Presentation is loading. Please wait.

Presentation is loading. Please wait.

Discussion on the Scope of TR- Trust Management in oneM2M

Published byMerilyn Henry Modified over 6 years ago

Similar presentations

Presentation on theme: "Discussion on the Scope of TR- Trust Management in oneM2M"— Presentation transcript:

1 Discussion on the Scope of TR- Trust Management in oneM2M
SEC R1 Discussion on the Scope of TR- Trust Management in oneM2M Group Name: SEC WG Source: ETRI, Jae-Young Ahn (ETRI) Meeting Date: SEC#27, Agenda Item: WI-0065-Trust management in oneM2M

2 Objectives At TP#25 the WI-0065 “Trust Management in oneM2M” was approved The WI is to: investigate and document the definition of trust in IoT system, and recommend a trust establishment model Identify and document issues related to the establishment of trust in oneM2M platform (focusing on) inter-domain use cases Evaluate how trust evaluation can be carried out, starting with scenarios in the smart-city context, and identify the trust properties required of IoT entities across oneM2M platform domains Where identity and identifiers are used in determining trust, this work item will evaluate the means of assigning trust to such elements that allow for identity evaluation and ensuring enforcement of policy over the IoT data

3 Related works suggested
ITU-T SG16 CG TRUST TR, “Trust provisioning in future ICT infrastructures” ITU-T SG16/13 “Draft recommendation Y.trust-provision” ETSI ISG NFV, GS NFV-SEC-003, “NFV Security; Security & Trust Guidance” ETSI TS v.0.0.3 “Cyber: Id management & naming scheme protection mechanism” Trust Management in oneM2M NIST CPS WG, “Framework for Cyber-Physical System” Smart city context WI-64 (TR-36) Public IoT, city cloud.. Other SDOs OTA, TCG, IETF, W3C Trust related TS & WIs in oneM2M Security mechanisms on trust domain assumptions : TS-01, TS-03, TS-26, WI –19,21,23,45,57,61 Inter-domain Interworking : WI-56, 58, 66, 69 Large scale/data model/semantics : TS-12, WI-46,53 FP7 projects uTRUSTit , Inter-TRUST, COMPOSE, etc.

4 Motivation Threat of Cyber-Physical interflow in IoT systems
IoT is to collect data from physical world and stack it into cyber world consistently “awareness” issues impacting privacy, e.g. big data analysis on dynamic/partial PII IoT extends access capability to physical context, causing “unknown danger” Risk management becomes serious, as a failure in cyber space could cause physical pandemonium “Trustworthy crossover” is desired, as the risk is increasing but the security measure is inadequate. Application(s)/ services/process Service(s) Physical World Cyber World Malicious input / fake alarm App. platform Threat of abuse gateway IoT platform Threat of “bewitched” reaction Part of critical / privacy information Context of Physical world machines Context of Global Knowledge User(s)

5 Justification Necessity of TRUST in oneM2M
Defining the trust relationship between the domains of oneM2M platform is getting more indispensable, as oneM2M claims to support resource and data sharing through horizontal integration. Integration enables m:n relationship of resources & applications; Increased possibility of (1) inappropriate use/ unauthorized restoration of data, or (2) unfaithful or interfered operation of resources, or (3) discrimination enabled by analytics, etc. entities are under different ownerships: It has been issued as “trust enablement” for service across trusted network domains risk of “entities in low trustworthy domain ” increases where the integration becomes large. (e.g. public IoT interworking) Increased dynamic connections in heterogeneous environment Unknown potential risks due to the complexity

6 Scope (I) What is needed to define TRUST in oneM2M? Trust Management
Model of trust establishment in oneM2M platform for inter domain use cases are essential, in relation with trust property definitions for oneM2M. ETSI ISG NFV, GS NFV-SEC-003, “NFV Security; Security & Trust Guidance” ETSI TS v.0.0.3 “Cyber: Id management & naming scheme protection mechanism” For “dynamic connectivity in low trustworthy environment” issues, NFV security & trust model will help. There could be more issues such as for device trust, IoT data trust, and context-aware trust as well. In need of a step more generic approach based in ITU-T works ITU-T SG16 CG TRUST TR, ITU-T SG16/13 Trust Management in oneM2M

7 Scope (II) What leads oneM2M to TRUST in full-scale? Trust Management
Smart city will be a crucial environment to investigate the use cases on TRUST issues, as applications and devices under city-wide different domain governance have different strategies of operation that requires trusted interactions. Smart city model of oneM2M platform interworking will bring us a wide range of trust issues in a city, including the case of interworking with heterogeneous platforms and time critical CPS systems. A trust interworking adaptor/agent, CPS assurance facet can be considered in the design. Cloud trust, public IoT are also the issues to address. Smart city context WI-64 (TR-36) Public IoT, city cloud.. NIST CPS WG, “Framework for Cyber-Physical System” Trust Management in oneM2M FP7 projects uTRUSTit , Inter-TRUST, COMPOSE, etc.

