presentation of etsi tc m2m security features group name: wg4 securtity source: francois ennesser,...
TRANSCRIPT
Presentation of ETSI TC M2M security features
Group Name: WG4 SecurtitySource: Francois Ennesser, GemaltoMeeting Date: 2013-04-15Agenda Item: SEC
High Level ETSI ArchitectureHigh Level ETSI Architecture
M2M Service Capabilities Layer (M2M
NSCL)
M2M GatewayM2M Device
M2M Device Service
Capability (DSCL)
M2M Device
WIRELESS
MOBILE
FIXED
.. OTHER
M2M AREA
NETWORK
M2M Gateway Service
Capability (GSCL) M2M
Application
M2MApplication
Proprietary
M2M Device
Prop
rieta
ry In
terfa
ce
WIDE AREA NETWORK
mId
mId
2
mIa
dIa dIa
dIa
mIa
mIa
M2M App. M2M App.
M2M App.
M2MApplication
M2M Network DomainM2M Network DomainM2M Device & Gateway DomainM2M Device & Gateway Domain
REFERENCEREFERENCE POINTSPOINTS
Network Network ApplicationApplication
(NA)(NA)
Device Device ApplicationApplication
(DA)(DA)
2
ETSI M2M architecture principles• ETSI M2M adopted a RESTful architecture style
– Information represented by resources structured as a tree
• ETSI M2M standardizes resource structure that resides on an M2M Service Capability Layer (SCL)– Each SCL contains a resource structure where the information is kept
• M2M Application and/or M2M Service Capability Layer exchange information by means of these resources over the defined reference points
• ETSI M2M standardizes the procedure for handling the resources
33
ETSI M2M Security features• Identification of the M2M Application and the M2M Devices• Mutual authentication between Network Service Capability
Layer and Device/Gateway Service Capability Layer that are connected
• Secure channel for transporting data over mId reference point• Device/Gateway Integrity validation at Bootstrap and Service
Connection
• However due to schedule constraints, some security aspects remain unaddressed– Security not addressed “end-to-end”– Security provided for M2M SP, not for M2M Application provider
• No disociation between “routing” and “trust” based roles at service layer level
44
ETSI TC M2M Framework
© ETSI 2011. All rights reserved
5Security has not been addressed
M2M Device/Gateway
M2MNetwork
ETSI M2M Security• ETSI M2M provides standardized security
mechanisms for the reference point mId• Devices/gateways hold secret keys protecting the
connection in a “secured environment” • The device/gateway is provisioned with the key M2M
Root Key. • The high level procedure are to
– Perform mutual mId end point authentication– Perform M2M Service Connection Key agreement– Optionally, establish a secure session over mId.– Perform RESTful operations over mId
66
M2M Service Layer Procedures
7
M 2 M Communication via D / GSCL and NSCL
M 2 M Service Connection
between D / GSCL and NSCL
SCL Registration of D / GSCL with
NSCL .
Application Registration
of NA on NSCL
Application Registration of D / GA on D /
GSCL
M 2 M Communication via D / GSCL and NSCL
SCL Registration of D / GSCL with
NSCL .
Application Registration of D / GA on D /
GSCL
D / GA interaction with NSCL via local D / GSCL
D / GA interaction with local D / GSCL
D / GSCL interaction with NSCL
AND
NA interaction with local NSCL
Application Registration
of NA on NSCL
M 2 M Service Connection
M 2 M Service Bootstrap
Network Bootstrap
Network Registration
mId Security ( Optional )
secure communication
over mId
Provisions : names , service levels , security keys , etc…
Can be based on 3 GPP , 3 GPP 2 , ETSI TISPAN , etc .
Provisions M 2 M SP assigned ID and Kmr
Mutual authentication of mId end points , generation of Kmc
Optional establishment of secure communication over mId based on Kmc and sub-keys of Kmc
Establishes context of D / GSCL in NSCL and vice versa
Establishes context of D / GA in D / GSCL .
Optionally requires : Generation of Kma / provisioning to application .
Establishes context of NA in NSCL .
