OneM2M is an IoT platform standard that defines common service functions for connecting various IoT devices and enabling new services. The document discusses OneM2M's security architecture which includes security function, environment abstraction and secure environment layers. The security function layer provides identification, authentication, authorization, security association and other functions to protect sensitive data and functions.
OneM2M is a standard that defines an architecture for M2M and IoT. It allows for interoperability between devices and networks from various vendors. The document discusses OneM2M's common service functions like data management, device management, and security functions. It also covers OneM2M's security framework, identifiers, and how it can interconnect with other protocols like AllJoyn and LWM2M.
This document provides an overview of oneM2M, a global standards initiative for machine-to-machine communications and the Internet of Things. It discusses oneM2M's history, establishment in 2012 with over 200 members, and release of standards including Release 1.0 in 2014 and Release 2.0 ongoing. The document outlines oneM2M's main functions such as data storage and sharing, as well as optional functions. It also summarizes several organizations' implementations of oneM2M standards through open-source platforms such as KETI's Mobius, the Eclipse Foundation's OM2M, and ETRI's COMUS platform.
This document contains requirements for the OneM2M standard specification. It includes over 100 functional requirements across various categories such as semantics, security, charging, and operations. It also describes functional roles in OneM2M including end users, application service providers, machine-to-machine service providers, and underlying network providers. The requirements cover supporting communication between devices and applications, reusing services from underlying networks, and managing devices and gateways.
oneM2M - Facing the challenges of M2M security and privacyoneM2M
This document discusses security challenges and solutions for machine-to-machine (M2M) communications based on the oneM2M architecture. It identifies three main challenges: the large variety of deployment scenarios, the need to support any device in any deployment, and the inability of devices to make autonomous privacy decisions. The document proposes solutions such as secure communication using TLS/DTLS, remote provisioning of credentials, and access control policies to address these challenges. It also discusses future challenges around decentralization, information sharing between deployments, and more complex authentication and authorization scenarios.
Eclipse OM2M: Standardized M2M service platformMahdi Ben Alaya
The document discusses a standardized M2M service platform developed by ETSI and OneM2M for M2M interoperability. It provides a Service Capability Layer (SCL) that includes common services. The SCL can be deployed on either the network domain or device/gateway domain. It implements a RESTful API and uses simple procedures and a standardized resource tree to structure data models. The platform runs on an OSGi Equinox runtime and uses plugins to provide functions like device management, communications bindings, and additional services. It has been used in experiments with smart building and IoT device mockups.
The document discusses OneM2M, an organization that is developing technical specifications for a common M2M Service Layer that can connect various devices worldwide. It describes OneM2M's founding partners and provides an overview of the functions and architecture proposed for the common M2M service layer, including device management, policy/resource management, API services, and data/metadata management. It also outlines the structure and resources in the service capability layer, such as the sclBase resource and its child resources like scls, applications, containers and groups.
oneM2M - Management, Abstraction and SemanticsoneM2M
The document discusses concepts related to management, abstraction, and semantics in oneM2M including:
- Management provides unified APIs for configuring, monitoring, and managing devices, applications, and service entities.
- Abstraction hides the complexity of specific technologies by providing a single, unified information model and methods for applications.
- Semantics adds meaning and relationships between concepts to enable machine understandable interoperability.
- oneM2M provides resource models and protocols for management, and attributes for basic semantic annotation. Interworking proxies map non-oneM2M models to common oneM2M resources.
OneM2M is a standard that defines an architecture for M2M and IoT. It allows for interoperability between devices and networks from various vendors. The document discusses OneM2M's common service functions like data management, device management, and security functions. It also covers OneM2M's security framework, identifiers, and how it can interconnect with other protocols like AllJoyn and LWM2M.
This document provides an overview of oneM2M, a global standards initiative for machine-to-machine communications and the Internet of Things. It discusses oneM2M's history, establishment in 2012 with over 200 members, and release of standards including Release 1.0 in 2014 and Release 2.0 ongoing. The document outlines oneM2M's main functions such as data storage and sharing, as well as optional functions. It also summarizes several organizations' implementations of oneM2M standards through open-source platforms such as KETI's Mobius, the Eclipse Foundation's OM2M, and ETRI's COMUS platform.
This document contains requirements for the OneM2M standard specification. It includes over 100 functional requirements across various categories such as semantics, security, charging, and operations. It also describes functional roles in OneM2M including end users, application service providers, machine-to-machine service providers, and underlying network providers. The requirements cover supporting communication between devices and applications, reusing services from underlying networks, and managing devices and gateways.
oneM2M - Facing the challenges of M2M security and privacyoneM2M
This document discusses security challenges and solutions for machine-to-machine (M2M) communications based on the oneM2M architecture. It identifies three main challenges: the large variety of deployment scenarios, the need to support any device in any deployment, and the inability of devices to make autonomous privacy decisions. The document proposes solutions such as secure communication using TLS/DTLS, remote provisioning of credentials, and access control policies to address these challenges. It also discusses future challenges around decentralization, information sharing between deployments, and more complex authentication and authorization scenarios.
Eclipse OM2M: Standardized M2M service platformMahdi Ben Alaya
The document discusses a standardized M2M service platform developed by ETSI and OneM2M for M2M interoperability. It provides a Service Capability Layer (SCL) that includes common services. The SCL can be deployed on either the network domain or device/gateway domain. It implements a RESTful API and uses simple procedures and a standardized resource tree to structure data models. The platform runs on an OSGi Equinox runtime and uses plugins to provide functions like device management, communications bindings, and additional services. It has been used in experiments with smart building and IoT device mockups.
The document discusses OneM2M, an organization that is developing technical specifications for a common M2M Service Layer that can connect various devices worldwide. It describes OneM2M's founding partners and provides an overview of the functions and architecture proposed for the common M2M service layer, including device management, policy/resource management, API services, and data/metadata management. It also outlines the structure and resources in the service capability layer, such as the sclBase resource and its child resources like scls, applications, containers and groups.
oneM2M - Management, Abstraction and SemanticsoneM2M
The document discusses concepts related to management, abstraction, and semantics in oneM2M including:
- Management provides unified APIs for configuring, monitoring, and managing devices, applications, and service entities.
- Abstraction hides the complexity of specific technologies by providing a single, unified information model and methods for applications.
- Semantics adds meaning and relationships between concepts to enable machine understandable interoperability.
- oneM2M provides resource models and protocols for management, and attributes for basic semantic annotation. Interworking proxies map non-oneM2M models to common oneM2M resources.
A lightweight framework for efficient m2m device management in onem2m archite...Soumya Kanti Datta
This document proposes a lightweight framework for efficient M2M device management in oneM2M architecture. It describes using CoRE Link format to represent M2M devices and endpoints, an architecture with a proxy layer to manage legacy devices, and phases of operation including registration, service enablement, and unregistration. The framework is designed to be flexible, scalable and support dynamic addition and removal of devices.
OneM2M is a standards organization that defines a common service layer for the Internet of Things and machine-to-machine communications. The oneM2M service layer provides functions like data sharing, access control, and event notification that are commonly needed for IoT applications. It connects IoT devices, gateways, and applications in a standardized way and hides the complexity of network usage. The oneM2M standard aims to reduce costs for developers and service providers by avoiding duplication of efforts across different industries and promoting reuse of common IoT functions.
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...oneM2M
oneM2M is a global standard that enables interoperability across different vertical industry domains by providing a common service layer. It fits into the IoT landscape by standardizing connectivity and data interfaces for applications and devices. oneM2M solves problems around data storage, connectivity control, application and device portability, and data interoperability by defining functions like registration, discovery, security and device management. Devices can connect to oneM2M infrastructure using different node types.
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULENexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
LTE Security Training – LTE and LTE-Advanced SecurityBryan Len
Length: 2 Days
LTE Security Training course focuses in detail the security mechanisms employed to meet current and future LTE requirements.
LTE Security Training explains how LTE/E-UTRAN and EPC security substantially extends GSM, 3G/UMTS, and IMS security. LTE security training also highlights the E-UTRAN, EPC and IMS security architectural.
