PN-4940.022: Smart Device Communications; Securing and Deploying Applications
1
2
3
4
5
6
It is convenient to omit the Table of Contents during document development. An automatically generated Table of Contents may be inserted here by updating the document custom property 'Status' to anything other than 'draft' and then updating this field.
Add TOC.
Contents | i

PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
1
2
3
4
5
6
It is convenient to omit the lists during document development. An automatically generated list may be inserted here by updating the document custom property 'Status' to anything other than 'draft' and then updating this field.
Add List of Figures
Add TOC. List of Figures | ii

PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
1
2
3
4
5
6
7
8
9
10
11
12
13
(This foreword is not part of this Standard.)
This document was formulated under the cognizance of the TIA Committee
TR-50, Smart Device Communications.
This section only exist in part 000 since part 000 will always be updated and published with each revision.The document contains informative annexes.
Suggestions for improvement of this document are welcome, and should be sent to:
Telecommunications Industry Association,
Standards and Technology,
2500 Wilson Boulevard, Suite 300
Arlington, VA 22201-3834
Foreword | iii

PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
1
2
9
10
11
12
13
14
15
16
3
4
5
6
7
8
This document is a member of a multi-part standard that, when taken in total, defines the requirements for communications pertaining to the access agnostic
(e.g. PHY and MAC agnostic) monitoring and bi-directional communication of events and information between smart devices and other devices, applications and networks.
The objective of creating the deploying and securing applications document is to enable organizations to increase security when deploying applications across a hostile network.
[This standard provides a common foundation for personnel who support or use risk management processes for IT systems.] Or consider deleting this paragraph.
17
Scope | iv

PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
1
2
3
4
5
6
13
14
15
16
17
18
19
7
8
9
10
11
12
This standard is designed to build on existing cyber security policies and procedures, help organize and clarify risk management goals, and provide a consistent approach in which to make risk decisions.
The guidance provided in this standard is intended to address only the management of cyber security related risk derived from or associated with the operation and use of information technology and systems and/or the environments in which they operate. The guidance is not intended to replace or subsume other risk-related activities, programs, processes, or approaches that organizations have implemented or intend to implement addressing areas of risk management covered by other legislation, regulation, policies, programmatic initiatives, or mission and business requirements. Additionally, this guidance is not part of any regulatory framework. Rather, the cyber security risk mitigation guidance described herein is complementary to and should be used as part of a more comprehensive enterprise risk management program.
Scope | v

PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
15
16
17
18
4
5
6
7
8
9
10
11
12
13
14
19
1
2
3
20
21
The following standards contain provisions which, through reference in this text, constitute provisions of this Standard. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this Standard are encouraged to investigate the possibility of applying the most recent editions of the standards indicated below. ANSI and TIA maintain registers of currently valid national standards published by them, respectively.
References are either specific (identified by date of publication, release level, etc.) or non-specific. For a specific reference, subsequent revisions do not apply. For a non-specific reference, the latest version applies: a non-specific reference implicitly refers to the latest version. a) TIA-4940.000: Smart Device Communications;
List of Parts. b) TIA-4940.005: Smart Device Communications;
Reference Architecture
The following documents may be useful to the reader
[a] Non identified at this time
Scope | vi

PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
2
3
4
5
1
12
13
14
15
16
17
18
19
20
21
22
23
24
10
11
6
7
8
9
31
32
33
34
25
26
27
28
29
30
35
36
37
This section contains definitions, symbols and abbreviations that are used in this document.
Cleartext : Data that can be read and understood without any special measures.
This term is used interchangeable with “plaintext” in this document.
Encryption : The method of disguising plaintext in such a way as to hide its body, identity or the actual content of the text.
Ciphertext : Encrypting plaintext results in unreadable text.
Cipher : An algorithm for performing encryption (reverse is decryption).
Decryption : The process of reverting ciphertext to its original plaintext.
Cryptology : Study of both cryptography and cryptanalysis.
Cryptography: The science of using mathematics to secure data via encrypting and decrypting data.
Cryptanalysis: The science of analyzing and breaking secure communication.
Cryptographic algorithm/cipher : A mathematical function used in the encryption and decryption process.
Public Key Infrastructure: PKI is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke Digital Certificates. A Public Key Infrastructure (PKI) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority .
Key : A value that works with a cryptographic algorithm to produce a specific ciphertext.
Symmetric Cryptography: One secret key is used both for encryption and decryption.
Asymmetric Cryptography : Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption.
Digital Signature : Enables the recipient of information to verify the authenticity of the information’s origin, and also verify that the information is intact.
Authentication: The process of verifying the identity of entity.
Integrity: The assurance to an entity that data has not been altered
(intentionally or unintentionally) between “there” and “here” or between
“then” and “now.”
Ошибка! Текст указанного стиля в документе отсутствует.
| 7

