SlideShare a Scribd company logo

oneM2M security summary

Download as PPTX, PDF
J
Jongseok Choi

Summary of security functions in oneM2M

Science
1 of 49
OneM2M 개요 및 보안 최종석 2016.3.18
목차 OneM2M 개요 및 보안 목차 I. Introduction of OneM2M II. OneM2M Security Introduction Detailed of CSE Overview of Security Detatils of Security Functions
3 1. Introduction 2. Detailed of CSE I. Introduction of OneM2M
oneM2M 기술은 다양한 제품간 연결성을 바탕으로 새로운 제품 및 서비스로 손쉽게 확장 가능 IoT 플랫폼 보안 - OneM2M 플랫폼 WLAN PAN (Bluetooth) Mobile Network (LTE)WLAN/ZigBee “내 손안의 우리 집” “즐겁고 편한 운전 환경”“편리한 건강 관리” Smart Home Smart CarHealthcare Common Service Layer “플랫폼 공통화  고객의 가치 창조하는 새로운 M2M 서비스 창출 가능” Module Module Module Module Module Module Module Module Module Module Module Module Module Module Module I. Introduction of OneM2M
oneM2M Common Service Function oneM2M 핵심 요소 기술 스마트폰스마트가전 Access Networks (2G/3G/LTE/WiFi/ZigBee) Common Service Functions 스마트 그리드 헬스케어스마트홈 보안 스마트카 자동차센서 식별 체계 Delivery Handling 자원 탐색 데이터 관리 그룹 관리 위치 정보 네트워크 연동 장치 관리 데이터 서비스 부가 서비스 네트워크 서비스 • 데이터 탐색/저장/접근제어 기술 • 데이터 분석 기술 (Big Data) • 위치 정보 제공 기술 • 원격 장치 관리 기술 • 액세스 네트워크 (3GPP) 연동 기술 • QoS, Multicast/Broadcast 제어 기술 공통 서비스 • 어플리케이션 보안성 제공 • 글로벌 식별 체계 및 Delivery Handling Application M2M 서비스 플랫폼 Access Network Device/ Module M2M 주요 서비스 • 스마트 홈, 스마트 카 • 스마트 그리드, 헬스케어 WAN / HAN • Cellular Network (2G / 3G / LTE) • Wi-Fi / ZigBee / Bluetooth M2M Device/ Gateway • Smart TV, Smart Phone • Smart Meter, Health Sensor • Smart Gateway IoT 플랫폼 보안 - OneM2M 플랫폼 I. Introduction of OneM2M
IoT 플랫폼 보안 6 사물인터넷 플랫폼 보안 기술 정의 사례 2 OneM2M 보안 기술 – Privacy/Trust 관리 기술 – 인증/인가 기술 – 안전한 데이터 전송 기술 – 시스템 보안 기술 – Security Association 기술 Infrastructure domain Field domain Non-oneM2M Device Non-oneM2M Device Non-oneM2M Device Non-oneM2M Device To an Infrastructure Node of other M2M Service Providers IN-AE Mca Infrastructure Node(IN) IN-AE IN-CSE Mca Middle Node(IN) MN-CSE MN-AE Mca Middle Node(IN) Mca Mca Mca MN-CSE MN-AE Application Dedicated Node (ADN) ADN-AE Mca Application Service Node (ASN) ASN-AE ASN-CSE Application Dedicated Node (ADN) ADN-AE Mca Application Service Node (ASN) ASN-AE ASN-CSE Mcc’ Mcn Mcc Mcc Mcc McnMcn Mcc Mcc Mcn Mcn Link is out of scope Application Entity (AE) Mca Reference Point Mcn Reference Point Common Services Entity (CSE) Application and Service Layer Management Communication Management/ Delivery Handling Data Management & Repository Device Management Discobery Group Management Location Network Service Exposure/Service Ex+Triggering Registration Security Service Charging & Accounting Subscription and Notification Underlying Network Service Entity (NSE) II. OneM2M Security
Common Service Functions 7 Application Entity (AE) Mca Reference Point Mcn Reference Point Common Services Entity (CSE) Application and Service Layer Management Device Management Discovery Group Management Location Network Service Exposure/Service Ex+Triggering Registration Security Underlying Network Service Entity (NSE) Mcc Reference Point The services provided by the Common Services Layer in the M2M System. Reside within a CSE and are referred to as Common Services Functions (CSFs). The CSFs provide services to the AEs via the Mca Reference Point and to other CSEs via Mcc reference point. CSEs interact with the NSE via the Mcn reference point. Communication Management/ Delivery Handling Data Management & Repository Service Charging & Accounting Subscription and Notification I. Introduction of OneM2M
Common Service Functions - ASM 8 The ASM CSF provides management capabilities for CSEs and AEs. This includes capabilities to configure, troubleshoot and upgrade the functions of the CSE, as well as to upgrade the AEs. The management functions include : • Configuration Function (CF): This function enables the configuration of the capabilities and features of the CSE. • Software Management Function (SMF): This function provides lifecycle management for software components and associated artifacts (e.g. configuration files) for different entities such as CSE and AE. Application and Service Layer Management(ASM) I. Introduction of OneM2M
Common Service Functions – CMDH, DMR 9 • The CMDH CSF provides communications with other CSEs, AEs and NSEs. • The CMDH CSF decides at what time to use which communication connection for delivering communications and, when needed and allowed, to buffer communication requests so that they can be forwarded at a later time. This processing in the CMDH CSF is carried out per the provisioned CMDH policies and delivery handling parameters that can be specific to each request for communication. The Communication Management and Delivery Handling (CMDH) Data Management and Repository (DMR) • DMR CSF is responsible for providing data storage and mediation functions. • Ability to store data in an organized fashion so it is discernible. • Provides the means to aggregate data received from different entities. • Ability to grant access to data from remote CSEs and AEs based on defined access control policies, and trigger data processing based on data access. • Ability to provide the means to perform data analytics on large amount of data to allow service providers to provide value-added services. I. Introduction of OneM2M
Common Service Functions – DMG 10 Device Management (DMG) • The DMG CSF provides management of device capabilities on MNs (e.g. M2M Gateways), ASNs and ADNs (e.g. M2M Devices), as well as devices that reside within an M2M Area Network. Discovery (DIG) • The DIS CSF searches information about applications and services as contained in attributes and resources. I. Introduction of OneM2M
Common Service Functions – DIS, GMG, LOC 11 • The DIS CSF searches information about applications and services as contained in attributes and resources. • The result of a discovery request from an Originator depends upon the filter criteria(e.g. a combination of keywords, identifiers, location and semantic information) and is subject to access control policy allowed by M2M Service Subscription. Discovery (DIG) Group Management (GMG) • The GMG CSF is responsible for handling group related requests. • The GMG CSF enables the M2M System to perform bulk operations on multiple devices, applications or resources that are part of a group. In addition, the GMG CSF supports bulk operations to multiple resources of interest and aggregates the results. • The Location (LOC) CSF allows AEs to obtain geographical location information of Nodes (e.g. ASN, MN) for location-based services. Location (LOC) I. Introduction of OneM2M
Network Service Exposure, Service Execution and Triggering (NSSE) Common Service Functions – NSSE, REG, SEC 12 • The NSSE CSF manages communication with the Underlying Networks for obtaining network service functions on behalf of other CSFs, remote CSEs or AEs. • The NSSE CSF uses the Mcn reference point for communicating with the Underlying Networks. Registration (REG) • The Registration (REG) CSF processes a request from an AE or another CSE to register with a Registrar CSE in order to allow the registered entities to use the services offered by the Registrar CSE. The Security (SEC) CSF comprises the following functionalities: • Sensitive data handling • Security administration • Security association establishment • Access control including identification, authentication and authorization • Identity management Security (SEC) I. Introduction of OneM2M
• The Service Charging and Accounting (SCA) CSF provides charging functions for the Service Layer. • The SCA CSF performs information recording corresponding to a chargeable event based on the configured charging policies. • The SCA CSF sends the charging information transformed from the specific recorded information to the billing domain by the use of a standard or proprietary interface for charging purposes. Common Service Functions – SCA, SUB 13 Subscription and Notification (SUB) • The SUB CSF manages subscriptions to resources, subject to access control policies, and sends corresponding notifications to the address(es) where the resource subscribers want to receive them. Service Charging and Accounting (SCA) I. Introduction of OneM2M
II. OneM2M Security 14 1. Overview of Security 2. Security Architecture
IoT 플랫폼 보안 15 사물인터넷 플랫폼 보안 기술 정의 사례 3 OneM2M Security Architecture Security Services Security API (Mca, Mcc) (not specified in the present document) Security Functions Layer Identification And Authentication Authorization Identity Management Security Association Sensitive Data Handling Security Administration Secure Environment Abstraction Layer (not specified in the present document) Secure Environments Layer Secure Environment n Sensitive Data Sensitive Functions II. OneM2M Security
Security Layers Security Function Layer ▪ a set of security functions that are exposed at reference point Mca and Mcc. Security Environment Abstraction Layer ▪ security capabilities such as key derivation, data encryption/ decryption, signature generation/verification, security credential read/write from/to the Secure Environments, and so on. Secure Environment Layer ▪ provide various security services related to sensitive data storage and sensitive function execution.
Security Function Layer Identification and Authentication ▪ identification and mutual authentication of CSEs and Aes ▪ validating if the identity supplied in the identification step is associated with a trustworthy credential. Authorization ▪ authorizing services and data access to authenticated entities according to provisioned Access Control Policies (ACPs) and assigned roles. Identity Management ▪ oneM2M identities/identifiers to the requesting entity Security Association ▪ Secure Connection via secure session establishment. Sensitive Data Handling ▪ Sensitive Functions protection and secure storage. Security Administration ▪ remote security provisioning