Some of the basics learning highlights:
Shows how GSM and 3G/UMTS security was enhanced and extended to meet the requirements of LTE and LTE/Advanced fourth generation systems
Shows concepts behind LTE/E-UTRAN, LTE-Advanced, EPC, IMS and Voice over LTE (VoLTE) Security
Explains why LTE security solutions are designed
Topics Included:
Evolution of Cellular Systems from GSM to LTE-Advanced
Introduction to LTE and LTE-Advanced
Basic Security Concepts
Basic Cryptographic Concepts
Principles of GSM Security
GSM Cryptographic Algorithms
Principles of Third-Generation (3G) Security
UMTS Cryptographic Algorithms
3G–WLAN Interworking
Generic Bootstrapping Architecture (GBA /GAA)
Security Mechanisms of 3G–WLAN Interworking
Cryptographic Algorithms for 3G–WLAN Interworking
EPS Security Architecture
Requirements and Features of EPS Security
EPS Authentication and Key Agreement (AKA)
EPS Authentication and Key Agreement Procedure
Key Hierarchy
EPS Protection for Signaling and User Data
NAS Signaling Protection
AS Signaling and User Data Protection
The AS (RRC and UP) and NAS Security
NAS and AS protection keys
The eNB cryptographically keys
NAS (EPC/UE) level AKA procedure (KASME)
key identifier (KSIASME)
Certificate Enrolment for Base Stations
Security in Intra-LTE State Transitions and Mobility
Transitions to and from Registered State
Periodic Local Authentication Procedure
More...
Request more information regarding LTE and LTE advanced security training. Visit tonex.com for course and workshop detail.
LTE Security Training – LTE and LTE-Advanced Security
https://www.tonex.com/training-courses/lte-security-training/
Present and desired network management to cope with the expected expansion, n...Alexander Decker
This document summarizes the present and desired network management approaches for the Nelson Mandela African Institute of Science and Technology (NM-AIST) network to cope with expected expansion. It discusses the five functional areas of network management according to the ISO (International Organization for Standardization) model - fault management, configuration management, performance management, security management, and accounting management. For each area, it provides an overview of the current approach at NM-AIST and recommendations for improvements to effectively manage current and future growth of the network.
The document discusses securing classified networks and sensitive data through the use of a Secure Network Access Platform (SNAP). SNAP allows users to securely access multiple isolated security domains from a single thin client desktop while preserving network isolation. It implements role-based access control, mandatory access controls, and label-based security to control access between security domains. SNAP leverages the security capabilities of the Solaris 10 operating system with Trusted Extensions to provide a certified, multi-level secure computing environment for government users.
1) Fortinet's software-defined security framework provides security that integrates with underlying cloud and SDN platforms through virtual appliances, platform orchestration, and centralized management.
2) The framework allows for scale-out of virtual firewalls across hypervisors and auto-provisioning of firewall rules for workloads in public clouds.
3) Fortinet partners with VMware, Cisco, and OpenStack to provide security solutions that support virtualization, SDN controllers, and public cloud platforms.
The primary goal of the checklist is to make it useful and as a trusted guide for IT Auditors,Security Consultant in Network Architecture Review assignments.The checklist is drawn from numerous resources referred and my experience in network architecture reviews.Though the essentially doesn't essentially cover all elements of a network architecture review,I have tried to bring in aspects of the security element in a network architecture
This document provides an overview of network management, including the key functions of configuration management, fault management, performance management, security management, and accounting management. It describes the Simple Network Management Protocol (SNMP) framework used for monitoring and maintaining networks, including the Structure of Management Information (SMI) and Management Information Base (MIB). The roles of the SNMP manager and agent are defined, along with how SMI defines object names, data types, and encoding, while MIB contains the collection of objects that can be managed.
Management and Provisioning of M2M Devices and ApplicationsMusa Unmehopa
Management and Provisioning of M2M Devices and Applications, presentation by Musa Unmehopa (chairman of the Technical Plenary at the Open Mobile Alliance) to CommunicAsia 2012 conference in Singapore, 19 June 2012.
Remote device management and provisioning of all these M2M devices
will be a critical aspect to support this tremendous growth opportunity.
Connecting, provisioning and managing all these billions of M2M devices will unlock
tremendous potential to provide innovative and exciting applications.
Check out the OMA API Program at http://www.openmobilealliance.org/API/
Strix Manager/One is a centralized element management system that allows network operators to deploy, provision, monitor, manage and configure large metro-scale Wi-Fi mesh networks of Strix Access/One units. It provides a unified view of the entire network, real-time monitoring of network health and performance, alarm reporting, software upgrades, and customizable device and network configuration profiles. Strix Manager/One integrates with external network management systems using SNMP and proprietary MIBs.
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityRamesh Nagappan
The document discusses enabling wire-speed cryptography for securing Oracle SOA and Java EE applications using Sun Chip Multithreading (CMT) systems. It covers how the Sun CMT architecture includes an on-chip cryptographic accelerator that offloads cryptographic operations from the CPU. It provides examples of configuring the Solaris kernel SSL proxy and WebLogic SSL to leverage the on-chip acceleration for SSL handshakes and bulk encryption. The document aims to help organizations adopt Sun CMT servers to achieve security, performance and compliance goals in a cost-effective manner.
This document provides an overview of VMware NSX network virtualization. It discusses key functions of network virtualization and components of NSX including the management, control, and data planes. It also describes how NSX enables micro-segmentation through logical grouping of workloads into security groups and enforcing network policies based on these groups rather than physical topology. Examples of use cases for network segmentation, multi-tenancy, and VDI are also summarized.
The document discusses the interaction between a device, broker, platform and cognitive framework. It describes how the device connects to the broker using WiFi and then interacts with the broker, platform and cognitive framework. It also mentions services provided by the broker to the device.
This document is the GNU Library General Public License which guarantees users' freedom to share and change libraries. It allows developers to use free libraries in non-free programs while preserving users' freedom to modify libraries. The license requires libraries distributed under it to provide users with complete source code and ensure modified versions remain freely distributable.
As the first class of system security, We studied on usage of GDB. After finishing the description about GDB, We had the time of experimentation.
For the practice, you can join and download the file including two flags at http://cafe.naver.com/artofthings/2063.
A lightweight framework for efficient m2m device management in onem2m archite...Soumya Kanti Datta
This document proposes a lightweight framework for efficient M2M device management in oneM2M architecture. It describes using CoRE Link format to represent M2M devices and endpoints, an architecture with a proxy layer to manage legacy devices, and phases of operation including registration, service enablement, and unregistration. The framework is designed to be flexible, scalable and support dynamic addition and removal of devices.
OneM2M is a standards organization that defines a common service layer for the Internet of Things and machine-to-machine communications. The oneM2M service layer provides functions like data sharing, access control, and event notification that are commonly needed for IoT applications. It connects IoT devices, gateways, and applications in a standardized way and hides the complexity of network usage. The oneM2M standard aims to reduce costs for developers and service providers by avoiding duplication of efforts across different industries and promoting reuse of common IoT functions.
How oneM2M fits into the IoT Landscape - enabling cross vertical domain inter...oneM2M
oneM2M is a global standard that enables interoperability across different vertical industry domains by providing a common service layer. It fits into the IoT landscape by standardizing connectivity and data interfaces for applications and devices. oneM2M solves problems around data storage, connectivity control, application and device portability, and data interoperability by defining functions like registration, discovery, security and device management. Devices can connect to oneM2M infrastructure using different node types.
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULENexgen Technology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
LTE Security Training – LTE and LTE-Advanced SecurityBryan Len
Length: 2 Days
LTE Security Training course focuses in detail the security mechanisms employed to meet current and future LTE requirements.
LTE Security Training explains how LTE/E-UTRAN and EPC security substantially extends GSM, 3G/UMTS, and IMS security. LTE security training also highlights the E-UTRAN, EPC and IMS security architectural.
