! Context: IoT, CPS and M2M! Challenges in M2M! Evolutionary M2M the FiDM way! Focus on: ! Conclusion 2



Similar documents
Yassine Banouar Thierry Monteil Mahdi Ben Alaya Christophe Chassot Khalil Drira

OpenMTC. M2M Solutions for Smart Cities and the Internet of Things.

ONEM2M SERVICE LAYER PLATFORM INITIAL RELEASE

ETSI M2M / onem2m and the need for semantics. Joerg Swetina (NEC) (joerg.swetina@neclab.eu)

OVERVIEW OF ETSI M2M ARCHITECTURE Presented by: Barbara Pareglio, Ericsson. ETSI All rights reserved

M2M Service Architecture: Delivering M2M Services Over Heterogeneous Networks

MACHINE TO MACHINE COMMUNICATIONS. ETSI TC M2M Overview June 2011

ONEM2M SERVICE LAYER PLATFORM

ETSI M2M application developers guideline

ETSI M2M Release 2 Numbering IP Address Ranges Radio Spectrum Raymond Forbes LM Ericsson ETSI TC Smart M2M Vice Chairman BEREC MACHINE-2-MACHINE

M2M/IoT standards in ETSI and onem2m

Secure, Efficient, and Open Standard Internet of Things

Standardized Machine-to-Machine (M2M) Software Development Platform

M2M Communications and Internet of Things for Smart Cities. Soumya Kanti Datta Mobile Communications Dept.

Broadband Forum Machine-to-Machine (M2M) Solutions

Reduce Cost and Complexity of M2M and IoT Solutions via Embedded IP and Application Layer Interoperability for Smart Objects

Horizontal IoT Application Development using Semantic Web Technologies

Fast Innovation requires Fast IT

Present and Act Upon. Register. Consume. Stream Analytics. Event Hubs. Field Gateway. Applications Cloud Gateway. Legacy IoT (custom protocols)

Smart Cities are the Internet of Things

Identity Management in M2M Networks

Telco s role in Smart Sustainable Cities

NOK NOK LABS AUTHENTICATION & OTT SERVICES

Machine-to-Machine Communication (M2M) Devices, Networks, and Applications (DNA)

How To Create An Internet Of Things (Iot) Platform For A Smartwatch And Other Devices

MASHUPS FOR THE INTERNET OF THINGS

M 2 M IWG. Eclipse, M2M and the Internet of Things. Overview. M 2 M Industry WorkGroup! M2M?

CARRIOTS TECHNICAL PRESENTATION

Building the Internet of Things Jim Green - CTO, Data & Analytics Business Group, Cisco Systems

BYE BYE PASSWORDS. The Future of Online Identity. Hans Zandbelt Sr. Technical Architect. CTO Office - Ping Identity

Key requirements for Interoperable IoT systems

Scalable Authentication

End-to-End M2M and IoT Services

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

An Introduction to the Internet of Things (IoT)

Key Enablers for the Cloud Service Broker: Identity, Privacy, and Security

ASTRI s Internet-of-Things (IoT) Gateway and Management Platform

UPnP Internet of Things Dec 2014

OpenID Deutsche telekom. Dr. Torsten Lodderstedt, Deutsche Telekom AG

SMART IoT PROTOCOLS. Creating the Living Network. Chonggang Wang Innovation Lab, InterDigital Communications. December 8, 2014

Towards a common definition and taxonomy of the Internet of Things. Towards a common definition and taxonomy of the Internet of Things...

NXP and the Internet of Things ( IoT ) Andrew C. Russell VP Marketing Greater China

Flexible Identity Federation

How To Build An Internet Of Things (Iot)

IoT: New Opportunities for Semiconductor Industry Growth. Andrew C. Russell Vice President Marketing Greater China

OPENIAM ACCESS MANAGER. Web Access Management made Easy

A Systems of Systems. The Internet of Things. perspective on. Johan Lukkien. Eindhoven University

ENABLING RELIABLE COMMUNICATION FOR EMERGING M2M/IOT APPLICATIONS

Securing the Growth of IoT and M2M

GEMALTO M2M KEY TECHNOLOGY TRENDS OF M2M

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

Connecting IPv6 capable Bluetooth Low Energy sensors with the Internet of Things

Vortex White Paper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems

UPnP: The Discovery & Service Layer For The Internet of Things April 2015

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

M2M Communications and Internet of Things as enablers of Smart City. Soumya Kanti Datta Mobile Communications Dept.

