ETSI Machine-to-Machine (M2M) Standardization

ETSI Machine-to-Machine (M2M) Standardization Presentation for TIA/ETSI workshop 21st March 2011, Jersey City

Participants on behalf of ETSI TC M2M Josef Blanz, Qualcomm Barbara Pareglio & Enrico Brancaccio, Ericsson Paul Russel, Interdigital Omar Elloumi, Alcatel-Lucent Jingyi Zhou, Verizon Wireless

Machine-to-Machine (M2M) is about communication among Machines without (or only limited) human intervention M2M Buildings Production Healthcare Security Energy Retail Transport Home Office Home / Hospital Mobile Generation Distribution On/Off Road Vehicles Supply Chain Home / Office Automation, E Health / Assisted Living Smart Meters, Smart Grid / green Energy Intelligent Transport Sys- tems/e- Vehicles/ Goods Tracking Automation Quality control Crime / Terrorism Desaster / Emergency Stores Tourism Production line management, Quality control Electronic Monitoring/ Military Use Goods Tracking / Supply chain Automation 3

M2M is inverting the pipes World Class Standards Pipe (vertical): 1 Application, 1 NW, 1 (or few) type of Device Horizontal (based on common Layer) Applications share common infrastructure, environments and network elements Business Application Business Application #1 Business Application #i Business Application #N M2M Applications providers run individual M2M services. Customer is Device owner Transport Network (mobile, fixed, Powerline..) Gateway Local NW Devic e Common Application Infrastructure Transport Network 1 Transport Network 2 Gateway IP Local NW Device Device Device Device M2M Service provider hosts several M2M Applications on his Platform. Transport Network operator(s) Customer is the M2M service provider End user owns / operates the Device or Gateway 4

About the ETSI Technical Committee M2M ETSI: the European Telecommunication Standards Institute One of the 3 European SDOs (CEN, CENELEC, ETSI). ETSI is creating European standards for Telecommunications What is ETSI s Technical Committee M2M: ETSI TC M2M focuses on M2M system Established in 2009, after 8 months preparation Monthly plenary- and rapporteurs meetings, conference calls.. Liaisons and cooperation with other SDOs, consortia.. Constantly increasing participation (group of 50 70 people) Europe, N. America, China, Korea, and Japan companies (currently about 30% operators and 60% Manufacturers) Open approach, published and draft TR/TS are public on the ETSI server http://docbox.etsi.org/m2m/open/ 5

Targets and goals of ETSI TC M2M ETSI TC M2M has the responsibility: to collect and specify M2M requirements from relevant stakeholders; to develop and maintain an end-to-end overall high level architecture for M2M; to identify gaps where existing standards do not fulfil the requirements and provide specifications and standards to fill these gaps, where existing standards bodies or groups are unable to do so; to provide the ETSI main centre of expertise in the area of M2M; to co-ordinate ETSI s M2M activity with that of other standardization groups and fora. 6

M2M Application #1 Smart metering EC s M/411 Smart Metering Mandate: World Class Standards EC Mandate issued in March 2009 by DG TREN and sent to the 3 ESO's : CEN, CENELEC and ETSI Wind Turbine Solar Panel Light Home displays TV, Computer In-Home Energy Display Wan Communication Data Center Objective: to build standards for European smart meters, allowing interoperability and Consumer actual consumption awareness Meters Coms Appliances Temperature Consumption info Fault details Threshold management Breaker Valves Smart Water Smart Gas Smart Elec. Gateway Remote Meter reading Consumption management Pricing info SMCG Technical Report on Communications - v0.4.3 was finalized in December, will be sent for validation end of February 1 ETSI TC M2M is contributing 7