9
10
11
12
13
6
7
8
1
2
3
4
5
14
15
20
21
22
23
24
16
17
18
19
25
26
27
28
29
30
31
32
PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
Confidentiality: The assurance to an entity that no one can read a particular piece of data except the receiver(s) explicitly intended .
Non-Repudiation : Ensures that an author cannot refute that they signed or encrypted a particular message once it has been sent, assuming the private key is secured.
Hash : A one-way function takes variable-length input and produces a fixedlength output; that ensures the information has not changed in any way.
Certificate: A document that binds a signature to an entity.
Data-in-transit : Data moving between entities in a M2M system.
Data-at-rest : Data that is stored within entities in a M2M system.
Attack Surface : A set of vulnerable data, when not protected, may compromise a system.
CIA: Confidentiality, Integrity and Availability.
M2M : Machine to Machine.
IoT : Internet of Things.
FIPS : Federal Information Processing Standards.
ECDSA : Elliptic Curve Digital Signature Algorithm.
ECC : Elliptical Curve Cryptography.
DSA : Digital Signature Algorithm.
SHA : Secure Hashing Algorithm.
MQV : Menezes-Qu-Vanstone algorithm.
DH : Diffie-Helman is an anonymous (non-authenticated) key-agreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes.
SSL : Secure Sockets Layer
Ошибка! Текст указанного стиля в документе отсутствует.
| 8

PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
1
20
21
22
23
24
25
15
16
17
18
19
26
27
28
29
30
31
32
33
34
35
36
2
3
4
5
6
7
8
9
10
11
12
13
14
To familiarize the reader with cryptology concepts and terminology that are used within this standard, this introductory section attempts to provide easily understandable definitions and explain cryptology concepts.
Data that can be read and understood without any special measures is called plaintext or cleartext . The method of disguising plaintext in such a way as to hide its content is called encryption. Encrypting plaintext results in unreadable text that is called ciphertext . Encryption ensures that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting ciphertext to its original plaintext is called decryption .
Cryptography is the science of using mathematics to encrypt and decrypt data.
Cryptography enables entities to store sensitive information or transmit information across insecure networks (like the Internet) so that such information cannot be read by anyone except the intended recipient.
While cryptography is the science of securing data, cryptanalysis is the science of analyzing and breaking secure communication. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. Cryptology embraces both cryptography and cryptanalysis.
A cryptographic algorithm , or cipher , is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key
—a word, number, or phrase—to encrypt the plaintext.
Encrypting plaintext with different keys produces different ciphertext. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key.
One of the main categorization methods for encryption techniques commonly used is based on the form of the input data they operate on and/or utilize. The two types are Block Cipher and Stream Cipher.
Ошибка! Текст указанного стиля в документе отсутствует.
| 9

1
2
3
4
5
6
4.1
4.2
15
16
17
18
19
20
21
10
11
12
13
7
8
9
14
4.3
28
29
30
31
32
33
34
35
22
23
24
25
26
27
36
37
38
39
40
PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
In this method data is encrypted and decrypted if data is in the form of blocks.
In its simplest mode, you divide the plain text into blocks which are then fed into the cipher system to produce blocks of cipher text.
Stream cipher functions on a stream of data by operating on it bit by bit.
Stream cipher consists of two major components: a key stream generator, and a mixing function. Mixing function is usually just an XOR function, while key stream generator is the main unit in stream cipher encryption technique. For example, if the key stream generator produces a series of zeros, the outputted ciphered stream will be identical to the original plain text.
In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption. The key must be kept secret in order for this type of cryptography to work. Example usage includes email, http, IPsec. Symmetric cryptography is magnitudes faster than asymmetric cryptography.
Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key , which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read. It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information. Encryption using asymmetric key algorithms is very slow, Asymmetric encryption techniques are almost 1000 times slower than Symmetric techniques, because they require more computational processing power especially when the data size is large; hence, they are not used when doing bulk encryption. For bulk encryption, symmetric algorithms should be used. The asymmetric algorithms can be used to do key exchange.
A key is a value that works with a cryptographic algorithm to produce a specific ciphertext. In public key cryptography, the bigger the key, the more secure the ciphertext.
Ошибка! Текст указанного стиля в документе отсутствует.
| 10