Identity Management 18 Identity Management function defines many M2M M2M Identifiers Application Entity Identifier(AE-ID) Application Identifier(App-ID) CSE-Identifier(CSE-ID) M2M Node Identifier(M2M-Node-ID) M2M Service Subscription Identifier(M2M-Sub-ID) M2M Request Identifier(M2M-Request-ID) M2M External Identifier(M2M-Ext-ID) Underlying Network Identifier(UNetwork-ID) Trigger Recipient Identifier(Trigger-Recipient-ID) M2M Service Identifier(M2M-Sev-ID) Service Role Identifier(SRole-ID) M2M Service Profile Identifier(M2M-Service-Profile-ID) III. OneM2M Identifiers
M2M Identifiers on OneM2M 19 Application Entity Identifier(AE-ID) An Application Entity Identifier (AE-ID) uniquely identifies an AE resident on an M2M Node. AE-ID is globally unique within/outside M2M SP domain Application Identifier(App-ID) An Application Identifier (App-ID) uniquely identifies an M2M Application in a given context. Two Type App-ID(Registered App-ID) : guarantee to be globally unique. Non-Registered App-ID : not guarantee to be globally unique. III. OneM2M Identifiers
M2M Identifiers on OneM2M 20 CSE-Identifier(CSE-ID) A CSE shall be identified by a globally unique identifier, the CSE-ID, when instantiated within an M2M Node in the M2M System. The CSE-ID is globally unique, when used internally within/outside a specific M2M SP domain. The CSE-ID shall identify the CSE for the purpose of all interactions from/to the CSE within the M2M System. M2M Node Identifier(M2M-Node-ID) An M2M Node, hosting a CSE and/or Application(s) shall be identified by a globally unique identifier, the M2M-Node-ID. The M2M System shall allow the M2M Service Provider to set the CSE- ID and the M2M-Node-ID to the same value. The M2M-Node-ID enables the M2M Service Provider to bind a CSE-ID to a specific M2M Node. Examples of allocating a globally unique M2M-Node-ID include the use of Object Identity (OID) and IMEI. For details on OID, III. OneM2M Identifiers
M2M Identifiers on OneM2M 21 M2M Service Subscription Identifier(M2M-Sub-ID) The M2M-Sub-ID enables the M2M SP to bind application(s) to a particular M2M Service Subscription between an M2M subscriber and the M2M Service Provider. The M2M-Sub-ID is unique for every M2M subscriber. Characteristics: belongs to the M2M Service Provider; identifies the subscription to an M2M Service Provider; enables communication with the M2M Service Provider; can differ from the M2M Underlying Network Subscription Identifier. There can be multiple M2M Service Subscription Identifiers per M2M Underlying Network subscription. The M2M-Sub-ID shall not be exposed over any interface. III. OneM2M Identifiers
M2M Identifiers on OneM2M 22 M2M Request Identifier(M2M-Request-ID) The M2M-Request-ID tracks a Request initiated by an AE over the Mca reference point, and by a CSE over the Mcc reference point To enable an AE to track Requests and corresponding Responses over the Mca reference point, AEs shall include a distinct M2M Request Identifier per request M2M External Identifier(M2M-Ext-ID) The M2M-Ext-ID is used by an M2M SP when services are requested from the Underlying Network. allows the Underlying Network to identify the M2M Device (e.g. ASN, MN) associated with the CSE-ID. For each CSE-ID, there is only one M2M-Ext-ID for a specific UNetwork-ID. The mapping by the Underlying Network of the M2M-Ext-ID to the M2M Device is Underlying Network specific. The Underlying Network provider and the M2M SP collaborate for the assignment of an M2M-Ext-ID to each CSE. III. OneM2M Identifiers
M2M Identifiers on OneM2M 23 Underlying Network Identifier(UNetwork-ID) The UNetwork-ID is used for identifying an Underlying Network. UNetwork-ID is a static value and unique within a M2M Service Provider domain. For example, based on "policy", scheduling of traffic triggered by a certain event category in certain time periods may be allowed over Underlying Network "WLAN”. Trigger Recipient Identifier(Trigger-Recipient-ID) The Trigger-Recipient-ID is used to identify an instance of an ASN/MN- CSE on an execution environment. For example, when 3GPP device triggering is used, the Trigger- Recipient-ID maps to the AppID For pre-provisioned M2M-Ext-IDs, Trigger-Recipient-ID is provisioned at the Infrastructure Node along with the M2M-Ext-ID and the associated CSE-ID. For dynamic M2M-Ext-IDs, Trigger-Recipient-ID specific to the Underlying Network is provisioned at each M2M device in the Field Domain. Such Trigger-Recipient-ID is conveyed to the IN-CSE during CSE Registration III. OneM2M Identifiers
M2M Identifiers on OneM2M 24 M2M Service Identifier(M2M-Sev-ID) The M2M-Serv-ID is an identifier of a M2M Service offered by an M2M SP. It is an essential part of the M2M Service Subscription which stores a set of M2M-Serv-IDs pertaining to the set of subscribed services. Service Role Identifier(SRole-ID) The Service Role Identifier shall be used for service access authorization. In each M2M Service, one or multiple M2M Service Role(s) shall be defined by the M2M Service Provider. An M2M Service Role is defined as a create permission pertaining to resource types which are associated with M2M Service. III. OneM2M Identifiers
M2M Identifiers on OneM2M 25 M2M Service Profile Identifier(M2M-Service-Profile-ID) An M2M Service Profile Identifier defines M2M Service Roles as well as applicable rules governing the AEs registering with M2M Nodes and the AEs residing on these nodes. Every M2M Service Profile is allocated an identifier so it can be retrieved for verification purposes. belongs to the M2M Service Provider; identifies the M2M Service Roles as well as applicable rules governing AEs registering with an M2M node. The M2M Service Roles define the M2M Services authorized for the M2M Service Profile III. OneM2M Identifiers
Authorization
Access Control Policy For access to ACP resource type ▪ Evaluate to “Permi” for at least one selfPrivileges attributes For other resource type ▪ Evaluate to “Permit” for at least one privileges attributes For access decision ▪ The Access control mechanism assembles the information • Resource access request message • Contextual information
Details of Authorization Privilege and selfPrivileges attributes comprises a set of access control rules ▪ acrs = { acr(1), acr(2), ..., acr(K) } A Couple of parameters ▪ acr(k) = { acr(k)_accessControlOriginators, acr(k)_accessControlOperations} A 3-tuple of parameters ▪ acr(k) = { acr(k)_accessControlOriginators, acr(k)_accessControlOperations, acr(k)_accessControlContexts}
Details of parameters
Access decision The overall result of the access decision algorithm is denoted here with the variable name res_acrs: ▪ If the request matches the access control rules • TRUE or 1 ▪ Else • FALSE or 0
Access Decision 32 OneM2M Security Functions Layer Authorization Procedure Policy Enforcement Point(PEP) Policy Decision Point(PDP) Policy Retrieval Point(PRP) Policy Information Point(PIP) PDP 가 인가를 하기 위 해 PRP,PIP에게 정보를 언어오는 단계 PDP 가 접근 허용여부 를 결정하는 단계 II. OneM2M Security
Description of the Access Decision Algorithm ACPs as defined in XACML an <accessControlPolicy> resource represents a set of access control rules, acrs ▪ 1) If a decision is "Permit" for only a single access control rule included in the privileges (or selfPrivileges) attribute of a single ACP, the result is "Permit". Decision of Access Control Rule ▪ res_acrs = res_acr(1) or res_acr(2) ... or res_acr(K) • res_acr(i) = res_origs(i) and res_ops(i) and res_ctxts(i) where i = 1...K.
Description of Access Control Rules 34
Description of Access Control Contexts 35
Details of Decision 36
AE Impersonation Prevention Since several AEs can behave maliciously and pretend to be another AE with their ID changed, Receiver CSE needs prevention mechanism for AE impersonation.
Security Association 38 OneM2M Security Functions Layer Authentication • UN-SP : Underlying Network Service provider • GBA : Generic Bootstrapping Architecture • MEF : M2M enrolment function • BSF : Bootstrap service function • MAF : m2m authentication function • RSPF : remote security provisioning framework • SAEF : security association establishment framework ① Provisioned Symmetric Key Security Association Establishment Framework  미리 제공된 대칭키를 이용하 여 end-points간의 association 진행 ② Certificate-Based Security security Association Establishment Framework  개인 서명키와 인증서, 공개키 를 이용하여 association ③ MAF Security security Association Establishment Framework  3rd party service provider에 의 해서 진행됨 셋 중에 하나 사용 Certificate-Based SAEF와 Symmetric Key- Based SAEF는 Entity 간의 인증을 수행 MAF-Based SAEF는 3자간 인증을 수행 II. OneM2M Security
Security Association 39 All type of Association Establishment Frameworks General description of SAEF – Credential Configuration • 사전 파라미터 설정 단계 – Association Configuration • 상대방 정보 송수신 – Association Security Handshake • 상호 인증 II. OneM2M Security
Based on Provisioned Symmetric Key 40 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security- related properties.
Based on Certificate 41 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.
Based on MAF(M2M Authentication Function) 42 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.
Sensitive Data Handling This function provides data protection and secure storage. ▪ For the protection, oneM2M classfy the protection levels according to the kinds of data.
Security Administration For security administration ▪ oneM2M performs Remote Secuirty Provisioning Frameworks. They consist of the three types • Based on symmetric key • Based on Certificate • Based on GBA(General Bootstrapping Architecture)
Remote Security Provisioning Frameworks 45 OneM2M Security Framework Remote Security Provisioning Frameworks – Bootstrap Credential Configuration – Bootstrap Instruction Configuration – Bootstrap Enrolment Handshake – Enrolment Key Generation – Enrolment Phase II. OneM2M Security
Based on Symmetric Key 46 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.
Based on Certificate 47 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.
Based on GBA 48 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.
감사합니다 Q & A