Other ETSI M2M usecase scenarios Disease management Ageing independently M2M Application #2 e-health World Class Standards Remote monitoring Health Check M2M #3 Connected Consumer World Class Standards M2M #3 Automotive World Class Standards Use Cases for Automotive applications Personal fitness Scheduling appointments Lifestyle and dietary advice On-line health records 1 ETSI TC M2M & TC ITS cooperate Automotive application integration in M2M platform... 1 1 DTR/M2M-00003 102 691 V1.1.1 Smart Metering Use Cases DTR/M2M-00005 102 732 V0.3.1 Use cases of ehealth Rel-2? DTR/M2M-00006 102 857 V0.3.0 Use cases of connected consumer Rel-2? DTR/M2M-00007 102 897 V0.1.1 City Automation Use Cases Rel-2? DTR/M2M-00008 102 898 V0.3.0 Automotive Use Cases May 2011 DTR/M2M-00011 102 935 - Smart Grids Rel-2? 8

M2M high level system overview M2M Application Domain Application (e.g. Smart Metering application) mia ETSI M2M Service Capabilities mid User interface to application e.g. Web portal interface (usage monitoring, user preferences, ) M2M Server M2M Network Domain Based on existing standards and technologies, e.g.: 3GPP, TISPAN, IETF, Transport Network 3GPP, Fixed, WiMAX.. M2M Core Scope of ETSI M2M M2M Device Domain Based on existing standards and technologies, e.g.: DLMS, CEN, CENELEC, PLT, Zigbee, M-BUS, KNX, etc. M2M Gateway M2M Area Network M2M D Device M2M Service Capabilities M2M Gateway dia Application M2M Service Capabilities dia Application M2M Device M2M Devices / Gateways M2M Device(s) 9 9

ETSI M2M defines 3 interfaces World Class Standards mia... application Service Capabilities in the M2M Core Service capabilities are exposed (e.g. via an API) to applications in the form of service capability features. dia... application Service Capabilities in the M2M Device / GW The service capability features at the dia and at the mia are assumed to be identical if no difference is explicitly defined. mid SC in the M2M Core SC in the M2M Device / GW!!reference point!! multiple protocols (e.g. TR-069) possible uses core network connectivity functions, at least IP connectivity is required ETSI TC M2M is access network agnostic There is consensus in ETSI M2M that modelling these interfaces should follow a RESTful approach. (CRUD: Create/Retrieve/Update/Delete) E.g. HTTP-based web service definitions (e.g. wsdl/soap), Message based solutions, SIP based services, CoAP protocol by IETF CoRE (http://datatracker.ietf.org/wg/core/charter/ ). 10

Status of current work The plan is to finalize M2M Rel-1 in September. Technical documents see table below (available at http://docbox.etsi.org/m2m/open/latest_drafts/) World Class Standards Currently working on: Entity Management (conference calls with BBF and OMA DM) Security (Automated Bootstrapping) Architecture (updates on data modeling, Service bootstrap ) Stage 3 (SCL primitives and HTTP Binding) API Gap analysis TR on Re-use of Core network functionality by M2M SCs (OMA-DM/BBF-TR069 Integration, Usage of XDMS for Management) WI Ref ETSI Ref Rapporteur Specification Name DTS/M2M-00001 102 689 Martigne M2M service requirements DTS/M2M-00002 102 690 Elloumi M2M Architecture TARGET for TB Approval 05-2011 DTS/M2M-00010 102 921 Scarrone M2M Stage 3 Interfaces 09-2011 DTR/M2M-00013 101 531 Foti Re-use of Core network functionality by M2M SC 09-2011 11

Current M2M standards landscape M2M Applications API M2M Platform SP networks (access, core) Gateway Layer M2M area Network 6lowpan 6lowpan, roll,, roll, core core Example for metering applications M2M Device 12

Zoom on ETSI M2M R1 13

A closer look at M2M Rel-1 Architecture Legacy case 1 D Device Case 1 Legacy case 2 D Device Case 2 d D DA SCs d D DA dia dia Area NW legacy device (out of scope) (out of scope) G GA dia GIP SCs mid NIP mid NA M2M Core Service Capability platform SCs mia Legacy case 3 d (out of scope) D DA dia DIP SCs M2M Gateway Transport Network (3GPP, fixed..) M2M Core M2M Management Functions Note, that multiple M2M Applications, multiple M2M Providers, and multiple Network Operator are possible even for a single M2M device! 14