Some of the basics learning highlights:
Shows how GSM and 3G/UMTS security was enhanced and extended to meet the requirements of LTE and LTE/Advanced fourth generation systems
Shows concepts behind LTE/E-UTRAN, LTE-Advanced, EPC, IMS and Voice over LTE (VoLTE) Security
Explains why LTE security solutions are designed
Topics Included:
Evolution of Cellular Systems from GSM to LTE-Advanced
Introduction to LTE and LTE-Advanced
Basic Security Concepts
Basic Cryptographic Concepts
Principles of GSM Security
GSM Cryptographic Algorithms
Principles of Third-Generation (3G) Security
UMTS Cryptographic Algorithms
3G–WLAN Interworking
Generic Bootstrapping Architecture (GBA /GAA)
Security Mechanisms of 3G–WLAN Interworking
Cryptographic Algorithms for 3G–WLAN Interworking
EPS Security Architecture
Requirements and Features of EPS Security
EPS Authentication and Key Agreement (AKA)
EPS Authentication and Key Agreement Procedure
Key Hierarchy
EPS Protection for Signaling and User Data
NAS Signaling Protection
AS Signaling and User Data Protection
The AS (RRC and UP) and NAS Security
NAS and AS protection keys
The eNB cryptographically keys
NAS (EPC/UE) level AKA procedure (KASME)
key identifier (KSIASME)
Certificate Enrolment for Base Stations
Security in Intra-LTE State Transitions and Mobility
Transitions to and from Registered State
Periodic Local Authentication Procedure
More...
Request more information regarding LTE and LTE advanced security training. Visit tonex.com for course and workshop detail.
LTE Security Training – LTE and LTE-Advanced Security
https://www.tonex.com/training-courses/lte-security-training/
Present and desired network management to cope with the expected expansion, n...Alexander Decker
This document summarizes the present and desired network management approaches for the Nelson Mandela African Institute of Science and Technology (NM-AIST) network to cope with expected expansion. It discusses the five functional areas of network management according to the ISO (International Organization for Standardization) model - fault management, configuration management, performance management, security management, and accounting management. For each area, it provides an overview of the current approach at NM-AIST and recommendations for improvements to effectively manage current and future growth of the network.
The document discusses securing classified networks and sensitive data through the use of a Secure Network Access Platform (SNAP). SNAP allows users to securely access multiple isolated security domains from a single thin client desktop while preserving network isolation. It implements role-based access control, mandatory access controls, and label-based security to control access between security domains. SNAP leverages the security capabilities of the Solaris 10 operating system with Trusted Extensions to provide a certified, multi-level secure computing environment for government users.
1) Fortinet's software-defined security framework provides security that integrates with underlying cloud and SDN platforms through virtual appliances, platform orchestration, and centralized management.
2) The framework allows for scale-out of virtual firewalls across hypervisors and auto-provisioning of firewall rules for workloads in public clouds.
3) Fortinet partners with VMware, Cisco, and OpenStack to provide security solutions that support virtualization, SDN controllers, and public cloud platforms.
The primary goal of the checklist is to make it useful and as a trusted guide for IT Auditors,Security Consultant in Network Architecture Review assignments.The checklist is drawn from numerous resources referred and my experience in network architecture reviews.Though the essentially doesn't essentially cover all elements of a network architecture review,I have tried to bring in aspects of the security element in a network architecture
This document provides an overview of network management, including the key functions of configuration management, fault management, performance management, security management, and accounting management. It describes the Simple Network Management Protocol (SNMP) framework used for monitoring and maintaining networks, including the Structure of Management Information (SMI) and Management Information Base (MIB). The roles of the SNMP manager and agent are defined, along with how SMI defines object names, data types, and encoding, while MIB contains the collection of objects that can be managed.
Management and Provisioning of M2M Devices and ApplicationsMusa Unmehopa
Management and Provisioning of M2M Devices and Applications, presentation by Musa Unmehopa (chairman of the Technical Plenary at the Open Mobile Alliance) to CommunicAsia 2012 conference in Singapore, 19 June 2012.
Remote device management and provisioning of all these M2M devices
will be a critical aspect to support this tremendous growth opportunity.
Connecting, provisioning and managing all these billions of M2M devices will unlock
tremendous potential to provide innovative and exciting applications.
Check out the OMA API Program at http://www.openmobilealliance.org/API/
Strix Manager/One is a centralized element management system that allows network operators to deploy, provision, monitor, manage and configure large metro-scale Wi-Fi mesh networks of Strix Access/One units. It provides a unified view of the entire network, real-time monitoring of network health and performance, alarm reporting, software upgrades, and customizable device and network configuration profiles. Strix Manager/One integrates with external network management systems using SNMP and proprietary MIBs.
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityRamesh Nagappan
The document discusses enabling wire-speed cryptography for securing Oracle SOA and Java EE applications using Sun Chip Multithreading (CMT) systems. It covers how the Sun CMT architecture includes an on-chip cryptographic accelerator that offloads cryptographic operations from the CPU. It provides examples of configuring the Solaris kernel SSL proxy and WebLogic SSL to leverage the on-chip acceleration for SSL handshakes and bulk encryption. The document aims to help organizations adopt Sun CMT servers to achieve security, performance and compliance goals in a cost-effective manner.
This document provides an overview of VMware NSX network virtualization. It discusses key functions of network virtualization and components of NSX including the management, control, and data planes. It also describes how NSX enables micro-segmentation through logical grouping of workloads into security groups and enforcing network policies based on these groups rather than physical topology. Examples of use cases for network segmentation, multi-tenancy, and VDI are also summarized.
The document discusses the interaction between a device, broker, platform and cognitive framework. It describes how the device connects to the broker using WiFi and then interacts with the broker, platform and cognitive framework. It also mentions services provided by the broker to the device.
This document is the GNU Library General Public License which guarantees users' freedom to share and change libraries. It allows developers to use free libraries in non-free programs while preserving users' freedom to modify libraries. The license requires libraries distributed under it to provide users with complete source code and ensure modified versions remain freely distributable.
As the first class of system security, We studied on usage of GDB. After finishing the description about GDB, We had the time of experimentation.
For the practice, you can join and download the file including two flags at http://cafe.naver.com/artofthings/2063.
The document discusses the importance of repetition for students to remember vocabulary, especially without regular English use outside of class. It recommends allocating 10-15 minutes of a 1.5 hour class or 5-10 minutes of a 1 hour class for repetition activities. Several fun and engaging games for vocabulary repetition are described, including Charades, Pictionary, matching words with definitions, creating sentences with words, storytelling, consequences, question games like "Why-because" and guessing identities with clues. The document encourages sharing other effective repetition games.
Este decreto establece las normas sobre la organización de la jornada escolar y laboral de docentes y directivos docentes en establecimientos educativos estatales. Define la jornada escolar como el tiempo dedicado a estudiantes y establece intensidades horarias mínimas semanales y anuales. También define la asignación académica de docentes, las actividades de desarrollo institucional y las jornadas laborales de docentes y directivos, que deben dedicar un mínimo de 8 y 6 horas diarias respectivamente.
See further_issue 2_resource-reckoning_v2 CopyDave Cheshire
The document discusses moving from a linear economy to a more circular economy for office design and fit outs. A circular economy aims to keep materials and components in use longer through reuse, reclamation and recycling. It involves leasing products like furniture and lighting instead of purchasing them, so the manufacturer is responsible for maintenance and upgrades. Office components like partitions should have modular, flexible designs allowing reconfiguration and reuse. Following circular economy principles can help design offices that are more sustainable and adaptable to changing needs.
This document discusses OneM2M standard specifications for functional architecture. It includes:
- An overview of the OneM2M specification schedule and contents
- Descriptions of common services functions and application and service layer management
- Explanations of the functional architecture, including infrastructure nodes, middle nodes, and application service nodes
Workshop on Large-scale Sensing For Future Cities'13 / Jorge Sousa: "SMART2M"Future Cities Project
Smart2M is a machine-to-machine platform that simplifies managing connectivity and accelerates developing new services across industries like energy, manufacturing, healthcare, and transportation. It offers integrated management of connectivity, devices, data, and applications to help communication service providers and machine-to-machine service providers create new revenue streams and differentiate their services. Smart2M allows faster development of innovative applications and unified, state-of-the-art management of SIM cards and connectivity resources.
As more enterprises and small and medium (SMB) businesses move critical data and applications over to virtualized, multi-tenant systems in public and private clouds, cyber-criminals will aggressively attack potential security vulnerabilities. Security strategies and best practices must evolve to mitigate rapidly emerging, increasingly dangerous threats. The Cisco VMDC Cloud Security 1.0 solution protects against such threats, and provides a reference design for effectively and economically securing cloud-based physical and virtualized cloud data center deployments.
This design guide describes how to build security into cloud data center deployments. The VMDC Cloud Security 1.0 solution integrates additional security capabilities into data center design with minimal deployment risks, addresses governance and regulatory requirements, and provides improved technical controls to reduce security threats.