Recommended

oneM2M Introduction and security
oneM2M Introduction and securityoneM2M Introduction and security
oneM2M Introduction and security
Jongseok Choi
 
Iot Service Layer Evolution
Iot Service Layer EvolutionIot Service Layer Evolution
Iot Service Layer Evolution
oneM2M
 
oneM2M overview
oneM2M overviewoneM2M overview
oneM2M overview
Young Sung Son
 
One m2m 2. requirements
One m2m 2. requirements One m2m 2. requirements
One m2m 2. requirements
Hamdamboy (함담보이)
 
oneM2M - Facing the challenges of M2M security and privacy
oneM2M - Facing the challenges of M2M security and privacyoneM2M - Facing the challenges of M2M security and privacy
oneM2M - Facing the challenges of M2M security and privacy
oneM2M
 
Eclipse OM2M: Standardized M2M service platform
Eclipse OM2M: Standardized M2M service platformEclipse OM2M: Standardized M2M service platform
Eclipse OM2M: Standardized M2M service platform
Mahdi Ben Alaya
 
One m2m
One m2mOne m2m
One m2m
Hamdamboy
 
oneM2M - Management, Abstraction and Semantics
oneM2M - Management, Abstraction and SemanticsoneM2M - Management, Abstraction and Semantics
oneM2M - Management, Abstraction and Semantics
oneM2M
 

Recommended

oneM2M Introduction and security
oneM2M Introduction and securityoneM2M Introduction and security
oneM2M Introduction and security
Jongseok Choi
 
Iot Service Layer Evolution
Iot Service Layer EvolutionIot Service Layer Evolution
Iot Service Layer Evolution
oneM2M
 
oneM2M overview
oneM2M overviewoneM2M overview
oneM2M overview
Young Sung Son
 
One m2m 2. requirements
One m2m 2. requirements One m2m 2. requirements
One m2m 2. requirements
Hamdamboy (함담보이)
 
oneM2M - Facing the challenges of M2M security and privacy
oneM2M - Facing the challenges of M2M security and privacyoneM2M - Facing the challenges of M2M security and privacy
oneM2M - Facing the challenges of M2M security and privacy
oneM2M
 
Eclipse OM2M: Standardized M2M service platform
Eclipse OM2M: Standardized M2M service platformEclipse OM2M: Standardized M2M service platform
Eclipse OM2M: Standardized M2M service platform
Mahdi Ben Alaya
 
One m2m
One m2mOne m2m
One m2m
Hamdamboy
 
oneM2M - Management, Abstraction and Semantics
oneM2M - Management, Abstraction and SemanticsoneM2M - Management, Abstraction and Semantics
oneM2M - Management, Abstraction and Semantics
oneM2M
 
oneM2M - how standardization enables the next internet evolution
oneM2M - how standardization enables the next internet evolutiononeM2M - how standardization enables the next internet evolution
oneM2M - how standardization enables the next internet evolution
oneM2M
 
A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...
Soumya Kanti Datta
 
oneM2M - taking a look inside
oneM2M - taking a look insideoneM2M - taking a look inside
oneM2M - taking a look inside
oneM2M
 
