Communication and Security in Machine-to-Machine Systems Date │ Reporter │ 李雅樺 1

Outline 2 Introduction M2M architecture defined by ETSI Communication establishment Research opportunities and standardization challenges in M2M systems Conclusions Architecture and functionality in M2M standards

Introduction 3 oneM2M – Goal is to develop technical specifications which address the need for a common M2M service layer, which can be realized through various hardware and software implementations, to connect diverse M2M devices with M2M servers. ETSI – One of the most influential standardization organizations involved in creating common standards for M2M communication.

M2M architecture defined by ETSI 4 Work with – 3GPP : 3rd Generation Partnership Project – 3GPP2 – OMA : Open Mobile Alliance – BBF : Broadband Forum Work on – They define a high-level architecture view that identifies all constituents of M2M systems. – They also define a functional architecture view together with reference points between different entities in M2M systems.

High-level Architecture 5 M2M Device It runs DA using DSCL

High-level Architecture 6 M2M Gateway It runs GA using GSCL

High-level Architecture 7 M2M Area Network It provides connectivity base on Personal or local area network tech (e.g. Zigbee, Bluetooth)

High-level Architecture 8 Access Network It allows M2M devices and gateways to communicate with core network.

High-level Architecture 9 Core Network It enables interconnection with other networks. It provides IP connectivity or other connectivity options, service and control functions, and roaming.

High-level Architecture 10 M2M Management Functions They consist of all the functions required to manage M2M service capabilities in the network domain.

High-level Architecture 11 Network Management Functions They consist of all the functions required to manage access and core networks.

Functional Architecture 12 One of the main M2M standardization objectives is the development of functionalities that will allow efficient deployment for M2M applications. Each M2M domain has its own SCL, which provides functions that are exposed on the mIa, dIa, mId, and mIm reference points. mIm reference point extends the reachability of services offered over mId reference point.

13 xAEApplication enablement xGCGeneric communication xRARReachability, addressing, and repository xCSCommunication selection xREMRemote entity management xSECSecurity xHDRHistory and data retention xTMTransaction management xIPInterworking proxy xCBCompensation brokerage NTOETelco operator exposure Functional Architecture

Communication establishment 14 M2M Device Implement ETSI M2M service capabilities ( => D ) Not ( => D’ ) Connect to the network domain through gateway Directly (via M2M access network) Indirectly (via M2M area network)

Communication establishment 15 Device 1 ( D ) Directly through mId to NSCL

Communication establishment 16 Device 2 ( D’) Indirectly through dIa to GSCL

Communication establishment 17 Device 3 ( D’) Directly through dIa to NSCL

Communication establishment 18 However, an M2M device may not support IP protocol for communication. A legacy device can be connected to M2M network domain by three ways. M2M Device Implement ETSI M2M service capabilities ( => D ) Not ( => D’ ) Legacy device

Communication establishment 19 Device 4 (legacy) Indirectly through GIP on G Gateway Interworking Proxy

Communication establishment 20 Device 5 (legacy) Indirectly through DIP on D

Communication establishment 21 Device 6 (legacy) Directly through NIP

Application Registration 22 Involves local registration of an M2M application with the local SCL. Purpose : allow the M2M application to use M2M services offered by the local SCL. As a result, the local SCL obtains context information on the registered applications. Kmc obtained from the Kmr root key after mutual authentication may be used to protect application registration.

Application Registration 23 Network Bootstrap & Network Registration – Purpose of Bootstrap : configure an M2M device or gateway in order to connect and register to the access network. – Registration involves the registration of the M2M device/gateway with the access network, based on the corresponding access network standards. M2M Service bootstrap & M2M Service connection Entity A Entity B Entity Z

Application Registration 24 Network Bootstrap & Network Registration – Purpose of Bootstrap : configure and M2M device or gateway in order to connect and register to the access network. – Registration involves the registration of the M2M device/gateway with the access network, based on the corresponding access network standards. M2M Service bootstrap & M2M Service connection Entity A Entity B Entity Z Unique identifier

Identifiers used during M2M service bootstrap and connection 25 Pre-provisioned Identifier – Needs to be pre-provisioned by the M2M device/gateway manufacturer M2M Node Identifier (Node-ID) – Uniquely identifies a particular M2M entity on a global level. M2M Service Connection Identifier (Connection-ID) – Identifies an M2M service connection. NSCLD/GSCL authenticated authorized

M2M connection establishment 26

Application Registration 27 Bit 0 : Bluetooth Bit 1 : Wi-Fi Bit 2 : Wireless M-Bus Bit 3 : ZigBee Value 0 – M2M device does not support that communication tech. Last bit value 1 – expand the header with other bytes. Those identifiers/ addresses are of different lengths

SCL Registration 28 The architecture defines three ways the mId may be secured Via access network layer security – if the underlying access network is already physically secured. Via channel security – It can be established after the M2M service connection procedure takes place. Via object security – M2M implementation may also rely on object security by applying security at the protocol payload level.

Research opportunities and standardization challenges in M2M systems 29 Research opportunities: Communication and identification – IP protocol may be too complex for small devices. GIP allows communication between IP and non-IP devices by providing interfaces. Developing simplified IP stacks over existing low energy protocol suites. (6LoWPAN) – May applications in distributed system rely on flat because of different communication tech. Without an M2M gateway regardless of communication tech Modify current applications in such a way that they work – Always accessible Switch between sleep and job mode – Rich Presence Information (RPI) Gateway needs to wake up the sleeping device – trigger – Management functionalities due to a huge number of entities.