8 1. Definition of TRUST in oneM2M
General definition of TRUST Motivation of TRUST in IoT system Concept of trust and trust provisioning Trust relationship, trust domains Trust provisioning Necessity of TRUST in oneM2M oneM2M introduces the platform for horizontal integration Resource and data sharing, multi-party administrative domain/entity, and horizontal layering of CSE change the trust environment Potential risks in the large scale implementation of oneM2M and interworking in heterogeneous / time critical CPS environment

9 2. oneM2M TRUST establishment
High level Trust Goal of oneM2M - Areas of Trust models in oneM2M? Platform domain trust (enhanced security & trust of oneM2M) To make sure the oneM2M platform and related domains/entities interworking trustable, to support (existing) operations with (enhanced) trust. IoT trust (Cyber-Physical-Social System trust) Device trust : device reliability/ availability IoT data trust : OAM&P , data protocol Context-aware IoT trust : context-aware operation, share data analytics to applications Smart city & CPS trust (Trust for large scale/ time critical integration) Trust for heterogeneous platforms interworking : trust policy negotiation, etc. CPS trust: trust encompassing physical & cyber world. Trust assurance facet and/or digital object market Lifecycle management of Trust (in oneM2M) Assigning trust Evaluating and validating trust, Re-evaluating trust Invalidating trust, re-establishing trust Delegating, recommendation

10 Reference: ETSI-NFV-SEC-003
Assigning trust Trust or distrust other entity completely Criteria to assign it is on identity or context Evaluating and validating trust Validating trust is the exercise of going through the various measures of trust applicable for a particular trust relationship, evaluating the levels of trust assurance and, if they meet the criteria set, validating that trust relationship. Issues on the management of trust Parameter for trust evaluation Method for the evaluation (reputational, game theoretical, probabilistic, look-up) Re-evaluating / invalidating trust Re-establishing trust the process of recreating a trust relationship between entity A and entity B which has previously existed, but which has, for whatever reason, failed. two sets of options: delegation up the chain of trust and peer-mediated distrust.

11 3. oneM2M TRUST use cases Trust establishment for interworking oneM2M nodes under different ownership Trust establishment for oneM2M entities interworking with non-oneM2M entities in different ownership domains Trust establishment for oneM2M field node for device sharing Trust establishment for oneM2M data sharing, context-aware data sharing Trust establishment for oneM2M platform working in a smart city, in cooperation with heterogeneous type platforms Trust establishment for oneM2M platform working for an industry domain under a critical condition Trust establishment for oneM2M platform working for convergence service environment ( heterogeneous CPS system, ownership based trust application, etc.) Trust establishment for oneM2M platform with city cloud, public IoT, etc.

12 4. TRUST properties in oneM2M
Based upon the results from the research carried through the previous sections, TRUST properties of oneM2M will be broadly deducted: it would be a form of potential meta data of attributes related to the trustworthiness of oneM2M system It will also investigate the trust mechanisms necessary for oneM2M entities Research in the identity verification, authentication, and data privacy preservation are FFS.

Download ppt "Discussion on the Scope of TR- Trust Management in oneM2M"

Similar presentations

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: 2014-05-07 Discussion  Source: OBERTHUR Technologies Information  Contact:

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
FIA Budapest 18 May 2011 The socio-economic impacts of the Future Internet FIA Budapest 18 May 2011.

FIA Budapest 18 May 2011 The socio-economic impacts of the Future Internet FIA Budapest 18 May 2011.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:

Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Cloud Usability Framework

Cloud Usability Framework
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.

Jeju, 13 – 16 May 2013Standards for Shared ICT CYBERSECURITY-RELATED STANDARDS ACTIVITY IN THE TELECOMMUNICATIONS INDUSTRY ASSOCIATION Eric Barnhart, Fellow.
Network of Excellence in Internet Science Network of Excellence in Internet Science (EINS) Joint Workshop and 4 th Plenary Meeting Bologna June 13, 2014.

Network of Excellence in Internet Science Network of Excellence in Internet Science (EINS) Joint Workshop and 4 th Plenary Meeting Bologna June 13, 2014.
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:

Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
IOT5_20110011GISFI # 05, June 20 – 22, 2011, Hyderabad, India 1 Internet of Things Work Group Coordination Plan WG Chair.

IOT5_ GISFI # 05, June 20 – 22, 2011, Hyderabad, India 1 Internet of Things Work Group Coordination Plan WG Chair.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-19 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
ISO 9001:2008 to ISO 9001:2015 Summary of Changes

ISO 9001:2008 to ISO 9001:2015 Summary of Changes
NETWORKED EUROPEAN SOFTWARE & SERVICES INITIATIVE Future research challenges in dependability - an industrial perspective from NESSI Aljosa Pasic Atos.

NETWORKED EUROPEAN SOFTWARE & SERVICES INITIATIVE Future research challenges in dependability - an industrial perspective from NESSI Aljosa Pasic Atos.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-26 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Work Group / Work Item Proposal Slide 1 © 2012 oneM2M Partners oneM2M-TP-2012-0007-oneM2M_Work_Group_Work_Item_Proposal Group name: Technical Plenary Source:

Work Group / Work Item Proposal Slide 1 © 2012 oneM2M Partners oneM2M-TP oneM2M_Work_Group_Work_Item_Proposal Group name: Technical Plenary Source:

Similar presentations

Ads by Google