13
14
15
16
17
18
1
2
6
7
8
9
10
11
3
4
5
12
PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
A major benefit of public key cryptography is that it provides a method for employing digital signatures . Digital signatures enable the recipient of information to verify the authenticity of the information’s origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity . A digital signature also provides non-repudiation , which means that it prevents the sender from claiming that he or she did not actually send the information. These features are every bit as fundamental to cryptography as privacy, if not more.
A one-way hash function takes variable-length input—in this case, a message of any length, even thousands or millions of bits—and produces a fixed-length output; say, 160-bits. The hash function ensures that, if the information is changed in any way—even by just one bit—an entirely different output value is created.
Ошибка! Текст указанного стиля в документе отсутствует.
| 11

PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
1
2
15
16
17
18
19
20
21
10
11
12
13
14
22
6
7
8
9
3
4
5
The challenge of securing and deploying applications in a hostile operating environment is solved using modern cryptography leveraging public key infrastructure. Previous generation of deploying and securing configuration and applications to the device relied on pre shared keys. Pre shared keys are vulnerable to undetected compromise and theft through rogue base stations and other exploitation techniques that are well documented and not detailed in this document.
In order to satisfy the requirements of confidentiality, integrity and availability (CIA) in policy generation the use of certificates are implemented in a standardized “trust” model, of which a base trust must be given to an entity that can create, or “vouch” for surrogate entity certificates. This type of relationship is referred to “certificate chaining” and as such, can be used to delegate trust within the trust model. The base entity is called a root certificate authority or “CA” which can authorize additional certificates (entities) to be used and implemented within the trust model that has been created. On the device or client, trust certificates may be installed at device creation, deployment or another “trusted” method as defined by, for example, a manufacture security policy. Certificate chaining can be conceptually viewed in Figure 1.
Consortium
Root Certificate
ROOT CA
23
24
25
26
CORP A
Regional Certificate
CORP A
Regional Certificate
DIVISION A. CORP A
Regional Certificate
DIVISION B, CORP A
Regional Certificate
DIVISION C, CORP A
Regional Certificate
Regional CA, Certificate
Signed by ROOT
Division Regional CA, Certificate
Signed by ROOT, & CORP
Home Gateway Unit A
Regional Certificate
Home Gateway Unit B
Regional Certificate
Home Gateway Unit C
Regional Certificate
Home Gateway, Certificate Signed by ROOT, CORP & DIVISION
Figure 1
Compromised or expired entities can be withdrawn or revoked from the trust model through a certificate revocation list (CRL) server. CRL’s are only
Ошибка! Текст указанного стиля в документе отсутствует.
| 12

6
7
8
1
2
3
4
5
PN-4940.022: Smart Device Communications;
Deploying and Securing Applications effective when properly used by both client and servers. Clients must use the
CRL server to verify that each certificate within a certificate chain is indeed valid, which preserves the CIA/* did we decide to use CIA */ triad, and servers must be maintained and updated with serial numbers from withdrawn certificates.
The architecture for securing and deploying applications within the reference architecture [X] is detailed below pictorially in Figure 2
Ошибка! Текст указанного стиля в документе отсутствует.
| 13

PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
1 er in nta Co
Ошибка! Текст указанного стиля в документе отсутствует.
| 14

1
22
23
24
25
26
16
17
18
19
20
21
9
10
11
6
7
8
2
3
4
5
12
13
14
15
PN-4940.022: Smart Device Communications;
Deploying and Securing Applications
Figure 2
The consortium certificate fills the base trust entity role, or root CA. This may be a self-signed certificate, or obtained from CA vendor. Company A may join the trust model set forth by the consortium by satisfying the consortium test and conformance procedure that provides validation metrics for company
A. Leveraging the trust from the consortium; company A may then develop applications that will validate against the consortiums certificate, since company certificate was signed by the consortium. The integrity of company
A application can be assured by “signing” the application that company A produced. A digital fingerprint of the application is created (hashed) and the fingerprint is encrypted by using the private key of company A. The application, encrypted fingerprint and certificate chain (minus private keys) is sent through a hostile network via a multilayer security tunnel (TIA
Multilayer Guidance) to the TIA container. The container implements the steps that company A used to encrypt the fingerprint by regenerating the fingerprint of the application (application was not encrypted, only the fingerprint). The container validates the certificate chain that was passed by company A by comparing each certificate in the chain to installed certificate(s) until the container reaches a certificate that is in its trust model, in this case, it may be the root CA, or another certificate that the container
“trusts”. Once trust is established, the public key of company A is used to decrypt the fingerprint that was created by company A. If the decrypted fingerprint is equal to the container’s calculated fingerprint of the application, the container can then be assured that the application is genuine and has not been corrupted by the hostile network.
Ошибка! Текст указанного стиля в документе отсутствует.
| 15