Mobility and cellular networks

Affordable Building Automation System Enabled by the Internet of Things (IoT)

Bringing MNOs an end to end Mobile Connect Solution. Mobile Connect for Mobile Network Operator

Life With Big Data and the Internet of Things

Protect Everything: Networks, Applications and Cloud Services

HOL9449 Access Management: Secure web, mobile and cloud access

Internet of Things 2015/2016

Introduction of Information Security Research Division

CPS: Communications. Dr. Bheemarjuna Reddy Tamma IIT HYDERABAD

Mobile Payments: The Market for Travelers, Unbanked, and No/Low Credit Users

Achievements and ongoing work in the ITU-T standardization of the Internet of Things

Mobile broadband. Trends and future evolution. LUIS MUCHACHO MBB Customer Solutions

ETSI Machine-to-Machine (M2M) Standardization

IoT Solutions from Things to the Cloud

Cloud-based Identity and Access Control for Diagnostic Imaging Systems

The Internet of Things starts with intelligence inside

UPnP Internet of Things

MDM and Telco Service Development OMA Device Management and Platforms

Enabling Smart Data on M2M Gateways and Aggregators

ANTILOPE Handover workshop. Franck Le Gall, Easy Global Market Constantinos Pattichis, University of Cyprus

The identity management (IdM) ecosystem: minding the gaps

IOT ARCHITECTURE: A SURVEY

The ebbits project: from the Internet of Things to Food Traceability

Cloud Standards - A Telco Perspective

Masdar Institute Single Sign-On: Standards-based Identity Federation. John Mikhael ICT Department

Software Defined Perimeter: Securing the Cloud to the Internet of Things

PKI: THE SECURITY SOLUTION FOR THE INTERNET OF THINGS

exceet Secure Solutions Smart & Secure Network From Vision to Reality

W3C Meeting ISO/IEC/IEEE P

ITU-T Q2/SG13 Rapporteur and SG13 Mentor Consultant

CONECTIVIDAD EN LA ERA DEL IOT THE INTERNET OF THINGS

- M2M Connections & Modules: Network connections, sim-cards, module types.

A Scenario of Machine-to-Machine (M2M) Health Care Service

Internet of Things (IoT): A vision, architectural elements, and future directions

Transcription:

UMR 5205 On the Integration of Federated Identity Management in M2M middleware Youakim Badr!! LIRIS Lab, SOC team! INSA-Lyon! The 3 rd Franco American Workshop On CyberSecurity, Lyon, December 9-11, 2014 Outline! Context: IoT, CPS and M2M! Challenges in M2M! Evolutionary M2M the FiDM way! Focus on:! onem2m functional architecture! onem2m Service Capability Layer! Identifiers! Bootstrapping services! Conclusion 2 1

The Internet evolution Preinternet Internet of CONTENT Internet of SERVICES Internet of PEOPLE Internet of THINGS HUMAN TO HUMAN WWW WEB 2.0 SOCIAL MEDIA MACHINE TO MACHINE Fixed & mobile telephony SMS e-mail Information Entertainment e-productivity e-commerce Skype Facebook YouTube Identification, tracking, monitoring, metering, Semantically structured and shared data + smart networks ETSI 2014. All rights reserved + smart IT platforms & services + smart + smart phones & devices, applications objects, tags + smart data & ambient context Different Definitions! No single industry defini0on for Internet of Things/M2M! But broad agreement on following key concepts: The Internet of Things is the framework where Things have representabons in the Internet. The "Things" that are represented in the Internet may be acbve (e.g., Zigbee sensor) or passive (e.g., RFID tag). The representabon of the Things to the Internet is enabled by M2M Technologies ETSI 2014. All rights reserved 2

Different Views Internet of Things or Cyber Physical Systems or Industry 4.0!. Courtesy of Sabina Jeschke 5 Challenges in IoT CONNECTED WORLD 50 Billion Connected Devices (by 2020 1 ) Connected Devices Hub Everything Authenticates 60 Billion Apps downloaded (Apple App Store, Oct 2013 2 ) M-Commerce Mobile Payments Personalized content Music Books Social networks Financial services Medical records Internet of Things Cloud Services 2 6 3

Machine-to-Machine (M2M) Connectivity usiness rietary M2M pplication mmunication rk (mobile, fixed, owerline..) ay cal NW A Device Things representations Things Blood pressure Pulse oximeter Pedomete r Pipe (vertical) 1, 1 NW, 1 (or few) type of Device Communication Network Smart phone serving as an M2M device Smart bandage Horizontal (based on common Layer) s share common infrastructure, environments and network elements Business #n Gateway Things representations (shared) Common Infrastructure/Service layer Communication Network 1 IP Communication Network 2 Local NW A A A A Device Device Device Device Things Things Evolutionary M2M - new vision! We have! Isolated hierarchies of Industrial applications! Proprietary communicating devices! Primitive devices! Pre-configured links between devices and services! What is needed from the security perspective! Device sharing! Multiple identities! Multiple devices! User-aware interaction with devices, applications,...! Dynamic, on-demand relationships among communicating parties,! Automatic, global & dynamic device-to-device communications 8! Ensure end-to-end security 4

