Introduction to ETSI M2M Security
features
Presentation for oneM2M WG 4
oneM2M SEC #2, Nice, 15 April 2013
Source: Francois Ennesser, Gemalto
ETSI M2M – High Level Architecture
M2M Device & Gateway Domain
M2M Device
M2M Gateway
M2M App.
M2M App.
dIa
M2M
AREA
NETWORK
Device
Applicatio
n
Proprietary
M2M(DA)
Device
dIa
M2M Gateway
Service
Capability
(GSCL)
M2M Network Domain
WIDE AREA NETWORK
M2M Service
Capabilities
Layer (M2M
WIRELESS
mId
M2M
Application
NSCL)
mIa
MOBILE
M2M
Application
M2M Device
M2M App.
mIa
FIXED
dIa
REFERENCE POINTS
mIa
M2M Device
Service
Capability
(DSCL)
mId
.. OTHER
M2M
Application
Network
Application
(NA)
2
2
ETSI M2M architecture principles
ETSI M2M adopted a RESTful architecture style
 Information represented by resources structured as a tree
ETSI M2M standardizes resource structure that resides
on an M2M Service Capability Layer (SCL)
 Each SCL contains a resource structure where the information
is kept
M2M Application and/or M2M Service Capability Layer
exchange information by means of these resources over
the defined reference points
ETSI M2M standardizes the procedure for handling the
resources
3
3
Security features addressed by ETSI M2M
Identification of the M2M Application and the M2M
Devices
Mutual authentication between Network Service
Capability Layer and Device/Gateway Service Capability
Layer that are connected
Secure channel for transporting data over mId reference
point
Device/Gateway Integrity validation at Bootstrap and
Service Connection
However due to schedule constraints, some security
aspects remain unaddressed
 Security not addressed “end-to-end”
 Security provided for M2M SP, not for M2M Application provider
 No disociation between “routing” and “trust” based roles at service layer level
4
4
ETSI TC M2M Framework
M2M Device/Gateway
M2M Device/M2M Gateway
M2M Applications
M2M Applications
M2M
Network
M2M Service Capabilities Layer
mIa
dIa
M2M
Service
Capabilities
Layer
mId
Communication modules
Core Network Connection
Core Network A
Core Network B
5
©
ET
SI
201
1.
All
Security is out-of scope in Release 1
ETSI M2M Security
ETSI M2M provides standardized security
mechanisms for the reference point mId
Devices/gateways hold secret keys protecting
the connection in a “secured environment”
The device/gateway is provisioned with the key
M2M Root Key.
The high level procedure are to




Perform mutual mId end point authentication
Perform M2M Service Connection Key agreement
Optionally, establish a secure session over mId.
Perform RESTful operations over mId
6
6
ETSI TC M2M Service Layer Procedures
Network
Bootstrap
Provisions: names, service levels, security keys, etc…
Can be based on 3GPP ,
3GPP 2, ETSI TISPAN , etc .
Establishes context of
D/GA in D/GSCL.
Optionally requires :
Generation of Kma /
provisioning to
application.
Application
Application
Registration
Registration
/GAon
onDD
ofofDD/GA
//
GSCL
GSCL
Establishes context of
NA in NSCL.
D/GA interaction
with local D/GSCL
Application
Application
Registration
Registration
ofNA
NAon
onNSCL
NSCL
of
AND
NA interaction
with local NSCL
D/GA interaction with
NSCL via local D/GSCL
Network
Registration
M2M Service
Bootstrap
Service
MM
22
MMService
Connection
Connection
between D/GSCL
and NSCL
mId Security
(Optional)
secure
communication
over mId
SCLRegistration
Registration
SCL
/GSCLwith
with
ofofDD/GSCL
NSCL. .
NSCL
Can be independent or related
Provisions M2M SP assigned ID and Kmr
Mutual authentication of mId end points
,
generation of Kmc
Optional establishment of secure communication
over mId based on Kmc and sub-keys of Kmc
Establishes context of D/GSCL in NSCL
and vice versa
D/GSCL interaction
with NSCL
M2M Communication via D/GSCL and NSCL
M2M Communication via D/GSCL and NSCL
7
ETSI TC M2M Service Bootstrap
Procedures
Access network (AN) dependent vs. access-agnostic bootstrap


May derive M2M service credentials from existing AN credentials (e.g. UICC based)
Or provide independent service layer credentials
Bootstrapping of M2M Service Layer Credentials on the field:


Establishment of shared secret Kmr in Device and Network over mId
Pre-provisioning (e.g. Smartcard based) or Automated (infrastructure assisted) methods
Automated bootstrap procedures

GBA: NAF serves as MSBF (M2M Service Bootstrap Function)

EAP/PANA: Dedicated MSBF + MAS (M2M Authentication Server)

