -Pre-provisioned device/gateway ID -Pre-provisioned secret key Output: -M2M Device/Gateway Node ID -M2M Root Key (Kmr) -Lifetime -Optionally: -D/GSCL-ID -NSCL-ID 9 (1a)Bootstrap (1b)Bootstrap (2)MAS provisioning (Out-of scope)

10 HSS GBA Bootstrapping 10 M2M Device/G ateway Node MSBF (M2M Service Bootstrap Function) MAS (M2M Auth’n Server) Input: -xSIM credentials Output: -M2M Device/Gateway Node ID -M2M Root Key (== NAF-specific key) -Lifetime -Optionally: -D/GSCL-ID -NSCL-ID (1)GBA Bootstrapping (2a)HTTP digest auth (3)MAS provisioning (Out-of scope) BSF (Bootstrap Server Function) (2b)Retrieval of NAF key (Out-of scope)

11 EAP/PANA bootstrapping M2M Device/G ateway Node MSBF (M2M Service Bootstrap Function) MAS (M2M Auth’n Server) M2M Network Node Input: -Any kind of credentials (SIM, AKA, PSK, certs, IBE, OTP, etc.) Output: -M2M Device/Gateway Node ID -M2M Root Key (derived from EAP EMSK) -Lifetime -Optionally: -D/GSCL-ID -NSCL-ID 11 (1a)EAP method over PANA (1b)EAP method over AAA (2)MAS provisioning (Out-of scope) EAP methods:  EAP-TLS  EAP-IBAKE  EAP-SIM, EAP-AKA  Any key-generating EAP method… AAA protocols:  RADIUS  Diameter  Etc.

12 TLS/TCP Bootstrapping M2M Device/G ateway Node MSBF (M2M Service Bootstrap Function) MAS (M2M Auth’n Server) M2M Network Node Input: -Pre-provisioned X.509 client certificate and private key -Pre-provisioned root CA certificate Output: -M2M Device/Gateway Node ID -M2M Root Key (delivered from MSBF to device via HTTP) -Lifetime -Optionally: -D/GSCL-ID -NSCL-ID © ET SI 201 1. All rig hts res erv ed 12 (1a)TLS (3)MAS provisioning (Out-of scope) (2)HTTP OCSP Responder (1b)OCSP [optional]

13 Service Connection Procedures Optional derivation of M2M Service Connection (session) Key Kmc – Not needed (i.e., no Kmc) when relying on existing access network security Access Network dependent vs. access-agnostic – Direct derivation from existing AN credentials (e.g. in UICC based AN subscription) possible for GBA and EAP (no Kmr) Connection procedures – GBA (access dependent Kmc) Uses Access Network credentials in UICC (e.g. USIM, CSIM or ISIM application) – EAP/PANA Uses xSIM/UICC with EAP-SIM/EAP-AKA (access-dependent Kmc), or Uses Kmr as PSK with EAP-GPSK (access-agnostic), or – TLS/TCP (access agnostic, uses Kmr as PSK) TLS 1.1 or 1.2 with ECDHE PSK AES 128 CBC SHA (256) 13

14 Generic Connection Procedure M2M Device/G ateway Node MAS (M2M Auth’n Server) M2M Network Node Input: -M2M Device/Gateway Node ID -M2M Root Key Output: -M2M Connection ID -M2M Service Connection Key (Kmc) -Lifetime -mId security method/parameters -Optionally: -D/GSCL-ID 14 (1a)Connection (Out-of scope) (1b)Connection

15 HSS GBA Service Connection 15 M2M Device/G ateway Node Input: -xSIM credentials (1)GBA (2a)TLS-PSK BSF (Bootstrap Server Function) M2M Network Node (2b)Retrieval of NAF key (Out-of scope) Output: -M2M Connection ID -M2M Connection Key (== NAF specific key) -Lifetime

16 EAP/PANA Service connection M2M Device/G ateway Node MAS (M2M Auth’n Server) M2M Network Node Input: -M2M Device/Gateway Node ID -M2M Root Key -Alternatively: xSIM credentials Output: -M2M Connection ID -M2M Connection Key (derived from EAP MSK) -Lifetime -mId security method/parameters -Optionally: -D/GSCL-ID 16 (1a)EAP method over PANA (1b)EAP method over AAA (Out-of scope) EAP methods:  EAP-GPSK (access- agnostic)  EAP-SIM, EAP-AKA (access- dependent) AAA protocols:  RADIUS  Diameter  Etc.