Providing end-to-end security for multi-tenant cloud data centers is a critical task that challenges service providers (SPs) and enterprises. However, deploying successful cloud data centers depends upon on end-to-end security in both data center infrastructures and the virtualized environments that host application and service loads for cloud consumers.
A Trusted IaaS Environment with Hardware Security Modulenexgentechnology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
A Trusted IaaS Environment with Hardware Security Modulenexgentechnology
bulk ieee projects in pondicherry,ieee projects in pondicherry,final year ieee projects in pondicherry
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Nexgen Technology Address:
Nexgen Technology
No :66,4th cross,Venkata nagar,
Near SBI ATM,
Puducherry.
Email Id: praveen@nexgenproject.com.
www.nexgenproject.com
Mobile: 9751442511,9791938249
Telephone: 0413-2211159.
NEXGEN TECHNOLOGY as an efficient Software Training Center located at Pondicherry with IT Training on IEEE Projects in Android,IEEE IT B.Tech Student Projects, Android Projects Training with Placements Pondicherry, IEEE projects in pondicherry, final IEEE Projects in Pondicherry , MCA, BTech, BCA Projects in Pondicherry, Bulk IEEE PROJECTS IN Pondicherry.So far we have reached almost all engineering colleges located in Pondicherry and around 90km
Cloud computing provides on-demand access to shared configurable computing resources like servers, storage, databases, networking, software, analytics and more via the internet with minimal management effort. It has 5 essential characteristics, 3 service models (SaaS, PaaS, IaaS), and 4 deployment models (private, public, hybrid, community). Security is a major concern in cloud computing due to issues like data ownership, multi-tenancy, loss of physical control and proprietary implementations. A typical use case of provisioning a virtual machine involves a user request, provisioning by cloud management, and access to the ready VM.
Secure Channel Establishment Techniques for Homomorphic Encryption in Cloud C...IRJET Journal
This document proposes a new cloud-manager-based encryption scheme (CMReS) to address key management and sharing issues in fully homomorphic encryption. CMReS distributes encryption, decryption, and re-encryption tasks between a trusted Encryption/Decryption Service Provider (EDSP) module and a Re-encryption Service Provider (RSP) module hosted on the cloud. The scheme uses Diffie-Hellman key exchange to generate session keys and one-time passwords for authentication between users and cloud services. Experimental results show the proposed technique reduces delay compared to previous approaches by distributing computational tasks between user devices, the EDSP, and RSP modules.
Lecture on Virtualization and Cloud Computing
Fundamentals of Virtualization
Fundamentals of Cloud Computing
Primer on Virtualization
Technologies of Cloud Computing
SECURITY ANALYSIS AND DELAY EVALUATION FOR SIP-BASED MOBILE MASS EXAMINATION ...ijngnjournal
IP Multimedia Subsystem (IMS) is considered to be one of the important features in Mobile Next Generation Networks (MNGN). It adds value to the mobile services and applications by integrating mobile network resources, such as location, billing and authentication. This is achieved by enabling a third party access to network resources. In previous work [1] we have presented a testbed to be used as platform for testing mobile application prior to actual deployment. We have chosen a novel IMS based MObile Mass EXamination (MOMEX) system to showcase the benefit of designing an IMS based mobile application. We identify two aspects essential to of the application namely security threats and delay analysis. In this paper we identify MOMEX security threats and suggest strategies to mitigate system vulnerabilities. We then
evaluate the performance of MOMEX system in terms of delay and security threats and vulnerabilities. The results presented show system performance limitation and tradeoffs.
Security Analysis and Delay Evaluation for SIP - Based Mobile Mass Examinatio...josephjonse
In Vehicular Ad hoc Networks (VANETs) the mobility of the nodes is the main concern. This mobility of nodes makes the route unstable and unreliable for the information exchange and communication between two nodes in the network. To enhance the performance and throughput of the VANETs, routes between nodes must be reliable and stable. In this paper, we study the significance of path duration and link duration in Vehicular Ad hoc Networks (VANETs). Because of this mobility, connectivity graphs changes very frequently and it affects the performance of VANETs. Therefore, path duration can be used to predict the behaviour of the mobile nodes in the network. Estimation of the path duration in VANETs can be a key factor to improve the performance of the routing protocol. Estimation of path duration is a challenging task to perform as it depends on many parameters including node density, transmission range, numbers of hops, and velocity of nodes. This paper will provide a comprehensive study for estimating the path duration in VANETs.
The document provides a services catalogue from Bhadale IT Pvt. Ltd for Cyber Physical System of Systems (CPSoS). It outlines 11 service offerings within CPSoS planning, architecture, implementation, testing, and industrial solutions. Key services include CPSoS planning and design based on frameworks like NIST, architectural design of individual CPS elements and their mapping, and implementation of CPSoS entities using protocols for data transfer and control. The company provides unit, integration, and user acceptance testing as well as field testing and compliance services for various industrial domains.
This document discusses industrial control system (ICS) cybersecurity. It begins with an introduction to ICS, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and programmable logic controllers (PLC). It then compares ICS and IT security, discussing risks specific to ICS. The document outlines the risk management process and describes ICS security architecture, including network segmentation. It also covers authentication, firewall implementation, and applying the six steps of the NIST risk management framework to implement security controls for ICS.
The document discusses F5 solutions for securing applications in Microsoft Azure. It includes details on F5 products like BIG-IP VE, ASM, AFM, and LTM that can provide capabilities like load balancing, application security, firewall, and traffic inspection for workloads running in Azure. The document also includes requirements for a VDSS and VDMS system for a DOD cloud environment and how different F5 modules map to those requirements.
APPLYING GEO-ENCRYPTION AND ATTRIBUTE BASED ENCRYPTION TO IMPLEMENT SECURE AC...IJCNCJournal
Cloud computing is utility-based computing provides many benefits to its clients but security is one aspect which is delaying its adoptions. Security challenges include data security, network security and infrastructure security. Data security can be achieved using Cryptography. If we include location information in the encryption and decryption process then we can bind access to data with the location so that data can be accessed only from the specified locations. In this paper, we propose a method based on the symmetric cryptography, location-based cryptography and ciphertext policy – Attribute-based encryption (CP-ABE) to implements secure access control to the outsourced data. The Symmetric key is used to encrypt that data whereas CP-ABE is used to encrypt the secret key and the location lock value before uploading on the server. User will download encrypted data and the symmetric secret key XORed with the Location Lock value, using his attributes based secret key he can obtain first XORed value of Symmetric secret key and location lock value. Using anti-spoof GPS Location lock value can be obtained which can be used to retrieve the symmetric secret key. We have adopted Massage Authentication Code (MAC) to ensure Integrity and Availability of the data. This protocol can be used in the Bank, government organization, military services or any other industry those are having their offices/work location at a fixed place, so data access can be bounded to that location.
This document establishes a policy for compiler and interpreter usage within Tier II production centers and platforms in compliance with several IRS regulations. It defines the responsibilities of the Distributed Systems Management Branch (DSMB) in managing Tier II systems, including configuration management and security. The policy outlines initial and periodic audits of compilers and interpreters on Tier II systems to ensure compliance with security standards and prevent unauthorized access. Non-compliance with the policy could compromise the integrity of Tier II systems.
Operating system security (OS security) involves ensuring the integrity, confidentiality, and availability of the OS through measures like regular updates, antivirus software, firewalls, and secure user accounts. The document then discusses security kernels, which provide a small, verified foundation to enforce security policies. It describes the Honeywell Secure Communications Processor (Scomp) system, which implemented a multilevel security model using a security kernel, new hardware mechanisms, and a custom application interface instead of emulating another OS. Scomp's architecture isolated kernel components in separate hardware rings and used hardware to mediate all access to resources according to a mandatory access control policy.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
This document summarizes a research thesis that proposes a trusted cloud computing platform (TCCP) to address critical security issues in cloud computing. The TCCP is designed to provide a closed box execution environment for virtual machines to guarantee confidentiality and integrity of computations outsourced to infrastructure as a service cloud providers. It allows customers to remotely verify whether a cloud provider's backend is running a trusted TCCP implementation before launching a virtual machine. The TCCP leverages advances in trusted computing technologies to securely manage virtual machines and cloud infrastructure through protocols for node registration and virtual machine launch and migration. The goal of the TCCP is to extend the capabilities of traditional trusted platforms to the complex, distributed environments of cloud computing infra
This document provides an analysis of the Hyperledger codebase. It begins with introductions and preliminaries on Hyperledger, including programming languages, databases, cryptography, and infrastructure used. It then discusses the architecture, including components like peers, orderers, chaincode, and consensus algorithms. The document analyzes the code hierarchy and structure, including directories and source lines. It describes the command composition for peer and orderer commands. Finally, it provides details on peers, including the node startup process, ledger initialization, the GRPC server, and block implementation.