Can be independent or related
Service Bootstrap Procedures• Access network (AN) dependent vs. access-agnostic bootstrap
– May derive M2M service credentials from existing AN credentials (e.g. UICC based)– Or provide independent service layer credentials
• Bootstrapping of M2M Service Layer Credentials on the field:– Establishment of shared secret Kmr in Device and Network over mId – Pre-provisioning (e.g. Smartcard based) or Automated (infrastructure assisted) methods
• Automated bootstrap procedures– GBA: NAF serves as MSBF (M2M Service Bootstrap Function)
• Uses Access Network credentials in UICC (e.g. USIM, CSIM or ISIM application)• Uses same HTTP procedure as TLS/TCP for bootstrap parameters delivery
– EAP/PANA: Dedicated MSBF + MAS (M2M Authentication Server)• Uses any type of credentials (SIM, AKA, PSK, certificates, IBE, OTP, etc.)• Access Network based: e.g. UICC with EAP-AKA / Kmr based on EMSK• Or Access-agnostic: EAP-IBAKE, or EAP-TLS with certificates
– TLS/TCP (Access agnostic)• Uses X.509 certificates pre-provisioned on the device/gateway• 256 bits encr. key, TLS 1.2 RSA AES 128 CCM or TLS 1.1 RSA AES 128 CBC SHA• AES 256 Key Wrap
8
Generic Bootstrap Procedure
M2M Device/Gateway Node
M2M Device/Gateway Node
MSBF (M2M Service
Bootstrap Function)
MSBF (M2M Service
Bootstrap Function)
MAS (M2M Auth’n Server)
MAS (M2M Auth’n Server)
M2M Network
Node
M2M Network
Node
Input:-Pre-provisioned device/gateway ID-Pre-provisioned secret key
Output:-M2M Device/Gateway Node ID-M2M Root Key (Kmr)-Lifetime-Optionally:
- D/GSCL-ID- NSCL-ID
9
(1a)Bootstrap
(1b)Bootstrap
(2)MAS provisioning
(Out-of scope)
HSSHSS
GBA Bootstrapping
10
M2M Device/Gateway Node
M2M Device/Gateway Node
MSBF (M2M Service
Bootstrap Function)
MSBF (M2M Service
Bootstrap Function)
MAS (M2M Auth’n Server)
MAS (M2M Auth’n Server)
Input:-xSIM credentials
Output:-M2M Device/Gateway Node ID-M2M Root Key (== NAF-specific key)-Lifetime-Optionally:
- D/GSCL-ID- NSCL-ID
(1)GBA Bootstrapping
(2a)HTTP digest auth
(3)MAS provisioning(Out-of scope)
BSF (Bootstrap
Server Function)
BSF (Bootstrap
Server Function) (2b)Retrieval
of NAF key(Out-of scope)
EAP/PANA bootstrapping
M2M Device/Gateway Node
M2M Device/Gateway Node
MSBF (M2M Service
Bootstrap Function)
MSBF (M2M Service
Bootstrap Function)
MAS (M2M Auth’n Server)
MAS (M2M Auth’n Server)
M2M Network
Node
M2M Network
Node
Input:-Any kind of credentials (SIM, AKA, PSK, certs, IBE, OTP, etc.)
Output:-M2M Device/Gateway Node ID-M2M Root Key (derived from EAP EMSK)-Lifetime-Optionally:
- D/GSCL-ID- NSCL-ID
11
(1a)EAP method over PANA
(1b)EAP method over AAA
(2)MAS provisioning
(Out-of scope)
EAP methods:EAP-TLSEAP-IBAKEEAP-SIM, EAP-AKAAny key-generating EAP method…
AAA protocols:RADIUSDiameterEtc.