OneM2M - Views on Platform Interoperability
OneM2M - Views on Platform InteroperabilityOneM2M - Views on Platform Interoperability
OneM2M - Views on Platform Interoperability
AALForum
 
oneM2M - Release 1 Primer
oneM2M - Release 1 PrimeroneM2M - Release 1 Primer
oneM2M - Release 1 Primer
oneM2M
 
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...
oneM2M
 
Big data computing overview
Big data computing overviewBig data computing overview
Big data computing overview
Young Sung Son
 
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
Nexgen Technology
 
LTE Security Training – LTE and LTE-Advanced Security
LTE Security Training – LTE and LTE-Advanced SecurityLTE Security Training – LTE and LTE-Advanced Security
LTE Security Training – LTE and LTE-Advanced Security
Bryan Len
 
Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...
Alexander Decker
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
Kevin Mayo
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
Lan & Wan Solutions
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
Eberly Wilson
 
Network management ppt
Network management pptNetwork management ppt
Network management ppt
DheerajPachauri
 
Management and Provisioning of M2M Devices and Applications
Management and Provisioning of M2M Devices and ApplicationsManagement and Provisioning of M2M Devices and Applications
Management and Provisioning of M2M Devices and Applications
Musa Unmehopa
 
Strix nms
Strix nmsStrix nms
Strix nms
Chris Lee
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Ramesh Nagappan
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529
VMUG IT
 
Case Study on Intelligent IoT Platform
Case Study on Intelligent IoT PlatformCase Study on Intelligent IoT Platform
Case Study on Intelligent IoT Platform
Jongseok Choi
 
Lgpl license
Lgpl licenseLgpl license
Lgpl license
Eric Juan
 
Usage of GDB
Usage of GDBUsage of GDB
Usage of GDB
Jongseok Choi
 
PPDHTH3_HoangNhi
PPDHTH3_HoangNhiPPDHTH3_HoangNhi
PPDHTH3_HoangNhi
nhi104
 

More Related Content

What's hot

A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
Nexgen Technology
 
LTE Security Training – LTE and LTE-Advanced Security
LTE Security Training – LTE and LTE-Advanced SecurityLTE Security Training – LTE and LTE-Advanced Security
LTE Security Training – LTE and LTE-Advanced Security
Bryan Len
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Ramesh Nagappan
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529
VMUG IT
 

What's hot (18)

oneM2M - how standardization enables the next internet evolution
oneM2M - how standardization enables the next internet evolutiononeM2M - how standardization enables the next internet evolution
oneM2M - how standardization enables the next internet evolution
 
A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...A lightweight framework for efficient m2m device management in onem2m archite...
A lightweight framework for efficient m2m device management in onem2m archite...
 
oneM2M - taking a look inside
oneM2M - taking a look insideoneM2M - taking a look inside
oneM2M - taking a look inside
 
OneM2M - Views on Platform Interoperability
OneM2M - Views on Platform InteroperabilityOneM2M - Views on Platform Interoperability
OneM2M - Views on Platform Interoperability
 
oneM2M - Release 1 Primer
oneM2M - Release 1 PrimeroneM2M - Release 1 Primer
oneM2M - Release 1 Primer
 
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...
 
Big data computing overview
Big data computing overviewBig data computing overview
Big data computing overview
 
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
 
LTE Security Training – LTE and LTE-Advanced Security
LTE Security Training – LTE and LTE-Advanced SecurityLTE Security Training – LTE and LTE-Advanced Security
LTE Security Training – LTE and LTE-Advanced Security
 
Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...Present and desired network management to cope with the expected expansion, n...
Present and desired network management to cope with the expected expansion, n...
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-data
 
Software defined security-framework_final
Software defined security-framework_finalSoftware defined security-framework_final
Software defined security-framework_final
 
Network Architecture Review Checklist
Network Architecture Review ChecklistNetwork Architecture Review Checklist
Network Architecture Review Checklist
 
Network management ppt
Network management pptNetwork management ppt
Network management ppt
 
Management and Provisioning of M2M Devices and Applications
Management and Provisioning of M2M Devices and ApplicationsManagement and Provisioning of M2M Devices and Applications
Management and Provisioning of M2M Devices and Applications
 
Strix nms
Strix nmsStrix nms
Strix nms
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
 
VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529VMware NSX @ VMUG.IT 20150529
VMware NSX @ VMUG.IT 20150529
 

Viewers also liked

Lgpl license
Lgpl licenseLgpl license
Lgpl license
Eric Juan
 
See further_issue 2_resource-reckoning_v2 Copy
See further_issue 2_resource-reckoning_v2 CopySee further_issue 2_resource-reckoning_v2 Copy
See further_issue 2_resource-reckoning_v2 Copy
Dave Cheshire
 

Viewers also liked (9)

Case Study on Intelligent IoT Platform
Case Study on Intelligent IoT PlatformCase Study on Intelligent IoT Platform
Case Study on Intelligent IoT Platform
 
Lgpl license
Lgpl licenseLgpl license
Lgpl license
 
Usage of GDB
Usage of GDBUsage of GDB
Usage of GDB
 
PPDHTH3_HoangNhi
PPDHTH3_HoangNhiPPDHTH3_HoangNhi
PPDHTH3_HoangNhi
 
Повторення слів і виразів
Повторення слів і виразівПовторення слів і виразів
Повторення слів і виразів
 
Genel Destek Programı
Genel Destek ProgramıGenel Destek Programı
Genel Destek Programı
 
Decreto 1850 de 2002
Decreto 1850 de 2002Decreto 1850 de 2002
Decreto 1850 de 2002
 
See further_issue 2_resource-reckoning_v2 Copy
See further_issue 2_resource-reckoning_v2 CopySee further_issue 2_resource-reckoning_v2 Copy
See further_issue 2_resource-reckoning_v2 Copy
 
Mail art
Mail artMail art
Mail art
 

Similar to oneM2M security summary

Workshop on Large-scale Sensing For Future Cities'13 / Jorge Sousa: "SMART2M"
Workshop on Large-scale Sensing For Future Cities'13 / Jorge Sousa: "SMART2M"Workshop on Large-scale Sensing For Future Cities'13 / Jorge Sousa: "SMART2M"
Workshop on Large-scale Sensing For Future Cities'13 / Jorge Sousa: "SMART2M"
Future Cities Project
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
Cisco Service Provider
 
A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module
nexgentechnology
 
A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module
nexgentechnology
 
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
ijngnjournal
 
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
josephjonse
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
IJCNCJournal
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 

Similar to oneM2M security summary (20)

One m2m 3- managment_capability
One m2m 3- managment_capabilityOne m2m 3- managment_capability
One m2m 3- managment_capability
 
FIWARE Tech Summit - OpenMTC – OneM2M Middleware
FIWARE Tech Summit - OpenMTC – OneM2M MiddlewareFIWARE Tech Summit - OpenMTC – OneM2M Middleware
FIWARE Tech Summit - OpenMTC – OneM2M Middleware
 
Workshop on Large-scale Sensing For Future Cities'13 / Jorge Sousa: "SMART2M"
Workshop on Large-scale Sensing For Future Cities'13 / Jorge Sousa: "SMART2M"Workshop on Large-scale Sensing For Future Cities'13 / Jorge Sousa: "SMART2M"
Workshop on Large-scale Sensing For Future Cities'13 / Jorge Sousa: "SMART2M"
 
Cloud Security Solution Overview
Cloud Security Solution OverviewCloud Security Solution Overview
Cloud Security Solution Overview
 
A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module
 
A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module
 
A trusted iaa s environment
A trusted iaa s environmentA trusted iaa s environment
A trusted iaa s environment
 
Cloud models and platforms
Cloud models and platformsCloud models and platforms
Cloud models and platforms
 
Encapsulating Complexity in IoT Solutions
Encapsulating Complexity in IoT SolutionsEncapsulating Complexity in IoT Solutions
Encapsulating Complexity in IoT Solutions
 
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...
 