The document discusses Bitcoin and Ethereum. It describes how Bitcoin uses proof-of-work mining to validate transactions and add new blocks to the blockchain, providing incentives through block rewards and transaction fees. It also describes Ethereum's ability to run smart contracts through a Turing-complete scripting language, allowing developers to encode arbitrary state transition functions and create decentralized applications. The key differences between the two are that Ethereum supports Turing-completeness, non-value-blind contracts, multi-stage states, and access to blockchain data through its virtual machine.
The document discusses Go programming style and conventions. It covers topics like formatting, comments, naming conventions, control structures, functions, data types, initialization, methods, interfaces, concurrency, and errors. The goal is to explain idioms and best practices for writing effective Go programs that are clear, readable and maintainable.
The document introduces exploitation and provides an overview of key concepts for understanding exploitation, including CPU registers, stack memory, and function flow. Specifically, it discusses (1) what exploitation is and its goals of getting actions to perform, (2) important study points like CPU registers and understanding the stack, and (3) how the stack stores information for functions and passes arguments between them.
The document outlines the stages of a penetration test on a demo website http://demo.testfire.net. It discusses: 1) introduction to penetration testing and the test site; 2) pre-ready activities like setting the target and crawling; 3) exploitation techniques such as acquiring sensitive data, directory listing, SQL injection; and 4) reporting vulnerabilities found. The document provides details on specific exploitation methods and vulnerabilities discovered during the test.
This document discusses Subversion (SVN), including the SVN cycle of checking code into a repository, updating to different versions, and committing changes. It also covers setting the SVN editor, checking into and updating from repositories, committing new and deleted files, and tools for SVN. Precautions mentioned include making backups and avoiding conflicts when multiple users make changes.
This document contains summaries of cyber security and IoT security topics including exploitation techniques like buffer overflows and shellcode, web vulnerabilities like SQL injection and cross-site scripting, network security topics such as IoT architecture and device security, and analysis methods for evaluating threats. It outlines common attacks and defenses for various technologies and provides overviews of trends in security research.
wordpress with nginx on virtualization, jailJongseok Choi
This document describes how to set up a FreeBSD jail to host a WordPress site using Nginx and PHP-FPM. It includes steps for creating the jail using ZFS, installing a FreeBSD base system, configuring network interfaces and jail, installing Nginx, PHP-FPM, MySQL, and WordPress, and configuring the web server and database. The host system is configured to proxy and route requests to the jail using Nginx and PF.
The document discusses virtualization technologies including application virtual machines, virtual environments, and jail virtualization using FreeBSD. It provides steps for creating a FreeBSD jail within a ZFS filesystem for virtualization and isolation of operating system instances. Configuration options are also listed to enable and customize the jail.
ESPP presentation to EU Waste Water Network, 4th June 2024 “EU policies driving nutrient removal and recycling
and the revised UWWTD (Urban Waste Water Treatment Directive)”
When I was asked to give a companion lecture in support of ‘The Philosophy of Science’ (https://shorturl.at/4pUXz) I decided not to walk through the detail of the many methodologies in order of use. Instead, I chose to employ a long standing, and ongoing, scientific development as an exemplar. And so, I chose the ever evolving story of Thermodynamics as a scientific investigation at its best.
Conducted over a period of >200 years, Thermodynamics R&D, and application, benefitted from the highest levels of professionalism, collaboration, and technical thoroughness. New layers of application, methodology, and practice were made possible by the progressive advance of technology. In turn, this has seen measurement and modelling accuracy continually improved at a micro and macro level.
Perhaps most importantly, Thermodynamics rapidly became a primary tool in the advance of applied science/engineering/technology, spanning micro-tech, to aerospace and cosmology. I can think of no better a story to illustrate the breadth of scientific methodologies and applications at their best.
What is greenhouse gasses and how many gasses are there to affect the Earth.moosaasad1975
What are greenhouse gasses how they affect the earth and its environment what is the future of the environment and earth how the weather and the climate effects.
Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...Travis Hills MN
Travis Hills of Minnesota developed a method to convert waste into high-value dry fertilizer, significantly enriching soil quality. By providing farmers with a valuable resource derived from waste, Travis Hills helps enhance farm profitability while promoting environmental stewardship. Travis Hills' sustainable practices lead to cost savings and increased revenue for farmers by improving resource efficiency and reducing waste.
ANAMOLOUS SECONDARY GROWTH IN DICOT ROOTS.pptxRASHMI M G
Abnormal or anomalous secondary growth in plants. It defines secondary growth as an increase in plant girth due to vascular cambium or cork cambium. Anomalous secondary growth does not follow the normal pattern of a single vascular cambium producing xylem internally and phloem externally.
This presentation explores a brief idea about the structural and functional attributes of nucleotides, the structure and function of genetic materials along with the impact of UV rays and pH upon them.
Unlocking the mysteries of reproduction: Exploring fecundity and gonadosomati...AbdullaAlAsif1
The pygmy halfbeak Dermogenys colletei, is known for its viviparous nature, this presents an intriguing case of relatively low fecundity, raising questions about potential compensatory reproductive strategies employed by this species. Our study delves into the examination of fecundity and the Gonadosomatic Index (GSI) in the Pygmy Halfbeak, D. colletei (Meisner, 2001), an intriguing viviparous fish indigenous to Sarawak, Borneo. We hypothesize that the Pygmy halfbeak, D. colletei, may exhibit unique reproductive adaptations to offset its low fecundity, thus enhancing its survival and fitness. To address this, we conducted a comprehensive study utilizing 28 mature female specimens of D. colletei, carefully measuring fecundity and GSI to shed light on the reproductive adaptations of this species. Our findings reveal that D. colletei indeed exhibits low fecundity, with a mean of 16.76 ± 2.01, and a mean GSI of 12.83 ± 1.27, providing crucial insights into the reproductive mechanisms at play in this species. These results underscore the existence of unique reproductive strategies in D. colletei, enabling its adaptation and persistence in Borneo's diverse aquatic ecosystems, and call for further ecological research to elucidate these mechanisms. This study lends to a better understanding of viviparous fish in Borneo and contributes to the broader field of aquatic ecology, enhancing our knowledge of species adaptations to unique ecological challenges.
hematic appreciation test is a psychological assessment tool used to measure an individual's appreciation and understanding of specific themes or topics. This test helps to evaluate an individual's ability to connect different ideas and concepts within a given theme, as well as their overall comprehension and interpretation skills. The results of the test can provide valuable insights into an individual's cognitive abilities, creativity, and critical thinking skills
Phenomics assisted breeding in crop improvementIshaGoswami9
As the population is increasing and will reach about 9 billion upto 2050. Also due to climate change, it is difficult to meet the food requirement of such a large population. Facing the challenges presented by resource shortages, climate
change, and increasing global population, crop yield and quality need to be improved in a sustainable way over the coming decades. Genetic improvement by breeding is the best way to increase crop productivity. With the rapid progression of functional
genomics, an increasing number of crop genomes have been sequenced and dozens of genes influencing key agronomic traits have been identified. However, current genome sequence information has not been adequately exploited for understanding
the complex characteristics of multiple gene, owing to a lack of crop phenotypic data. Efficient, automatic, and accurate technologies and platforms that can capture phenotypic data that can
be linked to genomics information for crop improvement at all growth stages have become as important as genotyping. Thus,
high-throughput phenotyping has become the major bottleneck restricting crop breeding. Plant phenomics has been defined as the high-throughput, accurate acquisition and analysis of multi-dimensional phenotypes
during crop growing stages at the organism level, including the cell, tissue, organ, individual plant, plot, and field levels. With the rapid development of novel sensors, imaging technology,
and analysis methods, numerous infrastructure platforms have been developed for phenotyping.