Some details on ETSI M2M Service Capabilities Device/ Gateway M2M Device Domain M2M Applications dia M2M Service Capabilities Application (out of scope) NA... Network Application === interface mia ===== (API between applications and service platform) ==================== Mandatory: NAE... NW Application Enablement capability (communicates with application) NSEC... NW Security capability NRAR... NW Reachability, Addressing & Repository cap. NCS... NW Communication Selection capability NREM... NW Remote Entity Management capability NGC... NW Generic Communication capability (communicates with Device/Gateway) Optional: NIP... NW Interworking Proxy capability NTM... NW Transaction Management NTOE NW Telco Operator Exposure NHDR NW History and Data Retention NCB.. NW Compensation Brokerage === interface mid ===== (e.g. IETF CoAP based between Network- and Device/Gateway Service Capabilities) The transport network is transparent on that interface =================== Network Network Service Capabilities NCB NRAR NCS NIP M2M Network Application NA NAE mia Routing function NGC mid NSEC NHDR NTOE NTM NREM Communication modules Transport Network 3GPP, TISPAN, IETF, Powerline 15

Introduction to REST 16

What is REST World Class Standards REST is an architectural style by Roy T. Fielding in his Ph.D. dissertation REST is NOT a protocol REST is about RESOURCES RESOURCES are UNIQUELY IDENTIFIED by URIs RESOURCES are STATEFUL A resource may contain a LINK pointing to another resource Actions on resources are done through a UNIFORM INTERFACE The current implementation uses HTTP, but other protocols are also possible As opposed to other schemes like SOAP, REST does not require clients to implement specific interfaces. Instead, clients just have to support a simple interface for resource management 17

Uniform Interface (2) World Class Standards Regardless of the protocol in use, resources accept ONLY 4 operations: CREATE, READ, UPDATE, DELETE Moreover, when a resource is modified, it is possible to have status-change NOTIFICATIONS. These operation can be mapped onto different network protocols. The most common implementation is HTTP: Operation CREATE UPDATE READ DELETE NOTIFICATION HTTP POST PUT GET DELETE HTTP Server Push 18

Manipulating REST resources using HTTP (as example) The HTTP protocol allows for very simple resource management. HTTP methods are the only interface to the resources themselves: HTTP GET reads the content of a resource and returns it in the HTTP response The returned resource could be formatted using encodings that the client specifies in the Accept header of the request (XML, JSON, binary, etc.) Additional parameters in the query string part of the URL could be used to alter the representation of the response e.g. http://www.website.org/document?format=html and http://www.website.org/document?format=pdf are pointing to the same document, but in one case it will be returned as html, and as pdf in the other HTTP PUT overwrites the content of an existing resource with the one supplied in the request Like in the case of GET, the internal format of the resource may be different from the one being sent, as long as the content data is kept 19

Creating and destroying resources HTTP Post is used to create new resources A new resource is posted to the folder resource that will hold it The server responds with HTTP code 303 (See Other), specifying the URL of the newly created resource in its Location header The returned URL can be used as a handle to read, update and delete the resource (with the HTTP GET, PUT and DELETE methods, respectively) HTTP GET on the folder where the resource was created returns the list of active resources The list may be LONG!! it would be nice to use a query string to filter it (e.g. specifying a creation date range) Resources can be deleted using HTTP DELETE on their handle 20

M2M is about DEVICES, NOT RESOURCES However... A device is usually a stateful piece of hardware. Also REST resources are stateful! A device may be offline when an application tries to read its state, so it should keep an online representation of itself to be reachable when offline An online stateful representation can handle a lot more clients than a typical device A device may keep its configuration as an online resource and be notified when it changes A device may have an Inbox resource where incoming messages are stored. If the device is online, it may be notified of new incoming messages via HTTP Server Push If it is offline, it will read and consume all the previously posted messages when it goes online NB: ETSI M2M developed a more detailed framework for the device/gateway: a device/gateway runs client applications, an SCL (Service Capabilities) and has one or more communication modules. 21

