IEEE 802.16ppc-10/0060r1 Project IEEE 802.16 Broadband Wireless Access Working Group <http://ieee802.org/16> Title Suggested Enhancements on Requirements for M2M Security Date Submitted 2010-09-09 Source(s) Kerstin Johnsson, Nageen Himayat, Shilpa Talwar E-mail: kerstin.johnsson@intel.com Intel Corp. Re: Requirements for M2M Security Abstract Response to call for requirements Purpose For review and adoption into the IEEE 802.16p Systems Requirements Document Notice Release Patent Policy This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.16. The contributor is familiar with the IEEE-SA Patent Policy and Procedures: <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>. Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat>. 1 Background The security requirements for M2M vary with use case. For example, in mHealth applications security is extremely important, both in terms of the physical integrity of the device as well as for the connection with the M2M server. However, there are also M2M use cases where security is far less important, particularly when weighed against the “power cost” of establishing security. For example, there are M2M use cases where sensors are deployed “en masse” across a large environment, and those sensors transmit “real data” only very rarely. When “real data” is transmitted, the network may require/desire the standard level of security. However, in between those data transmissions, the network may still want to hear that the sensors are alive. These “alive” messages do not contain sensitive data, thus in an effort to conserve power (both in terms of total awake time and in transmission power), the network may desire to forgo the full security suite opting instead for a lower, more time/power efficient security profile. 2 Text Proposal Modify the functional requirements described in Section 6.1 as shown. 1 IEEE 802.16ppc-10/0060r1 -------------------------- Begin Text Proposal ------------------------------- 6.4 Security Support 6.4.1 The 802.16p system amendment should shall support the M2M device authentication. 802.16p system shall support an M2M device authentication which includes a device validity check in cooperation between the device and the network. 6.4.2 The 802.16p system amendment should shall support verification and validation of the exchanged data for M2M services. 6.4.3 The protocol 802.16p system should shall support efficient security for small burst transmissions. 6.4.4 The 802.16p system shall include a security function to provide protection and confidentiality of M2M device-generated traffic and its related data (e.g. location privacy, M2M device identity). 6.4.5 The 802.16p system shall support lowered security requirements for certain M2M connections. 6.4.6 The 802.16p system shall support reduced security signaling for faster network entry of M2M connections. ----------------------------- End Text Proposal ---------------------------------- 2