Computer Port IT Solutions JNTU Lecture
Computer Port IT Solutions JNTU LectureComputer Port IT Solutions JNTU Lecture
Computer Port IT Solutions JNTU Lecture
 
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...
 
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...
 
Bhadale group of companies cpsos services catalogue
Bhadale group of companies cpsos services catalogueBhadale group of companies cpsos services catalogue
Bhadale group of companies cpsos services catalogue
 
Industrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.pptIndustrial control systems cybersecurity.ppt
Industrial control systems cybersecurity.ppt
 
F5_and_Azure_v3.pptx
F5_and_Azure_v3.pptxF5_and_Azure_v3.pptx
F5_and_Azure_v3.pptx
 
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...
 
IRS_Tier_2_Compiler_Policy_V3
IRS_Tier_2_Compiler_Policy_V3IRS_Tier_2_Compiler_Policy_V3
IRS_Tier_2_Compiler_Policy_V3
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 

More from Jongseok Choi

More from Jongseok Choi (15)

Hyperledger 구조 분석
Hyperledger 구조 분석Hyperledger 구조 분석
Hyperledger 구조 분석
 
Blockchain trends and research
Blockchain trends and researchBlockchain trends and research
Blockchain trends and research
 
블록체인 개요
블록체인 개요블록체인 개요
블록체인 개요
 
Bitcoin and Ethereum
Bitcoin and EthereumBitcoin and Ethereum
Bitcoin and Ethereum
 
Effective Go
Effective GoEffective Go
Effective Go
 
IoT Introduction and Security
IoT Introduction and SecurityIoT Introduction and Security
IoT Introduction and Security
 
Gitlab.key
Gitlab.keyGitlab.key
Gitlab.key
 
Basic of Exploitation
Basic of ExploitationBasic of Exploitation
Basic of Exploitation
 
Web penetration
Web penetrationWeb penetration
Web penetration
 
Svn
SvnSvn
Svn
 
Trend briefs security
Trend briefs securityTrend briefs security
Trend briefs security
 
wordpress with nginx on virtualization, jail
wordpress with nginx on virtualization, jailwordpress with nginx on virtualization, jail
wordpress with nginx on virtualization, jail
 
Web hacking 개요
Web hacking 개요Web hacking 개요
Web hacking 개요
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Forensic 2
Forensic 2Forensic 2
Forensic 2
 

Recently uploaded

PODOCARPUS...........................pptx
PODOCARPUS...........................pptxPODOCARPUS...........................pptx
PODOCARPUS...........................pptx
Cherry
 
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRingsTransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
Sérgio Sacani
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Sérgio Sacani
 
Digital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptxDigital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptx
MohamedFarag457087
 
Human genetics..........................pptx
Human genetics..........................pptxHuman genetics..........................pptx
Human genetics..........................pptx
Cherry
 
Call Girls Ahmedabad +917728919243 call me Independent Escort Service
Call Girls Ahmedabad +917728919243 call me Independent Escort ServiceCall Girls Ahmedabad +917728919243 call me Independent Escort Service
Call Girls Ahmedabad +917728919243 call me Independent Escort Service
shivanisharma5244
 
POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.
Cherry
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Sérgio Sacani
 
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRLGwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
kantirani197
 

Recently uploaded (20)

FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
 
Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .
 
PODOCARPUS...........................pptx
PODOCARPUS...........................pptxPODOCARPUS...........................pptx
PODOCARPUS...........................pptx
 
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRingsTransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
TransientOffsetin14CAftertheCarringtonEventRecordedbyPolarTreeRings
 
Genome organization in virus,bacteria and eukaryotes.pptx
Genome organization in virus,bacteria and eukaryotes.pptxGenome organization in virus,bacteria and eukaryotes.pptx
Genome organization in virus,bacteria and eukaryotes.pptx
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
 
Digital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptxDigital Dentistry.Digital Dentistryvv.pptx
Digital Dentistry.Digital Dentistryvv.pptx
 
Concept of gene and Complementation test.pdf
Concept of gene and Complementation test.pdfConcept of gene and Complementation test.pdf
Concept of gene and Complementation test.pdf
 
Early Development of Mammals (Mouse and Human).pdf
Early Development of Mammals (Mouse and Human).pdfEarly Development of Mammals (Mouse and Human).pdf
Early Development of Mammals (Mouse and Human).pdf
 
Cot curve, melting temperature, unique and repetitive DNA
Cot curve, melting temperature, unique and repetitive DNACot curve, melting temperature, unique and repetitive DNA
Cot curve, melting temperature, unique and repetitive DNA
 
Use of mutants in understanding seedling development.pptx
Use of mutants in understanding seedling development.pptxUse of mutants in understanding seedling development.pptx
Use of mutants in understanding seedling development.pptx
 
Human genetics..........................pptx
Human genetics..........................pptxHuman genetics..........................pptx
Human genetics..........................pptx
 
Call Girls Ahmedabad +917728919243 call me Independent Escort Service
Call Girls Ahmedabad +917728919243 call me Independent Escort ServiceCall Girls Ahmedabad +917728919243 call me Independent Escort Service
Call Girls Ahmedabad +917728919243 call me Independent Escort Service
 
PATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICE
PATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICEPATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICE
PATNA CALL GIRLS 8617370543 LOW PRICE ESCORT SERVICE
 
POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.POGONATUM : morphology, anatomy, reproduction etc.
POGONATUM : morphology, anatomy, reproduction etc.
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
 
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRLGwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
Gwalior ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Gwalior ESCORT SERVICE❤CALL GIRL
 
Site specific recombination and transposition.........pdf
Site specific recombination and transposition.........pdfSite specific recombination and transposition.........pdf
Site specific recombination and transposition.........pdf
 
Cyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptxCyanide resistant respiration pathway.pptx
Cyanide resistant respiration pathway.pptx
 
Thyroid Physiology_Dr.E. Muralinath_ Associate Professor
Thyroid Physiology_Dr.E. Muralinath_ Associate ProfessorThyroid Physiology_Dr.E. Muralinath_ Associate Professor
Thyroid Physiology_Dr.E. Muralinath_ Associate Professor
 