WHAT IS NEEDED COMMON AUTHENTICATION PLUMBING Requirements for M2M (Federated) IdM Users Usable Authentication Open Standard Plug-In Approach Interoperable Ecosystem Devices Authentication is KE to Service, Dev Cloud/ Federation Enterprise! Authentication using a user-related identifier! Creation and management of identities! Authentication of multiple devices! Discovery of identities suitable for authentication! Privacy Protection! Utilization of existing technologies 6 9 Things their identities Identity Group Policy Human/ on-human identity Machine identity Location identity / API identity Source : Cisco vision s of Identity of Everything (IoE) 10 5

Correlations: Entity, Identity, identifier and security! Entity Something that has a separate and distinct existence and that can be identified in a context! Identity Set of attributes related to an Entity.! Identifier Value that uniquely characterizes an Entity in a specific context.! Authentication Process used to achieve sufficient confidence in the binding between the Entity and the presented Identity. 11 Authentication Methods, Password Problems and Tokens! Problems with Passwords! Protecting Password Data is Difficult! Password Hash Needs Salt! Problems with How Users Choose Passwords! Tokens instead of passwords! Represent the authorized combination of client & user! Allows for granular consent! Revocable! No need to store passwords on device/thing! OAuth 2.0 and OpenID Connect 1.0 key standards! Federation is the Solution... But deployment is often the challenge! 12! Other Authentication Methods! Password managers! Smart Cards! Multi-factor authentication systems! SMS message and other call-backs! The rise of FIDO! Federated Authentication 6

05/01/15 Evolution of IAM and Federation...! Different Perspectives! User-centric :! Liberty Alliance, OpenID, Higgins, WS-Federation! -centric:! SAML, Shibboleth, WS-Federation! Network-centric, expected impacts :! ATIS, ETSI, ITU-T! Different protocols! SAML! OpenID! OAuth/OpenID Connect!...! Conclusion 13 Simple M2M architecture 14 7

PC/Dedicated Appliance!. Network and Domain ETSI Smart M2M: functionnal ETSI M2M architecture Standardization M2M s mia M2M Service Capabilities M2M Core Core Network (e.g. 3GPP, TSPAN) Access Network (e.g. xdsl, 3G, GPRS, HFC, satellite, WiFi, WiMAX, etc.) ETSI M2M High level architecture M2M Device/ Gateway Domain mid M2M Gateway M2M s dia M2M Service Capabilities M2M Area Network (e.g. Zigbee, BT, WiFi, etc.) M2M Legacy Device mid M2M ETSI Device M2M s dia M2M Service Capabilities 5 15 M2M set of common Service services forcapabilities M2M interoperability. Layer!.. Legacy Devices ETSI M2M Standardization ETSI M2M standard provides a Service Capability Layer (SCL) including a GA SEC IP dia GA layer AE RF GSCL CS GC NA NA Comm. Selection (CS) NA mia Enablement (AE) layer NSCL SECurity (SEC) M2M Device DA SEC IP DA dia REM Layer AE RF DSCL CS GC RAR M2M Gateway REM RAR Legacy Device 6/18/2014 Device and Gateway domain Generic Comm. (GC) Interworking Proxy (IP) Your SC! RF Reachability, Addressing & Repository (RAR) M2M Network Network domain Remonte Entity Managemnt (REM) 6 16 8

ETSI Smart M2M M2M Gateway Aggregation & format conversion 3G Network NSL M2M Device Local Connectivity GSL B M2M customer s application Measurement App. A New Write Ask GSL..and NSL Measurement Starting etc, GSL notifies checks measurement writes to etc //GSL/A assumptions: to write aggregated with network aggregation app aggregated/transformed policies can value app simply data app and available (DB, to about when keep HRN) //NSL/B on time new about delivering is data, good new GSL to data. gets its //NSL/B. keep data connected to a copy the GSL of the data for and Aggregation - Bootstrapping subsequent BTW, this is use / low DM gets priority is always done and (provisioning notified you got about 12 of the h credentials/apps) time new for bits that! coming in - GSL will and store-and-forward NSL have logically aggregated/transformed connected (authentication, data at binding, a good encryption) time NSL - Apps will have notify authenticated DB app when to new xsl data and access arrived right were established Resources => Very little effort to synch the different apps ETSI 2014. All rights reserved Identities in M2M! Normative model of identifiers! App-ID, Node-ID, SCL-ID, CONN-ID, PROV-ID, MSBF-ID, MAS-ID! Identification & Connection of D/G nodes! Key derivation! M2M Root Key (Kmr) = <Node-ID, PROV-ID >! M2M Connection Keys (Kmc) =<CONN-Ids>! M2M Keys (Kma) = <App-IDs>! Obtaining Kmr! Through Universal Integrated Circuit Card (UICC)! During bootstrap procedure 18 9

Bootstrap Procedure => names, service levels, security, etc. => 3GPP, ETSI, TISPAN, etc. => PROV-ID, Node-ID, Kmr Kma <= => Mutual authentication of mid end points (Kmc) => creates a SCL resource (PoC) to reach reg. N/G 19.. Next 20 10

Thank you! Questions? 21 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information