4. oneM2M 기술은 다양한 제품간 연결성을 바탕으로 새로운 제품 및 서비스로 손쉽게 확장 가능
IoT 플랫폼 보안 - OneM2M 플랫폼
WLAN
PAN
(Bluetooth)
Mobile Network
(LTE)WLAN/ZigBee
“내 손안의 우리 집” “즐겁고 편한 운전 환경”“편리한 건강 관리”
Smart Home Smart CarHealthcare
Common Service Layer
“플랫폼 공통화 고객의 가치 창조하는 새로운 M2M 서비스 창출 가능”
Module
Module Module Module Module Module
Module
Module
Module
Module
Module
Module
Module
Module
Module
I. Introduction of OneM2M
5. oneM2M Common Service Function oneM2M 핵심 요소 기술
스마트폰스마트가전
Access Networks (2G/3G/LTE/WiFi/ZigBee)
Common Service Functions
스마트
그리드
헬스케어스마트홈
보안
스마트카
자동차센서
식별 체계
Delivery
Handling
자원 탐색 데이터 관리 그룹 관리
위치 정보 네트워크 연동 장치 관리
데이터 서비스
부가 서비스
네트워크 서비스
• 데이터 탐색/저장/접근제어 기술
• 데이터 분석 기술 (Big Data)
• 위치 정보 제공 기술
• 원격 장치 관리 기술
• 액세스 네트워크 (3GPP) 연동 기술
• QoS, Multicast/Broadcast 제어 기술
공통 서비스
• 어플리케이션 보안성 제공
• 글로벌 식별 체계 및 Delivery Handling
Application
M2M
서비스
플랫폼
Access
Network
Device/
Module
M2M
주요 서비스
• 스마트 홈, 스마트 카
• 스마트 그리드, 헬스케어
WAN /
HAN
• Cellular Network (2G / 3G / LTE)
• Wi-Fi / ZigBee / Bluetooth
M2M Device/
Gateway
• Smart TV, Smart Phone
• Smart Meter, Health Sensor
• Smart Gateway
IoT 플랫폼 보안 - OneM2M 플랫폼
I. Introduction of OneM2M
6. IoT 플랫폼 보안
6
사물인터넷 플랫폼 보안 기술 정의 사례 2
OneM2M 보안 기술
– Privacy/Trust 관리 기술
– 인증/인가 기술
– 안전한 데이터 전송 기술
– 시스템 보안 기술
– Security Association 기술
Infrastructure
domain
Field
domain
Non-oneM2M
Device
Non-oneM2M
Device
Non-oneM2M
Device
Non-oneM2M
Device
To an
Infrastructure
Node of other
M2M Service
Providers
IN-AE Mca
Infrastructure
Node(IN)
IN-AE
IN-CSE
Mca
Middle
Node(IN)
MN-CSE
MN-AE
Mca
Middle
Node(IN)
Mca
Mca
Mca
MN-CSE
MN-AE
Application
Dedicated
Node
(ADN)
ADN-AE
Mca
Application
Service
Node
(ASN)
ASN-AE
ASN-CSE
Application
Dedicated
Node
(ADN)
ADN-AE
Mca
Application
Service
Node
(ASN)
ASN-AE
ASN-CSE
Mcc’
Mcn
Mcc
Mcc
Mcc
McnMcn Mcc
Mcc
Mcn Mcn
Link is out of scope
Application
Entity (AE)
Mca Reference Point
Mcn Reference Point
Common Services Entity (CSE)
Application and
Service Layer
Management
Communication
Management/
Delivery Handling
Data Management
& Repository
Device
Management
Discobery
Group
Management
Location
Network Service
Exposure/Service
Ex+Triggering
Registration Security
Service Charging &
Accounting
Subscription and
Notification
Underlying Network
Service Entity (NSE)
II. OneM2M Security
7. Common Service Functions
7
Application
Entity (AE)
Mca Reference Point
Mcn Reference Point
Common Services Entity (CSE)
Application and
Service Layer
Management
Device
Management
Discovery
Group
Management
Location
Network Service
Exposure/Service
Ex+Triggering
Registration Security
Underlying Network
Service Entity (NSE)
Mcc Reference Point
The services provided by the Common Services Layer in the M2M System.
Reside within a CSE and are referred to as Common Services Functions (CSFs).
The CSFs provide services to the AEs via the Mca Reference Point and to other
CSEs via Mcc reference point.
CSEs interact with the NSE via the Mcn reference point.
Communication
Management/
Delivery Handling
Data Management
& Repository
Service Charging &
Accounting
Subscription and
Notification
I. Introduction of OneM2M
8. Common Service Functions - ASM
8
The ASM CSF provides management capabilities for CSEs and AEs.
This includes capabilities to configure, troubleshoot and upgrade the functions of
the CSE, as well as to upgrade the AEs.
The management functions include :
• Configuration Function (CF): This function enables the configuration of the capabilities
and features of the CSE.
• Software Management Function (SMF): This function provides lifecycle management for
software components and associated artifacts (e.g. configuration files) for different
entities such as CSE and AE.
Application and Service Layer Management(ASM)
I. Introduction of OneM2M
9. Common Service Functions – CMDH, DMR
9
• The CMDH CSF provides communications with other CSEs, AEs and NSEs.
• The CMDH CSF decides at what time to use which communication connection
for delivering communications and, when needed and allowed, to buffer
communication requests so that they can be forwarded at a later time. This
processing in the CMDH CSF is carried out per the provisioned CMDH
policies and delivery handling parameters that can be specific to each request
for communication.
The Communication Management and Delivery Handling (CMDH)
Data Management and Repository (DMR)
• DMR CSF is responsible for providing data storage and mediation functions.
• Ability to store data in an organized fashion so it is discernible.
• Provides the means to aggregate data received from different entities.
• Ability to grant access to data from remote CSEs and AEs based on defined
access control policies, and trigger data processing based on data access.
• Ability to provide the means to perform data analytics on large amount of data
to allow service providers to provide value-added services.
I. Introduction of OneM2M
10. Common Service Functions – DMG
10
Device Management (DMG)
• The DMG CSF provides management of device capabilities on MNs (e.g.
M2M Gateways), ASNs and ADNs (e.g. M2M Devices), as well as devices that
reside within an M2M Area Network.
Discovery (DIG)
• The DIS CSF searches information about applications and services as
contained in attributes and resources.
I. Introduction of OneM2M
11. Common Service Functions – DIS, GMG, LOC
11
• The DIS CSF searches information about applications and services as
contained in attributes and resources.
• The result of a discovery request from an Originator depends upon the filter
criteria(e.g. a combination of keywords, identifiers, location and semantic
information) and is subject to access control policy allowed by M2M Service
Subscription.
Discovery (DIG)
Group Management (GMG)
• The GMG CSF is responsible for handling group related requests.
• The GMG CSF enables the M2M System to perform bulk operations on multiple
devices, applications or resources that are part of a group. In addition, the GMG
CSF supports bulk operations to multiple resources of interest and aggregates
the results.
• The Location (LOC) CSF allows AEs to obtain geographical location
information of Nodes (e.g. ASN, MN) for location-based services.
Location (LOC)
I. Introduction of OneM2M
12. Network Service Exposure, Service Execution and Triggering (NSSE)
Common Service Functions – NSSE, REG, SEC
12
• The NSSE CSF manages communication with the Underlying Networks for
obtaining network service functions on behalf of other CSFs, remote CSEs or
AEs.
• The NSSE CSF uses the Mcn reference point for communicating with the
Underlying Networks.
Registration (REG)
• The Registration (REG) CSF processes a request from an AE or another CSE
to register with a Registrar CSE in order to allow the registered entities to use
the services offered by the Registrar CSE.
The Security (SEC) CSF comprises the following functionalities:
• Sensitive data handling
• Security administration
• Security association establishment
• Access control including identification, authentication and authorization
• Identity management
Security (SEC)
I. Introduction of OneM2M
13. • The Service Charging and Accounting (SCA) CSF provides charging functions
for the Service Layer.
• The SCA CSF performs information recording corresponding to a chargeable
event based on the configured charging policies.
• The SCA CSF sends the charging information transformed from the specific
recorded information to the billing domain by the use of a standard or
proprietary interface for charging purposes.
Common Service Functions – SCA, SUB
13
Subscription and Notification (SUB)
• The SUB CSF manages subscriptions to resources, subject to access control
policies, and sends corresponding notifications to the address(es) where the
resource subscribers want to receive them.