oneM2M security summary

  • 1. OneM2M 개요 및 보안 최종석 2016.3.18
  • 2. 목차 OneM2M 개요 및 보안 목차 I. Introduction of OneM2M II. OneM2M Security Introduction Detailed of CSE Overview of Security Detatils of Security Functions
  • 3. 3 1. Introduction 2. Detailed of CSE I. Introduction of OneM2M
  • 4. oneM2M 기술은 다양한 제품간 연결성을 바탕으로 새로운 제품 및 서비스로 손쉽게 확장 가능 IoT 플랫폼 보안 - OneM2M 플랫폼 WLAN PAN (Bluetooth) Mobile Network (LTE)WLAN/ZigBee “내 손안의 우리 집” “즐겁고 편한 운전 환경”“편리한 건강 관리” Smart Home Smart CarHealthcare Common Service Layer “플랫폼 공통화  고객의 가치 창조하는 새로운 M2M 서비스 창출 가능” Module Module Module Module Module Module Module Module Module Module Module Module Module Module Module I. Introduction of OneM2M
  • 5. oneM2M Common Service Function oneM2M 핵심 요소 기술 스마트폰스마트가전 Access Networks (2G/3G/LTE/WiFi/ZigBee) Common Service Functions 스마트 그리드 헬스케어스마트홈 보안 스마트카 자동차센서 식별 체계 Delivery Handling 자원 탐색 데이터 관리 그룹 관리 위치 정보 네트워크 연동 장치 관리 데이터 서비스 부가 서비스 네트워크 서비스 • 데이터 탐색/저장/접근제어 기술 • 데이터 분석 기술 (Big Data) • 위치 정보 제공 기술 • 원격 장치 관리 기술 • 액세스 네트워크 (3GPP) 연동 기술 • QoS, Multicast/Broadcast 제어 기술 공통 서비스 • 어플리케이션 보안성 제공 • 글로벌 식별 체계 및 Delivery Handling Application M2M 서비스 플랫폼 Access Network Device/ Module M2M 주요 서비스 • 스마트 홈, 스마트 카 • 스마트 그리드, 헬스케어 WAN / HAN • Cellular Network (2G / 3G / LTE) • Wi-Fi / ZigBee / Bluetooth M2M Device/ Gateway • Smart TV, Smart Phone • Smart Meter, Health Sensor • Smart Gateway IoT 플랫폼 보안 - OneM2M 플랫폼 I. Introduction of OneM2M
  • 6. IoT 플랫폼 보안 6 사물인터넷 플랫폼 보안 기술 정의 사례 2 OneM2M 보안 기술 – Privacy/Trust 관리 기술 – 인증/인가 기술 – 안전한 데이터 전송 기술 – 시스템 보안 기술 – Security Association 기술 Infrastructure domain Field domain Non-oneM2M Device Non-oneM2M Device Non-oneM2M Device Non-oneM2M Device To an Infrastructure Node of other M2M Service Providers IN-AE Mca Infrastructure Node(IN) IN-AE IN-CSE Mca Middle Node(IN) MN-CSE MN-AE Mca Middle Node(IN) Mca Mca Mca MN-CSE MN-AE Application Dedicated Node (ADN) ADN-AE Mca Application Service Node (ASN) ASN-AE ASN-CSE Application Dedicated Node (ADN) ADN-AE Mca Application Service Node (ASN) ASN-AE ASN-CSE Mcc’ Mcn Mcc Mcc Mcc McnMcn Mcc Mcc Mcn Mcn Link is out of scope Application Entity (AE) Mca Reference Point Mcn Reference Point Common Services Entity (CSE) Application and Service Layer Management Communication Management/ Delivery Handling Data Management & Repository Device Management Discobery Group Management Location Network Service Exposure/Service Ex+Triggering Registration Security Service Charging & Accounting Subscription and Notification Underlying Network Service Entity (NSE) II. OneM2M Security
  • 7. Common Service Functions 7 Application Entity (AE) Mca Reference Point Mcn Reference Point Common Services Entity (CSE) Application and Service Layer Management Device Management Discovery Group Management Location Network Service Exposure/Service Ex+Triggering Registration Security Underlying Network Service Entity (NSE) Mcc Reference Point The services provided by the Common Services Layer in the M2M System. Reside within a CSE and are referred to as Common Services Functions (CSFs). The CSFs provide services to the AEs via the Mca Reference Point and to other CSEs via Mcc reference point. CSEs interact with the NSE via the Mcn reference point. Communication Management/ Delivery Handling Data Management & Repository Service Charging & Accounting Subscription and Notification I. Introduction of OneM2M
  • 8. Common Service Functions - ASM 8 The ASM CSF provides management capabilities for CSEs and AEs. This includes capabilities to configure, troubleshoot and upgrade the functions of the CSE, as well as to upgrade the AEs. The management functions include : • Configuration Function (CF): This function enables the configuration of the capabilities and features of the CSE. • Software Management Function (SMF): This function provides lifecycle management for software components and associated artifacts (e.g. configuration files) for different entities such as CSE and AE. Application and Service Layer Management(ASM) I. Introduction of OneM2M
  • 9. Common Service Functions – CMDH, DMR 9 • The CMDH CSF provides communications with other CSEs, AEs and NSEs. • The CMDH CSF decides at what time to use which communication connection for delivering communications and, when needed and allowed, to buffer communication requests so that they can be forwarded at a later time. This processing in the CMDH CSF is carried out per the provisioned CMDH policies and delivery handling parameters that can be specific to each request for communication. The Communication Management and Delivery Handling (CMDH) Data Management and Repository (DMR) • DMR CSF is responsible for providing data storage and mediation functions. • Ability to store data in an organized fashion so it is discernible. • Provides the means to aggregate data received from different entities. • Ability to grant access to data from remote CSEs and AEs based on defined access control policies, and trigger data processing based on data access. • Ability to provide the means to perform data analytics on large amount of data to allow service providers to provide value-added services. I. Introduction of OneM2M
  • 10. Common Service Functions – DMG 10 Device Management (DMG) • The DMG CSF provides management of device capabilities on MNs (e.g. M2M Gateways), ASNs and ADNs (e.g. M2M Devices), as well as devices that reside within an M2M Area Network. Discovery (DIG) • The DIS CSF searches information about applications and services as contained in attributes and resources. I. Introduction of OneM2M
  • 11. Common Service Functions – DIS, GMG, LOC 11 • The DIS CSF searches information about applications and services as contained in attributes and resources. • The result of a discovery request from an Originator depends upon the filter criteria(e.g. a combination of keywords, identifiers, location and semantic information) and is subject to access control policy allowed by M2M Service Subscription. Discovery (DIG) Group Management (GMG) • The GMG CSF is responsible for handling group related requests. • The GMG CSF enables the M2M System to perform bulk operations on multiple devices, applications or resources that are part of a group. In addition, the GMG CSF supports bulk operations to multiple resources of interest and aggregates the results. • The Location (LOC) CSF allows AEs to obtain geographical location information of Nodes (e.g. ASN, MN) for location-based services. Location (LOC) I. Introduction of OneM2M
  • 12. Network Service Exposure, Service Execution and Triggering (NSSE) Common Service Functions – NSSE, REG, SEC 12 • The NSSE CSF manages communication with the Underlying Networks for obtaining network service functions on behalf of other CSFs, remote CSEs or AEs. • The NSSE CSF uses the Mcn reference point for communicating with the Underlying Networks. Registration (REG) • The Registration (REG) CSF processes a request from an AE or another CSE to register with a Registrar CSE in order to allow the registered entities to use the services offered by the Registrar CSE. The Security (SEC) CSF comprises the following functionalities: • Sensitive data handling • Security administration • Security association establishment • Access control including identification, authentication and authorization • Identity management Security (SEC) I. Introduction of OneM2M
  • 13. • The Service Charging and Accounting (SCA) CSF provides charging functions for the Service Layer. • The SCA CSF performs information recording corresponding to a chargeable event based on the configured charging policies. • The SCA CSF sends the charging information transformed from the specific recorded information to the billing domain by the use of a standard or proprietary interface for charging purposes. Common Service Functions – SCA, SUB 13 Subscription and Notification (SUB) • The SUB CSF manages subscriptions to resources, subject to access control policies, and sends corresponding notifications to the address(es) where the resource subscribers want to receive them. Service Charging and Accounting (SCA) I. Introduction of OneM2M
  • 14. II. OneM2M Security 14 1. Overview of Security 2. Security Architecture
  • 15. IoT 플랫폼 보안 15 사물인터넷 플랫폼 보안 기술 정의 사례 3 OneM2M Security Architecture Security Services Security API (Mca, Mcc) (not specified in the present document) Security Functions Layer Identification And Authentication Authorization Identity Management Security Association Sensitive Data Handling Security Administration Secure Environment Abstraction Layer (not specified in the present document) Secure Environments Layer Secure Environment n Sensitive Data Sensitive Functions II. OneM2M Security
  • 16. Security Layers Security Function Layer ▪ a set of security functions that are exposed at reference point Mca and Mcc. Security Environment Abstraction Layer ▪ security capabilities such as key derivation, data encryption/ decryption, signature generation/verification, security credential read/write from/to the Secure Environments, and so on. Secure Environment Layer ▪ provide various security services related to sensitive data storage and sensitive function execution.
  • 17. Security Function Layer Identification and Authentication ▪ identification and mutual authentication of CSEs and Aes ▪ validating if the identity supplied in the identification step is associated with a trustworthy credential. Authorization ▪ authorizing services and data access to authenticated entities according to provisioned Access Control Policies (ACPs) and assigned roles. Identity Management ▪ oneM2M identities/identifiers to the requesting entity Security Association ▪ Secure Connection via secure session establishment. Sensitive Data Handling ▪ Sensitive Functions protection and secure storage. Security Administration ▪ remote security provisioning
  • 18. Identity Management 18 Identity Management function defines many M2M M2M Identifiers Application Entity Identifier(AE-ID) Application Identifier(App-ID) CSE-Identifier(CSE-ID) M2M Node Identifier(M2M-Node-ID) M2M Service Subscription Identifier(M2M-Sub-ID) M2M Request Identifier(M2M-Request-ID) M2M External Identifier(M2M-Ext-ID) Underlying Network Identifier(UNetwork-ID) Trigger Recipient Identifier(Trigger-Recipient-ID) M2M Service Identifier(M2M-Sev-ID) Service Role Identifier(SRole-ID) M2M Service Profile Identifier(M2M-Service-Profile-ID) III. OneM2M Identifiers