Research opportunities and standardization challenges in M2M systems 30 Research opportunities: Communication and identification – IP protocol may be too complex for small devices. GIP allows communication between IP and non-IP devices by providing interfaces. Developing simplified IP stacks over existing low energy protocol suites. (6LoWPAN) – May applications in distributed system rely on flat because of different communication tech. Without an M2M gateway regardless of communication tech Modify current applications in such a way that they work – Always accessible Switch between sleep and job mode – Rich Presence Information (RPI) Gateway needs to wake up the sleeping device – trigger – Management functionalities due to a huge number of entities.

Research opportunities and standardization challenges in M2M systems 31 Research opportunities: Communication and identification – IP protocol may be too complex for small devices. GIP allows communication between IP and non-IP devices by providing interfaces. Developing simplified IP stacks over existing low energy protocol suites. (6LoWPAN) – May applications in distributed system rely on flat because of different communication tech. Without an M2M gateway regardless of communication tech Modify current applications in such a way that they work – Always accessible Switch between sleep and job mode – Rich Presence Information (RPI) Gateway needs to wake up the sleeping device – trigger – Management functionalities due to a huge number of entities.

Research opportunities and standardization challenges in M2M systems 32 Research opportunities: Communication and identification – IP protocol may be too complex for small devices. GIP allows communication between IP and non-IP devices by providing interfaces. Developing simplified IP stacks over existing low energy protocol suites. (6LoWPAN) – May applications in distributed system rely on flat because of different communication tech. Without an M2M gateway regardless of communication tech Modify current applications in such a way that they work – Always accessible Switch between sleep and job mode – Rich Presence Information (RPI) Gateway needs to wake up the sleeping device – trigger – Management functionalities due to a huge number of entities.

Research opportunities and standardization challenges in M2M systems 33 Research opportunities: Security and privacy – Given the limitations on the computational capabilities of many sensing and actuating platforms, security tech must be developed to cope with heterogeneous devices, some of which may be very limited. – As distributed and autonomous trust mechanisms will be required, trust must be established on an M2M device from the start. Trusted computing group has proposed autonomous and remote validation models. – Anonymity and liability are two interrelated security requirements for M2M applications.

Research opportunities and standardization challenges in M2M systems 34 Research opportunities: Security and privacy – Given the limitations on the computational capabilities of many sensing and actuating platforms, security tech must be developed to cope with heterogeneous devices, some of which may be very limited. – As distributed and autonomous trust mechanisms will be required, trust must be established on an M2M device from the start. Trusted computing group has proposed autonomous and remote validation models. – Anonymity and liability are two interrelated security requirements for M2M applications.

Research opportunities and standardization challenges in M2M systems 35 Research opportunities: Security and privacy – Given the limitations on the computational capabilities of many sensing and actuating platforms, security tech must be developed to cope with heterogeneous devices, some of which may be very limited. – As distributed and autonomous trust mechanisms will be required, trust must be established on an M2M device from the start. Trusted computing group has proposed autonomous and remote validation models. – Anonymity and liability are two interrelated security requirements for M2M applications.

Research opportunities and standardization challenges in M2M systems 36 Standardization challenges – M2M can replace proprietary tech such as SCADA in the future. Unlike SCADA, M2M devices are able to push data to a server and M2M also works with standardized tech. Such factors will push towards the replacement of proprietary tech with M2M solutions in the long term. – The security co-processor may enable efficient cryptographic operations in low-end sensing and actuating platforms, and more complete hardware-based security solutions can also be used, such as the one currently proposed with Trustchip.

Research opportunities and standardization challenges in M2M systems 37 Standardization challenges – M2M can replace proprietary tech such as SCADA in the future. Unlike SCADA, M2M devices are able to push data to a server and M2M also works with standardized tech. Such factors will push towards the replacement of proprietary tech with M2M solutions in the long term. – The security co-processor may enable efficient cryptographic operations in low-end sensing and actuating platforms, and more complete hardware-based security solutions can also be used, such as the one currently proposed with Trustchip.

Conclusions 38 Because M2M systems are primarily characterized by heterogeneity, we propose a new pre-provisioned device identifier, transparent of the underlying communication tech. As in the current Internet architecture, security will remain of prime important and will in fact represent a fundamental enabling factor of most of the current applications of M2M communication.

Pros and Cons 39 To overview, this document integrated and arranged the introduction of M2M works and challenges clearly. However, it didn’t provide something new of communication and security tech in M2M system.

2014 previous research 40

2015 future research 41

Architecture and Functionality in M2M Standards 42 The paper investigates current standards in M2M. The architecture of ETSI M2M and OneM2M are compared. Because OneM2M is based on ETSI M2M, nodes and other parts of architecture have different name but denotes similar entities. The functional comparison shows similar results. Only Open MTC has supported connectivity by Web socket, Diameter and MQTT. In the future work, authors will concentrate on analysis of OneM2M platforms.

Reference 43 Communication and Security in Machine-to-Machine Systems Journal papers list of Gordan Jezic Architecture and Functionality in M2M Standards M2M Service Capabilities - Full Scale Technologies TCG (trusted computing group) TrustChip

44 Thank you.