17 TLS/TCP Service Connection M2M Device/G ateway Node MAS (M2M Auth’n Server) M2M Network Node 17 (1)TLS-PSK Input: -M2M Device/Gateway Node ID -M2M Root Key Output: -M2M Connection ID -M2M Connection Key (delivered from MAS to device via HTTP) -Lifetime -mId security method/parameters -Optionally: -D/GSCL-ID (2)HTTP

18 Secure connection (mId Interface) One or more of the following methods used 1.Relying on a trusted access network (i.e., lower- layer) for security This is the case where no Kmc is derived 2.Using channel security (PSK AES 128) HTTP: TLS/TCP, TLS 1.2 CBC SHA or TLS 1.1 CCM CoAP: DTLS/UDP, DTLS 1.2 CCM(_8) 3.Using object security (lacks interoperable flexibility in current releases) XML-DSIG and XML-ENC (v 1.1), using Kmc 18

19 Security Scenarios - Baseline 19 GBA TLS/TCP EAP/PANA TLS/TCP EAP/PANA GBA TLS/DTLS (Channel Security) XML-DSIG/ENC (Object Security) SIM/AKA credential Certificates Pre-provisioned device/gateway credential types M2M Bootstrap Procedures M2M Service Connection Procedures mId security methods Any type of credentials Relying on Access Network Security

20 Scenario 1: Direct GBA 20 GBA TLS/TCP EAP/PANA TLS/TCP EAP/PANA GBA TLS/DTLS (Channel Security) XML-DSIG/ENC (Object Security) SIM/AKA credential Certificates Pre-provisioned device/gateway credential types M2M Bootstrap Procedures M2M Service Connection Procedures mId security methods Any type of credentials Relying on Access Network Security These are just example scenarios. Other scenarios are possible….

21 Scenario 2: TLS/TCP 21 GBA TLS/TCP EAP/PANA TLS/TCP EAP/PANA GBA TLS/DTLS (Channel Security) XML-DSIG/ENC (Object Security) SIM/AKA credential Certificates Pre-provisioned device/gateway credential types M2M Bootstrap Procedures M2M Service Connection Procedures mId security methods Any type of credentials Relying on Access Network Security

22 Scenario 3: EAP/PANA 22 GBA TLS/TCP EAP/PANA TLS/TCP EAP/PANA GBA TLS/DTLS (Channel Security) XML-DSIG/ENC (Object Security) SIM/AKA credential Certificates Pre-provisioned device/gateway credential types M2M Bootstrap Procedures M2M Service Connection Procedures mId security methods Any type of credentials Relying on Access Network Security

23 ETSI Support of Integrity Validation Integrity Validation (IVal) – optional feature enabling e.g. to detect tampering of device – enables fine grained access control for both M2M Device/Gateways and M2M Service Providers. Rel-1 supports IVal prior to Bootstrap and during Service Registration procedures – Code Integrity checks performed/stored in Secured Environment – IVal result (4 bytes): Mapping device software image to standard M2M services Sent to M2M Service Provider during service registration. Signed with IVal key to ensure integrity and authenticity of reported results. – The M2M Service Provider can grant or deny service access based on the reported IVal results and provider policy 23

24 Integrity Validation Call Flow 24 M2M Device/Gateway M2M Service Provider MAS/MSBF Perform IVal for Bootstrap / Connection Device IVal Bootstrap/Connection Security Policy gates whether bootstrap continues or halts Bootstrap Procedure Service Connection Procedure Perform IVal for Service Registration Device IVal Service Registration Security Policy gates whether registration continues or halts Service Registration Request (includes signed IVal results) IVal results: 32-bit signed mapping of standard service capabilities Access Control based on IVal results and policies Access granted or denied based on service provider policy Service Registration Result Initiate M2M Services

25 Contact Details: francois.ennesser@gemalto.com © ET SI 201 1. All rig hts res erv ed 25 Thank you!

Download ppt "Presentation of ETSI TC M2M security features Group Name: WG4 Securtity Source: Francois Ennesser, Gemalto Meeting Date: 2013-04-15 Agenda Item: SEC."

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
World Class Standards 1 SCP(11)0001 SCP Plenary #47 January 12-14, 2011 Title*: Update on TC M2M activities (and Smart Metering Mandate) Submitted by:

World Class Standards 1 SCP(11)0001 SCP Plenary #47 January 12-14, 2011 Title*: Update on TC M2M activities (and Smart Metering Mandate) Submitted by:
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation 22.4.2008 ESPOO, Finland.

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Pre-Shared Key TLS with GBA support Thesis presentation ESPOO, Finland.
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: 2014-05-07 Discussion  Source: OBERTHUR Technologies Information  Contact:

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.

World Class Standards ANFOV - Milano, 14 November 2007 – Paolo DE LUTIIS ANFOV - Milano, 14 November 2007 Autore:Paolo DE LUTIIS Telecom Italia Security.
Example for SCL resource usage according to ETSI TC M2M March 2011 Josef Blanz, Qualcomm Inc.

Example for SCL resource usage according to ETSI TC M2M March 2011 Josef Blanz, Qualcomm Inc.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.

1 © NOKIA MitM.PPT (v0.2) / 6-Nov-02 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI.
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:

Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
Facing the Challenges of M2M Security and Privacy

Facing the Challenges of M2M Security and Privacy
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
TTA Views on Technical Scope of M2M Consolidation 17 August 2011 TTA M2MCons02_16 (Agenda 4.3)

TTA Views on Technical Scope of M2M Consolidation 17 August 2011 TTA M2MCons02_16 (Agenda 4.3)
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Similar presentations

Ads by Google