Service Charging and Accounting (SCA)
I. Introduction of OneM2M
15. IoT 플랫폼 보안
15
사물인터넷 플랫폼 보안 기술 정의 사례 3
OneM2M Security Architecture
Security Services
Security API (Mca, Mcc) (not specified in the present document)
Security Functions Layer
Identification
And
Authentication
Authorization Identity
Management
Security
Association
Sensitive Data
Handling
Security
Administration
Secure Environment Abstraction Layer (not specified in the present document)
Secure Environments Layer
Secure Environment n
Sensitive Data Sensitive Functions
II. OneM2M Security
16. Security Layers
Security Function Layer
▪ a set of security functions that are exposed at reference point Mca
and Mcc.
Security Environment Abstraction Layer
▪ security capabilities such as key derivation, data encryption/
decryption, signature generation/verification, security credential
read/write from/to the Secure Environments, and so on.
Secure Environment Layer
▪ provide various security services related to sensitive data storage and
sensitive function execution.
17. Security Function Layer
Identification and Authentication
▪ identification and mutual authentication of CSEs and Aes
▪ validating if the identity supplied in the identification step is
associated with a trustworthy credential.
Authorization
▪ authorizing services and data access to authenticated entities
according to provisioned Access Control Policies (ACPs) and
assigned roles.
Identity Management
▪ oneM2M identities/identifiers to the requesting entity
Security Association
▪ Secure Connection via secure session establishment.
Sensitive Data Handling
▪ Sensitive Functions protection and secure storage.
Security Administration
▪ remote security provisioning
18. Identity Management
18
Identity Management function defines many M2M
M2M Identifiers
Application Entity Identifier(AE-ID)
Application Identifier(App-ID)
CSE-Identifier(CSE-ID)
M2M Node Identifier(M2M-Node-ID)
M2M Service Subscription Identifier(M2M-Sub-ID)
M2M Request Identifier(M2M-Request-ID)
M2M External Identifier(M2M-Ext-ID)
Underlying Network Identifier(UNetwork-ID)
Trigger Recipient Identifier(Trigger-Recipient-ID)
M2M Service Identifier(M2M-Sev-ID)
Service Role Identifier(SRole-ID)
M2M Service Profile Identifier(M2M-Service-Profile-ID)
III. OneM2M Identifiers
19. M2M Identifiers on OneM2M
19
Application Entity Identifier(AE-ID)
An Application Entity Identifier (AE-ID) uniquely identifies an AE
resident on an M2M Node.
AE-ID is globally unique within/outside M2M SP domain
Application Identifier(App-ID)
An Application Identifier (App-ID) uniquely identifies an M2M
Application in a given context.
Two Type
App-ID(Registered App-ID) : guarantee to be globally unique.
Non-Registered App-ID : not guarantee to be globally unique.
III. OneM2M Identifiers
20. M2M Identifiers on OneM2M
20
CSE-Identifier(CSE-ID)
A CSE shall be identified by a globally unique identifier, the CSE-ID,
when instantiated within an M2M Node in the M2M System.
The CSE-ID is globally unique, when used internally within/outside a
specific M2M SP domain.
The CSE-ID shall identify the CSE for the purpose of all interactions
from/to the CSE within the M2M System.
M2M Node Identifier(M2M-Node-ID)
An M2M Node, hosting a CSE and/or Application(s) shall be identified by
a globally unique identifier, the M2M-Node-ID.
The M2M System shall allow the M2M Service Provider to set the CSE-
ID and the M2M-Node-ID to the same value.
The M2M-Node-ID enables the M2M Service Provider to bind a CSE-ID
to a specific M2M Node.
Examples of allocating a globally unique M2M-Node-ID include the use of
Object Identity (OID) and IMEI. For details on OID,
III. OneM2M Identifiers
21. M2M Identifiers on OneM2M
21
M2M Service Subscription Identifier(M2M-Sub-ID)
The M2M-Sub-ID enables the M2M SP to bind application(s) to a
particular M2M Service Subscription between an M2M subscriber and
the M2M Service Provider.
The M2M-Sub-ID is unique for every M2M subscriber.
Characteristics:
belongs to the M2M Service Provider;
identifies the subscription to an M2M Service Provider;
enables communication with the M2M Service Provider;
can differ from the M2M Underlying Network Subscription Identifier.
There can be multiple M2M Service Subscription Identifiers per M2M
Underlying Network subscription. The M2M-Sub-ID shall not be
exposed over any interface.
III. OneM2M Identifiers
22. M2M Identifiers on OneM2M
22
M2M Request Identifier(M2M-Request-ID)
The M2M-Request-ID tracks a Request initiated by an AE over the Mca
reference point, and by a CSE over the Mcc reference point
To enable an AE to track Requests and corresponding Responses over
the Mca reference point, AEs shall include a distinct M2M Request
Identifier per request
M2M External Identifier(M2M-Ext-ID)
The M2M-Ext-ID is used by an M2M SP when services are requested
from the Underlying Network.
allows the Underlying Network to identify the M2M Device (e.g. ASN,
MN) associated with the CSE-ID.
For each CSE-ID, there is only one M2M-Ext-ID for a specific UNetwork-ID.
The mapping by the Underlying Network of the M2M-Ext-ID to the M2M Device is
Underlying Network specific.
The Underlying Network provider and the M2M SP collaborate for the assignment of
an M2M-Ext-ID to each CSE.
III. OneM2M Identifiers
23. M2M Identifiers on OneM2M
23
Underlying Network Identifier(UNetwork-ID)
The UNetwork-ID is used for identifying an Underlying Network.
UNetwork-ID is a static value and unique within a M2M Service Provider
domain.
For example, based on "policy", scheduling of traffic triggered by a
certain event category in certain time periods may be allowed over
Underlying Network "WLAN”.
Trigger Recipient Identifier(Trigger-Recipient-ID)
The Trigger-Recipient-ID is used to identify an instance of an ASN/MN-
CSE on an execution environment.
For example, when 3GPP device triggering is used, the Trigger-
Recipient-ID maps to the AppID
For pre-provisioned M2M-Ext-IDs, Trigger-Recipient-ID is provisioned at the
Infrastructure Node along with the M2M-Ext-ID and the associated CSE-ID.
For dynamic M2M-Ext-IDs, Trigger-Recipient-ID specific to the Underlying Network is
provisioned at each M2M device in the Field Domain. Such Trigger-Recipient-ID is
conveyed to the IN-CSE during CSE Registration
III. OneM2M Identifiers
24. M2M Identifiers on OneM2M
24
M2M Service Identifier(M2M-Sev-ID)
The M2M-Serv-ID is an identifier of a M2M Service offered by an
M2M SP.
It is an essential part of the M2M Service Subscription which stores a
set of M2M-Serv-IDs pertaining to the set of subscribed services.
Service Role Identifier(SRole-ID)
The Service Role Identifier shall be used for service access
authorization.
In each M2M Service, one or multiple M2M Service Role(s) shall be
defined by the M2M Service Provider.
An M2M Service Role is defined as a create permission pertaining to
resource types which are associated with M2M Service.
III. OneM2M Identifiers
25. M2M Identifiers on OneM2M
25
M2M Service Profile Identifier(M2M-Service-Profile-ID)
An M2M Service Profile Identifier defines M2M Service Roles as well
as applicable rules governing the AEs registering with M2M Nodes
and the AEs residing on these nodes.
Every M2M Service Profile is allocated an identifier so it can be
retrieved for verification purposes.
belongs to the M2M Service Provider;
identifies the M2M Service Roles as well as applicable rules governing AEs
registering with an M2M node. The M2M Service Roles define the M2M Services
authorized for the M2M Service Profile
III. OneM2M Identifiers
27. Access Control Policy
For access to ACP resource type
▪ Evaluate to “Permi” for at least one selfPrivileges attributes
For other resource type
▪ Evaluate to “Permit” for at least one privileges attributes
For access decision
▪ The Access control mechanism assembles the information
• Resource access request message
• Contextual information
28.