  • 19. M2M Identifiers on OneM2M 19 Application Entity Identifier(AE-ID) An Application Entity Identifier (AE-ID) uniquely identifies an AE resident on an M2M Node. AE-ID is globally unique within/outside M2M SP domain Application Identifier(App-ID) An Application Identifier (App-ID) uniquely identifies an M2M Application in a given context. Two Type App-ID(Registered App-ID) : guarantee to be globally unique. Non-Registered App-ID : not guarantee to be globally unique. III. OneM2M Identifiers
  • 20. M2M Identifiers on OneM2M 20 CSE-Identifier(CSE-ID) A CSE shall be identified by a globally unique identifier, the CSE-ID, when instantiated within an M2M Node in the M2M System. The CSE-ID is globally unique, when used internally within/outside a specific M2M SP domain. The CSE-ID shall identify the CSE for the purpose of all interactions from/to the CSE within the M2M System. M2M Node Identifier(M2M-Node-ID) An M2M Node, hosting a CSE and/or Application(s) shall be identified by a globally unique identifier, the M2M-Node-ID. The M2M System shall allow the M2M Service Provider to set the CSE- ID and the M2M-Node-ID to the same value. The M2M-Node-ID enables the M2M Service Provider to bind a CSE-ID to a specific M2M Node. Examples of allocating a globally unique M2M-Node-ID include the use of Object Identity (OID) and IMEI. For details on OID, III. OneM2M Identifiers
  • 21. M2M Identifiers on OneM2M 21 M2M Service Subscription Identifier(M2M-Sub-ID) The M2M-Sub-ID enables the M2M SP to bind application(s) to a particular M2M Service Subscription between an M2M subscriber and the M2M Service Provider. The M2M-Sub-ID is unique for every M2M subscriber. Characteristics: belongs to the M2M Service Provider; identifies the subscription to an M2M Service Provider; enables communication with the M2M Service Provider; can differ from the M2M Underlying Network Subscription Identifier. There can be multiple M2M Service Subscription Identifiers per M2M Underlying Network subscription. The M2M-Sub-ID shall not be exposed over any interface. III. OneM2M Identifiers
  • 22. M2M Identifiers on OneM2M 22 M2M Request Identifier(M2M-Request-ID) The M2M-Request-ID tracks a Request initiated by an AE over the Mca reference point, and by a CSE over the Mcc reference point To enable an AE to track Requests and corresponding Responses over the Mca reference point, AEs shall include a distinct M2M Request Identifier per request M2M External Identifier(M2M-Ext-ID) The M2M-Ext-ID is used by an M2M SP when services are requested from the Underlying Network. allows the Underlying Network to identify the M2M Device (e.g. ASN, MN) associated with the CSE-ID. For each CSE-ID, there is only one M2M-Ext-ID for a specific UNetwork-ID. The mapping by the Underlying Network of the M2M-Ext-ID to the M2M Device is Underlying Network specific. The Underlying Network provider and the M2M SP collaborate for the assignment of an M2M-Ext-ID to each CSE. III. OneM2M Identifiers
  • 23. M2M Identifiers on OneM2M 23 Underlying Network Identifier(UNetwork-ID) The UNetwork-ID is used for identifying an Underlying Network. UNetwork-ID is a static value and unique within a M2M Service Provider domain. For example, based on "policy", scheduling of traffic triggered by a certain event category in certain time periods may be allowed over Underlying Network "WLAN”. Trigger Recipient Identifier(Trigger-Recipient-ID) The Trigger-Recipient-ID is used to identify an instance of an ASN/MN- CSE on an execution environment. For example, when 3GPP device triggering is used, the Trigger- Recipient-ID maps to the AppID For pre-provisioned M2M-Ext-IDs, Trigger-Recipient-ID is provisioned at the Infrastructure Node along with the M2M-Ext-ID and the associated CSE-ID. For dynamic M2M-Ext-IDs, Trigger-Recipient-ID specific to the Underlying Network is provisioned at each M2M device in the Field Domain. Such Trigger-Recipient-ID is conveyed to the IN-CSE during CSE Registration III. OneM2M Identifiers
  • 24. M2M Identifiers on OneM2M 24 M2M Service Identifier(M2M-Sev-ID) The M2M-Serv-ID is an identifier of a M2M Service offered by an M2M SP. It is an essential part of the M2M Service Subscription which stores a set of M2M-Serv-IDs pertaining to the set of subscribed services. Service Role Identifier(SRole-ID) The Service Role Identifier shall be used for service access authorization. In each M2M Service, one or multiple M2M Service Role(s) shall be defined by the M2M Service Provider. An M2M Service Role is defined as a create permission pertaining to resource types which are associated with M2M Service. III. OneM2M Identifiers
  • 25. M2M Identifiers on OneM2M 25 M2M Service Profile Identifier(M2M-Service-Profile-ID) An M2M Service Profile Identifier defines M2M Service Roles as well as applicable rules governing the AEs registering with M2M Nodes and the AEs residing on these nodes. Every M2M Service Profile is allocated an identifier so it can be retrieved for verification purposes. belongs to the M2M Service Provider; identifies the M2M Service Roles as well as applicable rules governing AEs registering with an M2M node. The M2M Service Roles define the M2M Services authorized for the M2M Service Profile III. OneM2M Identifiers
  • 27. Access Control Policy For access to ACP resource type ▪ Evaluate to “Permi” for at least one selfPrivileges attributes For other resource type ▪ Evaluate to “Permit” for at least one privileges attributes For access decision ▪ The Access control mechanism assembles the information • Resource access request message • Contextual information
  • 28.
  • 29. Details of Authorization Privilege and selfPrivileges attributes comprises a set of access control rules ▪ acrs = { acr(1), acr(2), ..., acr(K) } A Couple of parameters ▪ acr(k) = { acr(k)_accessControlOriginators, acr(k)_accessControlOperations} A 3-tuple of parameters ▪ acr(k) = { acr(k)_accessControlOriginators, acr(k)_accessControlOperations, acr(k)_accessControlContexts}
  • 31. Access decision The overall result of the access decision algorithm is denoted here with the variable name res_acrs: ▪ If the request matches the access control rules • TRUE or 1 ▪ Else • FALSE or 0
  • 32. Access Decision 32 OneM2M Security Functions Layer Authorization Procedure Policy Enforcement Point(PEP) Policy Decision Point(PDP) Policy Retrieval Point(PRP) Policy Information Point(PIP) PDP 가 인가를 하기 위 해 PRP,PIP에게 정보를 언어오는 단계 PDP 가 접근 허용여부 를 결정하는 단계 II. OneM2M Security
  • 33. Description of the Access Decision Algorithm ACPs as defined in XACML an <accessControlPolicy> resource represents a set of access control rules, acrs ▪ 1) If a decision is "Permit" for only a single access control rule included in the privileges (or selfPrivileges) attribute of a single ACP, the result is "Permit". Decision of Access Control Rule ▪ res_acrs = res_acr(1) or res_acr(2) ... or res_acr(K) • res_acr(i) = res_origs(i) and res_ops(i) and res_ctxts(i) where i = 1...K.
  • 34. Description of Access Control Rules 34
  • 35. Description of Access Control Contexts 35
  • 37. AE Impersonation Prevention Since several AEs can behave maliciously and pretend to be another AE with their ID changed, Receiver CSE needs prevention mechanism for AE impersonation.
  • 38. Security Association 38 OneM2M Security Functions Layer Authentication • UN-SP : Underlying Network Service provider • GBA : Generic Bootstrapping Architecture • MEF : M2M enrolment function • BSF : Bootstrap service function • MAF : m2m authentication function • RSPF : remote security provisioning framework • SAEF : security association establishment framework ① Provisioned Symmetric Key Security Association Establishment Framework  미리 제공된 대칭키를 이용하 여 end-points간의 association 진행 ② Certificate-Based Security security Association Establishment Framework  개인 서명키와 인증서, 공개키 를 이용하여 association ③ MAF Security security Association Establishment Framework  3rd party service provider에 의 해서 진행됨 셋 중에 하나 사용 Certificate-Based SAEF와 Symmetric Key- Based SAEF는 Entity 간의 인증을 수행 MAF-Based SAEF는 3자간 인증을 수행 II. OneM2M Security
  • 39. Security Association 39 All type of Association Establishment Frameworks General description of SAEF – Credential Configuration • 사전 파라미터 설정 단계 – Association Configuration • 상대방 정보 송수신 – Association Security Handshake • 상호 인증 II. OneM2M Security
  • 40. Based on Provisioned Symmetric Key 40 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security- related properties.
  • 41. Based on Certificate 41 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.
  • 42. Based on MAF(M2M Authentication Function) 42 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.
  • 43. Sensitive Data Handling This function provides data protection and secure storage. ▪ For the protection, oneM2M classfy the protection levels according to the kinds of data.
  • 44. Security Administration For security administration ▪ oneM2M performs Remote Secuirty Provisioning Frameworks. They consist of the three types • Based on symmetric key • Based on Certificate • Based on GBA(General Bootstrapping Architecture)
  • 45. Remote Security Provisioning Frameworks 45 OneM2M Security Framework Remote Security Provisioning Frameworks – Bootstrap Credential Configuration – Bootstrap Instruction Configuration – Bootstrap Enrolment Handshake – Enrolment Key Generation – Enrolment Phase II. OneM2M Security
  • 46. Based on Symmetric Key 46 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.
  • 47. Based on Certificate 47 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.
  • 48. Based on GBA 48 NOTE: The following font colours differentiate the general topic that the text relates to: Blue italic text highlights details specific to this particular Security Association Establishment Framework. Purple italic text highlights technical actions that may include steps not specified by oneM2M. Red italic text highlights security-related properties.