How REST could be mapped to the ETSI M2M Architecture The case where resource is stored in the M2M Core M2M Application REST Server 3 mia 5 HTTP/REST NRAR 2 NAE NSEC M2M Service Capabilities mid NHDR 1 4 NCB NCS Routing function NTOE NTM M2M Device or Gateway NGC NREM 1 A new device connects to the network 2 A resource, identified by a URL, is created for the device in the REST Server Core Network A 3 The network application is notified about the new resource creation 4 and 5 M2M Device and M2M network Application perform Read, Update, Delete methods in an Asynchronous fashion. E.g. The M2M Network Application can read meter data regardless of the operational state of the device (sleep mode, online, etc). The Device updates meter data by means of a Update method. 22

M2M Resource structure and interface procedures 23

Collection of registered SCLs: authorized to exchange information with this SCL <sclbase> attrib ute s cls a pp licatio ns co n ta in er s g ro up s a cces srig h ts attrib ute <scl> a cce sssta tu s su bscrip tion s attrib u te con ta in er s grou p s ap p lica tion s attribu te <ap p lica tion > Applications. registered on this registered. SCL. Resource structure attribu te con ta in e rs g ro up s ac cessrig h ts ac cessstatu s sub scr ip tio n s Registered local applications collection World Class Standards a ttr ib ute <g ro up > <grou p Ann c>. Container instance. used to store application. data a ttribu te <con ta in er> Collection of registered SCLs (authorised to exchange data) Who does what: allows to control access to resource according to business relationships (enforce privacy) sub scr ip tio n s a ttribu te m em b er s m e m be rsco nten t a cce sss tatus Sub scrip tion s m em be rid ac cessrigh ts a cce sssta tu s Registered SCL instance su bsc rip tion s m g m to b js <co ntaine ran n c> accessstatus attribu te su b scriptio ns r eso urce NB: cardinality is not shown in this diagram 24

Use of resource structure World Class Standards Describe how the different types of resources listed relate to each other. A meaningful way to address the different resources (by means of CRUD primitives) and understand their use Structure applies to all kind of SCLs, i.e. the same structure applies to resources in the NSCL, the GSCL and the DSCL Offers a lot of flexibility to the applications to create the right resources matching their application business logic needs 25

List of defined procedures (pertaining to resource management) Discovery of SCLs SCL management (Registration, De-registration, etc.) Application management (registration, De-registration, Update, subscription management, announce/deannounce, etc) Access rights management (create access right, delete, modify, retrieve, etc) Container management (create, read, read all containers in a collection, update, add instance, subscribe, etc) Group management (create, update, retrieve, verify membership, retrieve content, etc) Resource discovery Collection management (read all resources in a collection, update attributes, add a child resource, etc.) subscription management (subscribe for modifications to a resource, modify subscription, retrieve subscription, notification, long polling, etc.) Announce/De-Announe Partial addressing Etc. 26

Security 27

M2M Service Registration Process Network Bootstrap Provisioning of : names, service levels, security keys, etc Network Registration Based on 3GPP, ETSI TISPAN, etc. May be separated or related M2M Service Bootstrap Provisioning of : names, service levels, K R M2M Device/Gateway Registr. With M2M NSEC Mutual authentication, generation of K S M2M Device/Gateway Application registration Provisioning of K A to application, establishment of data session M2M Key Hierarchy: Kr (Root Key) > Ks (Session Key) > Ka (Application Key) M2M Security Capability, part of Service Capability layer, spread between Network (NSEC), Gateway (GSEC) and Device (DSEC) 28

Bootstrapping of Service layer credentials Choice of several options for network and devices UICC (e.g. SIM / UIM) based bootstrapping Service Layer Credentials derived from Network Access Credentials using GBA Automated bootstrapping of independent Service layer credentials Using PKI Certificates + Diffie-Hellman key exchange Or Using Password + IBAKE Ongoing discussions on common negotiation framework (EAP or TLS based) 29

M2M Threat Analysis World Class Standards TR 103 167 analyzes potential threats to the M2M system and considers countermeasures, to derive relevant security requirements Methodology being refined About 20 threats have been identified About 20 countermeasures are considered Extraction of requirements and integration in architecture remains to be done 30