End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date: 2015-05-18.

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

CMDH Refinement Contribution: oneM2M-ARC-0397
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.
Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.
Deployment Models A. client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B. client using Native S/MIME »Internet.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
OneM2M-ARC Service_examples_and_evolution Service examples and evolution Group Name: WG2 Source: Philip Jacobs, Cisco Systems,
On Persistent AE Identifiers Group Name: SEC#12.2 Source: Phil Hawkes, Qualcomm Inc (TIA), Francois Ennesser,
Secure Electronic Transaction (SET)
Multi-Link Devices Group Name: WG1 Source: Kaonmedia, KETI Contact: Hwang Kwang Tae Yong-Suk Park
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
oneM2M-OIC Interworking Technical Comparison
Step by step approach Group Name: WG2
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.
Authorization for IoT Group Name: oneM2M SEC WG Source: Francois Ennesser, Gemalto NV Meeting Date: Agenda Item:
3GPP Rel-13 Interworking discussions
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Management of CMDH Policies Group Name: WG5-MAS Source: Wolfgang Granzow, Qualcomm, Meeting Date: Agenda Item: Management.
TS0001 Identifiers way forward Group Name: WG2 Source: Elloumi, Foti, Scarrone, Lu (tbc), Jeong (tbc) Meeting Date: Agenda Item: ARC11/PRO11.
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
WG1 status report to TP#17 Group Name: oneM2M TP17 Source: Shelby Kiewel (iconectiv) Meeting Date: to Agenda Item: TP#17, Item 10.3,
Work Group / Work Item Proposal Slide 1 © 2012 oneM2M Partners oneM2M-TP oneM2M_Work_Group_Work_Item_Proposal Group name: Technical Plenary Source:
Supporting long polling Group Name: ARC WG Source: SeungMyeong, LG Electronics, Meeting Date: x-xx Agenda Item: TBD.
AllJoyn-Interworking Discussion Group Name: TP WG2 ARC Source: Josef Blanz, Phil Hawkes, Qualcomm Inc., Meeting Date:
Customized Resource Types MAS Group Name: MAS + ARC + PRO WGs Source: Wolfgang Granzow, Qualcomm Inc., Meeting Date:
Discussion on the problem of non- Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.2.
Step by step approach Group Name: WG2 Source: Michael hs. Yang, LG uplus, Jaeseung Song, NEC Europe, Meeting.
Primitive End-to-End Security Requirements Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting.
An introduction to oneM2M
OneM2M Challenges of M2M Security and Privacy
Ontology Architectural Support Options Group Name: MAS WG Source: Catalina Mladin, Lijun Dong, InterDigital Meeting Date: Agenda Item: TBD.
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
Interworking with an External Dynamic Authorization System Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.2,
M2M Service Session Management (SSM) CSF
E2EKey Resource Group Name: SEC WG Source: Qualcomm Inc., Wolfgang Granzow & Phil Hawkes Meeting Date: SEC#20.3, Agenda Item: End-to-End Security.
Routing Problem of the Current Architecture Group Name: ARC Source: Hongbeom Ahn, LG Electronics, Meeting Date: Agenda.
SE abstraction scenarios Group Name: SEC Source: Claus Dietze, Giesecke & Devrient Meeting Date: Agenda Item: WI SE abstraction.
App and Management End- to-End Security Requirements Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm,
Protocol Issues related to Plugtest Group Name: TST Source: Wolfgang Granzow, Qualcomm Inc., Meeting Date: Agenda.
App End-to-End Security Requirements Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date:
M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:
End-to-End Primitive Security: Challenges and Suggestions Group Name: SEC WG Source: Qualcomm Inc., Phil Hawkes, Wolfgang Granzow, Josef Blanz Meeting.
M2M Service Session Management (SSM) CSF Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP8 Agenda Item:
Clarification of Access Control Mechanism on Rel-1 & Rel-2 Group Name: SEC ( ARC & PRO for information) Source: FUJITSU Meeting Date: Agenda.
Adding Non-blocking Requests Contribution: oneM2M-ARC-0441R01R01 Source: Josef Blanz, Qualcomm UK, Meeting Date: ARC 7.0,
Authorization Architecture Discussion Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, Meeting Date: 28 MAY, 2014 Agenda.
Analysis of SIP security Ashwini Sanap ( ) Deepti Agashe ( )
Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.
Consideration Security Issues on Registration Group Name: WG4 (SEC) Source: Shingo Fujimoto, FUJITSU, Meeting Date:
Directions for Release 3 Group Name: SEC Source: NEC Europe Ltd. Meeting Date: SEC22, Agenda Item: Discuss directions.
Introduction to Service Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP8 Agenda Item:
Specifying the Address of Management Client of Managed Entity Group Name: ARC Source: Hongbeom Ahn, SK Telecom, Meeting Date: TP#21 Agenda.
Key management issues in PGP
[authenticationProfile] <mgmtObj> specialization
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
CSE Retargeting to AE, IPE, and NoDN Hosted Resources
End-to-End Security for Primitives
Discussion about Use Case and Architecture in Developer Guide
MAF&MEF Interface Specification discussion of the next steps
Considering issues regarding handling token
CMDH Refinement Contribution: oneM2M-ARC-0397R01
An introduction to oneM2M
Summary of the MAF and MEF Interface Specification TS-0032
Presentation transcript:

End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date: Agenda Item: WI-0016

What is End-to-End Security End-to-End suggests that security protocol end-points are also the end-points of the protected protocol – Assumes that all other entities on the delivery path are untrusted. Application protocol Examples – End-to-End security for AE protocols would have AEs as the security protocol end-points – End-to-End security for management protocol content would have mgmt server and mgmt target as the security protocol end-points oneM2M Service Layer protocol examples – End-to-End security for oneM2M primitives would have the Originator and resource-hosting CSE asthe security protocol end-points Is this what we wanted? – Sometimes it is OK (or preferable) for one or more trusted CSEs on the delivery path to be the security protocol end-points

Example 1: Smart Meter Smart Meter deployment – Smart meter contains AEs and a CSE: generates readings Trusted by utility to maintain confidentiality & integrity of readings – Home gateway (Transit CSE): provides internet NOT trusted by utility to maintain integrity of readings – IN-CSE: Stores readings Trusted by utility to maintain confidentiality & integrity of readings – Utility AE retrieves readings from IN-CSE – Assume all hops secured using TLS A sensible choice of security end-points to protect readings from untrusted home gateway is – Smart-meter CSE: encryption and digital signature/MAC generation – IN-CSE decryption and digital signature/MAC verification

Example 2: eHealth eHealth deployment – Sensor contains AE: generates readings Talks securely to medical sensor hub, but can’t talk securely with eHealth Service AE – eHealth Hub CSE: stores readings for retrieval by eHealth Service AE Trusted by eHealth service to maintain confidentiality & integrity of readings – IN-CSE: forward messages between eHealth Hub and medical service AE Not trusted, by law, see readings in decrypted form – eHealth Service AE: retrieves readings from eHealth Hub CSE A sensible choice of security end-points to protect readings from IN-CSE is – eHealth Hub CSE : encryption and digital signature/MAC generation – eHealth Service AE decryption and digital signature/MAC verification

Proposed Definition End-to-End Security: mechanisms securing a payload or message so that it can be handled by untrusted entities on the delivery path The corresponding change to TR-0012 is proposed in SEC “TR-0012 End-to-End Security Definition” © 2014 oneM2M Partners 5

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.