TLS/TCP (Access agnostic)
 Uses Access Network credentials in UICC (e.g. USIM, CSIM or ISIM application)
 Uses same HTTP procedure as TLS/TCP for bootstrap parameters delivery
 Uses any type of credentials (SIM, AKA, PSK, certificates, IBE, OTP, etc.)
 Access Network based: e.g. UICC with EAP-AKA / Kmr based on EMSK
 Or Access-agnostic: EAP-IBAKE, or EAP-TLS with certificates
 Uses X.509 certificates pre-provisioned on the device/gateway
 256 bits encr. key, TLS 1.2 RSA AES 128 CCM or TLS 1.1 RSA AES 128 CBC SHA
 AES 256 Key Wrap
8
ETSI M2M generic Bootstrap Procedure
Input:
- Pre-provisioned device/gateway ID
- Pre-provisioned secret key
(1b)Bootstrap
M2M
Device/G
ateway
Node
(Out-of scope)
(1a)Bootstrap
Output:
- M2M Device/Gateway Node ID
- M2M Root Key (Kmr)
- Lifetime
- Optionally:
- D/GSCL-ID
- NSCL-ID
M2M
Network
Node
MSBF
(M2M
Service
Bootstrap
Function)
(2)MAS provisioning
MAS
(M2M
Auth’n
Server)
9
GBA Bootstrapping
HSS
Input:
- xSIM credentials
(1)GBA
Bootstrapping
M2M
Device/G
ateway
Node
(2a)HTTP
digest auth
Output:
- M2M Device/Gateway Node ID
- M2M Root Key (== NAF-specific key)
- Lifetime
- Optionally:
- D/GSCL-ID
- NSCL-ID
BSF
(Bootstrap
Server
Function)
(2b)Retrieval
of NAF key
(Out-of scope)
MSBF
(M2M
Service
Bootstrap
Function)
(3)MAS provisioning
(Out-of scope)
MAS
(M2M
Auth’n
Server)
10
EAP/PANA bootstrapping
Input:
- Any kind of credentials (SIM, AKA, PSK, certs, IBE,
OTP, etc.)
(1b)EAP method
over AAA
M2M
Device/G
ateway
Node
(1a)EAP method
over PANA
M2M
Network
Node
MSBF
(M2M
Service
Bootstrap
Function)
(Out-of scope)
Output:
- M2M Device/Gateway Node ID
- M2M Root Key (derived from EAP EMSK)
- Lifetime
- Optionally:
- D/GSCL-ID
- NSCL-ID
EAP methods:
EAP-TLS
EAP-IBAKE
EAP-SIM, EAP-AKA
Any key-generating
EAP method…
(2)MAS provisioning
MAS
(M2M
Auth’n
Server)
AAA protocols:
 RADIUS
 Diameter
 Etc.
11
TLS/TCP Bootstrapping
Input:
- Pre-provisioned X.509 client certificate and private key
- Pre-provisioned root CA certificate
MSBF
(M2M
Service
Bootstrap
Function)
(1a)TLS
M2M
Device/G
ateway
Node
(2)HTTP
M2M
Network
Node
Output:
- M2M Device/Gateway Node ID
- M2M Root Key (delivered from MSBF to device
via HTTP)
- Lifetime
- Optionally:
- D/GSCL-ID
- NSCL-ID
(1b)OCSP
[optional]
OCSP
Responder
(3)MAS provisioning
(Out-of scope)
MAS
(M2M
Auth’n
Server)
12
©
ET
SI
201
1.
All
ETSI TC M2M Service Connection
Procedures
Optional derivation of M2M Service Connection (session) Key Kmc
 Not needed (i.e., no Kmc) when relying on existing access network security
Access Network dependent vs. access-agnostic
 Direct derivation from existing AN credentials (e.g. in UICC based AN
subscription) possible for GBA and EAP (no Kmr)
Connection procedures
 GBA (access dependent Kmc)
 Uses Access Network credentials in UICC (e.g. USIM, CSIM or ISIM application)
 EAP/PANA
 Uses xSIM/UICC with EAP-SIM/EAP-AKA (access-dependent Kmc), or
 Uses Kmr as PSK with EAP-GPSK (access-agnostic), or
 TLS/TCP (access agnostic, uses Kmr as PSK)
 TLS 1.1 or 1.2 with ECDHE PSK AES 128 CBC SHA (256)
13
ETSI M2M generic
Service Connection Procedure
Input:
- M2M Device/Gateway Node ID
- M2M Root Key
M2M
Device/G
ateway
Node
(1a)Connection
M2M
Network
Node
(1b)Connection
(Out-of scope)
MAS
(M2M
Auth’n
Server)
Output:
- M2M Connection ID
- M2M Service Connection Key (Kmc)
- Lifetime
- mId security method/parameters
- Optionally:
- D/GSCL-ID
14
GBA Service Connection
HSS
Input:
- xSIM credentials
BSF
(Bootstrap
Server
Function)
(1)GBA
M2M
Device/G
ateway
Node
(2a)TLS-PSK
(2b)Retrieval
of NAF key
(Out-of scope)
M2M
Network
Node
Output:
- M2M Connection ID
- M2M Connection Key (== NAF specific key)
- Lifetime
15
EAP/PANA Service connection
Input:
- M2M Device/Gateway Node ID
- M2M Root Key
- Alternatively: xSIM credentials
M2M
Device/G
ateway
Node
(1a)EAP method
over PANA
M2M
Network
Node
(1b)EAP method
over AAA
(Out-of scope)
Output:
- M2M Connection ID
- M2M Connection Key (derived from EAP MSK)
- Lifetime
- mId security method/parameters
- Optionally:
- D/GSCL-ID
MAS
(M2M
Auth’n
Server)
EAP methods:
 EAP-GPSK (accessagnostic)
 EAP-SIM, EAP-AKA (access
dependent)
AAA protocols:
 RADIUS
 Diameter
 Etc.
16
TLS/TCP Service Connection
Input:
- M2M Device/Gateway Node ID
- M2M Root Key
M2M
Device/G
ateway
Node
(1)TLS-PSK
(2)HTTP
M2M
Network
Node
MAS
(M2M
Auth’n
Server)
Output:
- M2M Connection ID
- M2M Connection Key (delivered from MAS to device via HTTP)
- Lifetime
- mId security method/parameters
- Optionally:
- D/GSCL-ID
17
ETSI TC M2M Secure connection (mId
Interface)
One or more of the following methods used
1. Relying on a trusted access network (i.e., lower-layer) for security