29. Details of Authorization
Privilege and selfPrivileges attributes comprises a set of access control
rules
▪ acrs = { acr(1), acr(2), ..., acr(K) }
A Couple of parameters
▪ acr(k) = { acr(k)_accessControlOriginators,
acr(k)_accessControlOperations}
A 3-tuple of parameters
▪ acr(k) = { acr(k)_accessControlOriginators,
acr(k)_accessControlOperations,
acr(k)_accessControlContexts}
31. Access decision
The overall result of the access decision algorithm is denoted here with
the variable name res_acrs:
▪ If the request matches the access control rules
• TRUE or 1
▪ Else
• FALSE or 0
32. Access Decision
32
OneM2M Security Functions Layer
Authorization Procedure
Policy Enforcement Point(PEP)
Policy Decision Point(PDP)
Policy Retrieval Point(PRP)
Policy Information Point(PIP)
PDP 가 인가를 하기 위
해 PRP,PIP에게 정보를
언어오는 단계
PDP 가 접근 허용여부
를 결정하는 단계
II. OneM2M Security
33. Description of the Access Decision Algorithm
ACPs as defined in XACML
an <accessControlPolicy> resource represents a set of access control
rules, acrs
▪ 1) If a decision is "Permit" for only a single access control rule
included in the privileges (or selfPrivileges) attribute of a single ACP,
the result is "Permit".
Decision of Access Control Rule
▪ res_acrs = res_acr(1) or res_acr(2) ... or res_acr(K)
• res_acr(i) = res_origs(i) and res_ops(i) and res_ctxts(i)
where i = 1...K.
37. AE Impersonation Prevention
Since several AEs can behave maliciously and pretend to be another
AE with their ID changed, Receiver CSE needs prevention mechanism
for AE impersonation.
38. Security Association
38
OneM2M Security Functions Layer
Authentication
• UN-SP : Underlying Network Service provider
• GBA : Generic Bootstrapping Architecture
• MEF : M2M enrolment function
• BSF : Bootstrap service function
• MAF : m2m authentication function
• RSPF : remote security provisioning framework
• SAEF : security association establishment framework
① Provisioned Symmetric Key
Security Association Establishment
Framework
미리 제공된 대칭키를 이용하
여 end-points간의 association
진행
② Certificate-Based Security security
Association Establishment
Framework
개인 서명키와 인증서, 공개키
를 이용하여 association
③ MAF Security security Association
Establishment Framework
3rd party service provider에 의
해서 진행됨
셋 중에 하나 사용
Certificate-Based SAEF와 Symmetric Key-
Based SAEF는 Entity 간의 인증을 수행
MAF-Based SAEF는 3자간
인증을 수행
II. OneM2M Security
39. Security Association
39
All type of Association Establishment Frameworks
General description of SAEF
– Credential Configuration
• 사전 파라미터 설정 단계
– Association Configuration
• 상대방 정보 송수신
– Association Security Handshake
• 상호 인증
II. OneM2M Security
40. Based on Provisioned Symmetric Key
40
NOTE: The following font colours
differentiate the general topic that
the text relates to:
Blue italic text highlights details
specific to this particular Security
Association Establishment
Framework.
Purple italic text highlights technical
actions that may include steps not
specified by oneM2M.
Red italic text highlights security-
related properties.
41. Based on Certificate
41
NOTE: The following font colours differentiate the
general topic that the text relates to:
Blue italic text highlights details specific to this
particular Security Association Establishment
Framework.
Purple italic text highlights technical actions that
may include steps not specified by oneM2M.
Red italic text highlights security-related properties.
42. Based on MAF(M2M Authentication Function)
42
NOTE: The following font colours differentiate the
general topic that the text relates to:
Blue italic text highlights details specific to this
particular Security Association Establishment
Framework.
Purple italic text highlights technical actions that
may include steps not specified by oneM2M.
Red italic text highlights security-related
properties.
43. Sensitive Data Handling
This function provides data protection and secure storage.
▪ For the protection, oneM2M classfy the protection levels according to
the kinds of data.
44. Security Administration
For security administration
▪ oneM2M performs Remote Secuirty Provisioning Frameworks. They
consist of the three types
• Based on symmetric key
• Based on Certificate
• Based on GBA(General Bootstrapping Architecture)
46. Based on Symmetric Key
46
NOTE: The following font colours differentiate the
general topic that the text relates to:
Blue italic text highlights details specific to this
particular Security Association Establishment
Framework.
Purple italic text highlights technical actions that
may include steps not specified by oneM2M.
Red italic text highlights security-related
properties.
47. Based on Certificate
47
NOTE: The following font colours differentiate the
general topic that the text relates to:
Blue italic text highlights details specific to this
particular Security Association Establishment
Framework.
Purple italic text highlights technical actions that
may include steps not specified by oneM2M.
Red italic text highlights security-related
properties.
48. Based on GBA
48
NOTE: The following font colours differentiate the
general topic that the text relates to:
Blue italic text highlights details specific to this
particular Security Association Establishment
Framework.
Purple italic text highlights technical actions that
may include steps not specified by oneM2M.
Red italic text highlights security-related
properties.
The M2M-Request-ID tracks a Request initiated by an AE over the Mca reference point, and by a CSE over the Mcc reference point, if applicable, end to end. It is also included in the Response to the Request over the Mca or Mcc reference points.
To enable an AE to track Requests and corresponding Responses over the Mca reference point, AEs shall include a distinct M2M Request Identifier per request over the Mca Reference point to the CSE for any initiated request.
The CSE shall make such M2M Request Identifier unique by prepending the CSE-relative AE-ID (see clause 7.2) in front of it.
If the CSE creates an M2M Request Identifier, then the CSE shall maintain a binding between the M2M Request Identifier received from the AE and the M2M Request Identifier it created in its interactions towards other peer CSEs. The CSE shall include the M2M Request Identifier received from the AE in its Response to the AE. This binding shall be maintained by the CSE until the Request message sequence is completed. Note that the Request initiated by the CSE could be the result of an application Request, or a request initiated autonomously by the CSE to fulfil a service.
In case an IN-CSE needs to send a request to a receiving CSE that is not reachable over any of the underlying networks, the IN-CSE initiates the procedure for "waking up" the Node hosting the receiving CSE by using procedures such as device triggering over the Mcn reference point. For Device Triggering, the triggering reference number to co-relate device triggering response is independent of the M2M Request Identifier. An IN-CSE may use the same value of an M2M-Request-Identifier in an incoming request for the triggering reference number in its interaction with the underlying network.
A CSE receiving a Request from a peer CSE shall include the received M2M Request Identifier in all additional Requests unspanned (i.e. 1:1) it has to generate (including propagation of the incoming Request) and that are associated with the incoming Request, where applicable.
If a Receiver CSE receives a request from an Originator for which another request with the same Request Identifier is already pending, the request shall be rejected. Otherwise - even if the same Request Identifier was already used by the same Originaor sometime in the past, the request shall be treated as a new request.
The UNetwork-ID is used for identifying an Underlying Network. UNetwork-ID is a static value and unique within a M2M Service Provider domain.
One or more Underlying Networks may be available at an M2M Node offering different sets of capabilities, availability schedules etc. Based on the "policy" information at the Node and the capabilities offered by the available Underlying Networks, appropriate Underlying Network can be chosen by using UNetwork-ID. For example, based on "policy", scheduling of traffic triggered by a certain event category in certain time periods may be allowed over Underlying Network "WLAN" but may not be allowed over Underlying Network "2G Cellular".
The M2M-Serv-ID is an identifier of a M2M Service offered by an M2M SP. It is an essential part of the M2M Service Subscription which stores a set of M2M-Serv-IDs pertaining to the set of subscribed services. Beyond the set of services depicted in the present document it shall be possible for an M2M Service Provider to offer other services. Those will be identified by means of M2M SP specific M2M-Serv-IDs.
An M2M Service Profile Identifier defines M2M Service Roles (see annex G), as well as applicable rules governing the AEs registering with M2M Nodes and the AEs residing on these nodes. Every M2M Service Profile is allocated an identifier so it can be retrieved for verification purposes.
The M2M-Service-Profile-ID enables the M2M Service Provider to bind AE(s), applicable rules to these AEs, as well as M2M Service Roles to M2M nodes.
An M2M-Service-Profile-ID shall be allocated to every M2M Node. The M2M Service Profile Identifier has the following characteristics:
belongs to the M2M Service Provider;
identifies the M2M Service Roles as well as applicable rules governing AEs registering with an M2M node. The M2M Service Roles define the M2M Services authorized for the M2M Service Profile (see annex G).