Presentation is loading. Please wait.

Presentation is loading. Please wait.

End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date: 2015-05-18.

Published byProsper Kennedy Modified over 9 years ago

Similar presentations

Presentation on theme: "End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date: 2015-05-18."— Presentation transcript:

1 End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, phawkes@qti.qualcomm.comphawkes@qti.qualcomm.com Meeting Date: 2015-05-18 Agenda Item: WI-0016

2 What is End-to-End Security End-to-End suggests that security protocol end-points are also the end-points of the protected protocol – Assumes that all other entities on the delivery path are untrusted. Application protocol Examples – End-to-End security for AE protocols would have AEs as the security protocol end-points – End-to-End security for management protocol content would have mgmt server and mgmt target as the security protocol end-points oneM2M Service Layer protocol examples – End-to-End security for oneM2M primitives would have the Originator and resource-hosting CSE asthe security protocol end-points Is this what we wanted? – Sometimes it is OK (or preferable) for one or more trusted CSEs on the delivery path to be the security protocol end-points

3 Example 1: Smart Meter Smart Meter deployment – Smart meter contains AEs and a CSE: generates readings Trusted by utility to maintain confidentiality & integrity of readings – Home gateway (Transit CSE): provides internet NOT trusted by utility to maintain integrity of readings – IN-CSE: Stores readings Trusted by utility to maintain confidentiality & integrity of readings – Utility AE retrieves readings from IN-CSE – Assume all hops secured using TLS A sensible choice of security end-points to protect readings from untrusted home gateway is – Smart-meter CSE: encryption and digital signature/MAC generation – IN-CSE decryption and digital signature/MAC verification

4 Example 2: eHealth eHealth deployment – Sensor contains AE: generates readings Talks securely to medical sensor hub, but can’t talk securely with eHealth Service AE – eHealth Hub CSE: stores readings for retrieval by eHealth Service AE Trusted by eHealth service to maintain confidentiality & integrity of readings – IN-CSE: forward messages between eHealth Hub and medical service AE Not trusted, by law, see readings in decrypted form – eHealth Service AE: retrieves readings from eHealth Hub CSE A sensible choice of security end-points to protect readings from IN-CSE is – eHealth Hub CSE : encryption and digital signature/MAC generation – eHealth Service AE decryption and digital signature/MAC verification

5 Proposed Definition End-to-End Security: mechanisms securing a payload or message so that it can be handled by untrusted entities on the delivery path The corresponding change to TR-0012 is proposed in SEC-2015-0512 “TR-0012 End-to-End Security Definition” © 2014 oneM2M Partners 5

Download ppt "End-to-End security definition Group Name: SEC WG4 Source: Phil Hawkes, Qualcomm, Meeting Date: 2015-05-18."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
CMDH Refinement Contribution: oneM2M-ARC-0397

CMDH Refinement Contribution: oneM2M-ARC-0397
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: 2014-05-07 Discussion  Source: OBERTHUR Technologies Information  Contact:

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.

Problem of Current Notification Group Name: ARC WG Source: Heedong Choi, LG Electronics, Meeting Date: ARC 9.0 Agenda Item: TBD.
Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.

Problem of non-Blocking Synchronous mode Group Name: ARC WG Source: Yuan Tao, Mitch Tseng, Huawei Technologies Meeting Date: ARC 15.0 Agenda Item: TBD.
Deployment Models A.e-Mail client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B.e-Mail client using Native S/MIME »Internet.

Deployment Models A. client (no S/MIME) »NHIN-Direct developed security agent »off-the-shelf S/MIME proxy B. client using Native S/MIME »Internet.
Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.

Diameter End-to-End Security: Keyed Message Digests, Digital Signatures, and Encryption draft-korhonen-dime-e2e-security-00 Jouni Korhonen, Hannes Tschofenig.
OneM2M-ARC-2013-0365-Service_examples_and_evolution Service examples and evolution Group Name: WG2 Source: Philip Jacobs, Cisco Systems,

OneM2M-ARC Service_examples_and_evolution Service examples and evolution Group Name: WG2 Source: Philip Jacobs, Cisco Systems,
On Persistent AE Identifiers Group Name: SEC#12.2 Source: Phil Hawkes, Qualcomm Inc (TIA), Francois Ennesser,

On Persistent AE Identifiers Group Name: SEC#12.2 Source: Phil Hawkes, Qualcomm Inc (TIA), Francois Ennesser,
Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)
Multi-Link Devices Group Name: WG1 Source: Kaonmedia, KETI Contact: Hwang Kwang Tae Yong-Suk Park

Multi-Link Devices Group Name: WG1 Source: Kaonmedia, KETI Contact: Hwang Kwang Tae Yong-Suk Park
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.

2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
oneM2M-OIC Interworking Technical Comparison

oneM2M-OIC Interworking Technical Comparison
Step by step approach Group Name: WG2

Step by step approach Group Name: WG2
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: 2013-11-19 Agenda Item:

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:
Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date: 2015-07-08.

Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

Similar presentations

Ads by Google