The ITU Telecommunication Standardization Sector (ITU-T) has approved a set of security specifications for internet of things (IoT) systems. The oneM2M specifications define a common set of IoT service functions to enable secure data exchange and information interoperability across different vertical sectors, service providers, and use cases. The specifications were approved by more than 190 countries and are now available for use by ITU-T member states.
The ITU-T is responsible for coordinating standards for telecommunications and information communication technology for cybersecurity. It is one of the three branches of the International Telecommunication Union (ITU), a specialized agency of the United Nations that oversees matters relating to information and communication technologies.
International standards bodies launched oneM2M in 2012. ARIB (Japan), ATIS (Americas), CCSA (China), ETSI (Europe), TIA (Americas), TTA (S. Korea), and TTC (Japan) came together to form a global partnership initiative to develop an international standard for interoperable and scalable IoT systems.
Authentication, encryption, policies among IOT security specifications
With its approval of oneM2M, the ITU-T has added IoT security capabilities to its recommendations of the M2M common service layer, according to a press release. The oneM2M standards provide an interoperability testing framework and support a global certification program by the Global Certification Forum (GCF) for oneM2M based products, it added.
The specifications set out in the ITU-T Y.4500.3 oneM2M security solutions document are extensive, encompassing three IoT security architecture layers: security functions, security environment abstraction, and secure environments.
The security functions layer contains a set of security functions that are exposed at reference point Mca and Mcc, the document read. These security functions are classified as identification, authentication, authorization, security association, sensitive data handling, and security administration.
The security environment abstraction layer implements security capabilities such as key derivation, data encryption/decryption, signature generation/verification, and security credential read/write from/to the secure environments. These are invoked to protect the operations in secure environments. In addition, this layer also provides physical access to secure environments.
The secure environments layer contains one or multiple secure environments that provide security services to adequately protect sensitive data storage and sensitive function execution. The sensitive data includes secure environment capability, security and asymmetric private keys, local credentials, security policies, identity information, and subscription information. The sensitive functions include data encryption and data decryption.
“The architecture needs to be adapted to be suitable for implementation in different entities. For example, the architecture can be mapped to different device classes,” the document read. “Before any M2M common services layer procedure can take place, connectivity has to be established in the underlying network services layer, which may involve independent provisioning and service registration procedures specified by the underlying network.”
The service layer security provisioning (security pre-provisioning or security bootstrapping) and security association establishment procedures specified can take place independently (and generally consecutively) from any required network service layer connectivity establishment procedures, according to the document.
Security capabilities essential components of all IoT systems
“Security-related capabilities are an essential and complementary component in all IoT systems – oneM2M treats security as a common service function that can be applied in the same way across many applications in different verticals,” said Roland Hechwartner, Deutsche Telekom, technical plenary chairman, oneM2M. “It also emphasizes the use of open standards so that service providers can control all entities and services in their deployments without relying on a single company or proprietary set of technologies.”
A close rapport between the ITU-T and oneM2M experts helped to deliver common IoT standards and security that benefit the widest community, added Rana Kamill, British Telecom, ITU-T WP1/20 vice chair. Kamill stated that the OneM2M security solutions document went through the ITU-T’s Typical Approval Process – the default method for international standards with regulatory or policy implications. It has also been translated into the ITU’s six official languages (English, Arabic, Chinese, French, Spanish, and Russian).