This is the case where no Kmc is derived
2. Using channel security (PSK AES 128)


HTTP: TLS/TCP, TLS 1.2 CBC SHA or TLS 1.1 CCM
CoAP: DTLS/UDP , DTLS 1.2 CCM(_8)
3. Using object security (lacks interoperable flexibility in current releases)

XML-DSIG and XML-ENC (v 1.1), using Kmc
18
ETSI TC M2M Security Scenarios Baseline
Pre-provisioned
device/gateway
credential types
SIM/AKA
credential
M2M Bootstrap
Procedures
M2M Service
Connection
Procedures
mId security
methods
GBA
GBA
Certificates
Any type of
credentials
TLS/TCP
EAP/PANA
TLS/TCP
TLS/DTLS
(Channel
Security)
XML-DSIG/ENC
(Object Security)
EAP/PANA
Relying on
Access Network
Security
19
Scenario 1: Direct GBA
Pre-provisioned
device/gateway
credential types
SIM/AKA
credential
M2M Bootstrap
Procedures
M2M Service
Connection
Procedures
mId security
methods
GBA
GBA
These are just few example scenarios.
Many other scenarios are possible….
Certificates
Any type of
credentials
TLS/TCP
EAP/PANA
TLS/TCP
TLS/DTLS
(Channel
Security)
XML-DSIG/ENC
(Object
Security)
EAP/PANA
Relying on
Access Network
Security
20
Scenario 2: TLS/TCP
Pre-provisioned
device/gateway
credential types
SIM/AKA
credential
M2M Bootstrap
Procedures
M2M Service
Connection
Procedures
mId security
methods
GBA
GBA
Certificates
Any type of
credentials
TLS/TCP
EAP/PANA
TLS/TCP
TLS/DTLS
(Channel
Security)
XML-DSIG/ENC
(Object
Security)
EAP/PANA
Relying on
Access Network
Security
21
Scenario 3: EAP/PANA
Pre-provisioned
device/gateway
credential types
SIM/AKA
credential
M2M Bootstrap
Procedures
M2M Service
Connection
Procedures
mId security
methods
GBA
GBA
Certificates
Any type of
credentials
TLS/TCP
EAP/PANA
TLS/TCP
TLS/DTLS
(Channel
Security)
XML-DSIG/ENC
(Object
Security)
EAP/PANA
Relying on
Access Network
Security
22
ETSI Support of Integrity Validation
Integrity Validation (IVal)
 optional feature enabling e.g. to detect tampering of device
 enables fine grained access control for both
Device/Gateways and M2M Service Providers.
M2M
Rel-1 supports IVal prior to Bootstrap and during Service
Registration procedures
 Code Integrity checks performed/stored in Secured Environment
 IVal result (4 bytes):
 Mapping device software image to standard M2M services
 Sent to M2M Service Provider during service registration.
 Signed with IVal key to ensure integrity and authenticity of reported
results.
 The M2M Service Provider can grant or deny service access based
on the reported IVal results and provider policy
23
ETSI M2M Integrity Validation Call Flow
M2M Device/Gateway
Perform
IVal for
Bootstrap /
Connection
MAS/MSBF
M2M Service Provider
Device IVal
Bootstrap/Connection
Security Policy gates
whether bootstrap
continues or halts
Bootstrap Procedure
Service Connection Procedure
Perform
IVal for
Service
Registratio
n
Device IVal Service
Registration Security
Policy gates whether
registration continues or
halts
Service Registration Request
(includes signed IVal results)
IVal results: 32-bit
signed mapping of
standard service
capabilities
Access
Control based
on IVal results
and policies
Access granted or
denied based on
service provider policy
Service Registration Result
Initiate M2M Services
24
Contact Details:
francois.ennesser@gemalto.com
Thank you!
25
©
ET
SI
201
1.
All