Editor's Notes

  1. The M2M-Request-ID tracks a Request initiated by an AE over the Mca reference point, and by a CSE over the Mcc reference point, if applicable, end to end. It is also included in the Response to the Request over the Mca or Mcc reference points. To enable an AE to track Requests and corresponding Responses over the Mca reference point, AEs shall include a distinct M2M Request Identifier per request over the Mca Reference point to the CSE for any initiated request. The CSE shall make such M2M Request Identifier unique by prepending the CSE-relative AE-ID (see clause 7.2) in front of it. If the CSE creates an M2M Request Identifier, then the CSE shall maintain a binding between the M2M Request Identifier received from the AE and the M2M Request Identifier it created in its interactions towards other peer CSEs. The CSE shall include the M2M Request Identifier received from the AE in its Response to the AE. This binding shall be maintained by the CSE until the Request message sequence is completed. Note that the Request initiated by the CSE could be the result of an application Request, or a request initiated autonomously by the CSE to fulfil a service. In case an IN-CSE needs to send a request to a receiving CSE that is not reachable over any of the underlying networks, the IN-CSE initiates the procedure for "waking up" the Node hosting the receiving CSE by using procedures such as device triggering over the Mcn reference point. For Device Triggering, the triggering reference number to co-relate device triggering response is independent of the M2M Request Identifier. An IN-CSE may use the same value of an M2M-Request-Identifier in an incoming request for the triggering reference number in its interaction with the underlying network. A CSE receiving a Request from a peer CSE shall include the received M2M Request Identifier in all additional Requests unspanned (i.e. 1:1) it has to generate (including propagation of the incoming Request) and that are associated with the incoming Request, where applicable. If a Receiver CSE receives a request from an Originator for which another request with the same Request Identifier is already pending, the request shall be rejected. Otherwise - even if the same Request Identifier was already used by the same Originaor sometime in the past, the request shall be treated as a new request.
  2. The UNetwork-ID is used for identifying an Underlying Network. UNetwork-ID is a static value and unique within a M2M Service Provider domain. One or more Underlying Networks may be available at an M2M Node offering different sets of capabilities, availability schedules etc. Based on the "policy" information at the Node and the capabilities offered by the available Underlying Networks, appropriate Underlying Network can be chosen by using UNetwork-ID. For example, based on "policy", scheduling of traffic triggered by a certain event category in certain time periods may be allowed over Underlying Network "WLAN" but may not be allowed over Underlying Network "2G Cellular".
  3. The M2M-Serv-ID is an identifier of a M2M Service offered by an M2M SP. It is an essential part of the M2M Service Subscription which stores a set of M2M-Serv-IDs pertaining to the set of subscribed services. Beyond the set of services depicted in the present document it shall be possible for an M2M Service Provider to offer other services. Those will be identified by means of M2M SP specific M2M-Serv-IDs.
  4. An M2M Service Profile Identifier defines M2M Service Roles (see annex G), as well as applicable rules governing the AEs registering with M2M Nodes and the AEs residing on these nodes. Every M2M Service Profile is allocated an identifier so it can be retrieved for verification purposes. The M2M-Service-Profile-ID enables the M2M Service Provider to bind AE(s), applicable rules to these AEs, as well as M2M Service Roles to M2M nodes. An M2M-Service-Profile-ID shall be allocated to every M2M Node. The M2M Service Profile Identifier has the following characteristics: belongs to the M2M Service Provider; identifies the M2M Service Roles as well as applicable rules governing AEs registering with an M2M node. The M2M Service Roles define the M2M Services authorized for the M2M Service Profile (see annex G).