TLS/TCP Bootstrapping
M2M Device/Gateway Node
M2M Device/Gateway Node
MSBF (M2M Service
Bootstrap Function)
MSBF (M2M Service
Bootstrap Function)
MAS (M2M Auth’n Server)
MAS (M2M Auth’n Server)
M2M Network
Node
M2M Network
Node
Input:-Pre-provisioned X.509 client certificate and private key-Pre-provisioned root CA certificate
Output:-M2M Device/Gateway Node ID-M2M Root Key (delivered from MSBF to devicevia HTTP)-Lifetime-Optionally:
- D/GSCL-ID- NSCL-ID
© ETSI 2011. All rights reserved
12
(1a)TLS
(3)MAS provisioning(Out-of scope)
(2)HTTP
OCSP Responder
OCSP Responder
(1b)OCSP[optional]
Service Connection Procedures• Optional derivation of M2M Service Connection (session) Key Kmc
– Not needed (i.e., no Kmc) when relying on existing access network security
• Access Network dependent vs. access-agnostic– Direct derivation from existing AN credentials (e.g. in UICC based AN
subscription) possible for GBA and EAP (no Kmr)
• Connection procedures– GBA (access dependent Kmc)
• Uses Access Network credentials in UICC (e.g. USIM, CSIM or ISIM application)
– EAP/PANA• Uses xSIM/UICC with EAP-SIM/EAP-AKA (access-dependent Kmc), or• Uses Kmr as PSK with EAP-GPSK (access-agnostic), or
– TLS/TCP (access agnostic, uses Kmr as PSK)• TLS 1.1 or 1.2 with ECDHE PSK AES 128 CBC SHA (256)
13
Generic Connection Procedure
M2M Device/Gateway Node
M2M Device/Gateway Node
MAS (M2M Auth’n Server)
MAS (M2M Auth’n Server)
M2M Network
Node
M2M Network
Node
Input:-M2M Device/Gateway Node ID-M2M Root Key
Output:-M2M Connection ID-M2M Service Connection Key (Kmc)-Lifetime-mId security method/parameters-Optionally:
- D/GSCL-ID
14
(1a)Connection
(Out-of scope)
(1b)Connection
HSSHSS
GBA Service Connection
15
M2M Device/Gateway Node
M2M Device/Gateway Node
Input:-xSIM credentials
(1)GBA
(2a)TLS-PSK
BSF (Bootstrap
Server Function)
BSF (Bootstrap
Server Function)
M2M Network
Node
M2M Network
Node
(2b)Retrieval of NAF key
(Out-of scope)
Output:-M2M Connection ID-M2M Connection Key (== NAF specific key)-Lifetime
EAP/PANA Service connection
M2M Device/Gateway Node
M2M Device/Gateway Node
MAS (M2M Auth’n Server)
MAS (M2M Auth’n Server)
M2M Network
Node
M2M Network
Node
Input:-M2M Device/Gateway Node ID-M2M Root Key-Alternatively: xSIM credentials
Output:-M2M Connection ID-M2M Connection Key (derived from EAP MSK)-Lifetime-mId security method/parameters-Optionally:
- D/GSCL-ID
16
(1a)EAP method over PANA
(1b)EAP method over AAA
(Out-of scope)
EAP methods:EAP-GPSK (access-agnostic)EAP-SIM, EAP-AKA (access-dependent)
AAA protocols:RADIUSDiameterEtc.
TLS/TCP Service Connection
M2M Device/Gateway Node
M2M Device/Gateway Node
MAS (M2M Auth’n Server)
MAS (M2M Auth’n Server)
M2M Network
Node
M2M Network
Node
17
(1)TLS-PSK
Input:-M2M Device/Gateway Node ID-M2M Root Key
Output:-M2M Connection ID-M2M Connection Key (delivered from MAS to device via HTTP)-Lifetime-mId security method/parameters-Optionally:
- D/GSCL-ID
(2)HTTP
Secure connection (mId Interface)• One or more of the following methods used
1. Relying on a trusted access network (i.e., lower-layer) for security• This is the case where no Kmc is derived
2. Using channel security (PSK AES 128)• HTTP: TLS/TCP, TLS 1.2 CBC SHA or TLS 1.1 CCM• CoAP: DTLS/UDP , DTLS 1.2 CCM(_8)
3. Using object security (lacks interoperable flexibility in current releases) • XML-DSIG and XML-ENC (v 1.1), using Kmc
18
Security Scenarios - Baseline
19
GBAGBA TLS/TCPTLS/TCP EAP/PANAEAP/PANA
TLS/TCPTLS/TCP EAP/PANAEAP/PANAGBAGBA
TLS/DTLS (Channel Security)
TLS/DTLS (Channel Security)
XML-DSIG/ENC (Object Security)XML-DSIG/ENC
(Object Security)
SIM/AKA credentialSIM/AKA credential CertificatesCertificates
Pre-provisioneddevice/gateway credential types
M2M Bootstrap Procedures
M2M ServiceConnection Procedures
mId security methods
Any type of credentials
Relying onAccess NetworkSecurity
Scenario 1: Direct GBA
20
GBAGBA TLS/TCPTLS/TCP EAP/PANAEAP/PANA
TLS/TCPTLS/TCP EAP/PANAEAP/PANAGBAGBA
TLS/DTLS (Channel Security)
TLS/DTLS (Channel Security)
XML-DSIG/ENC (Object Security)XML-DSIG/ENC
(Object Security)
SIM/AKA credentialSIM/AKA credential CertificatesCertificates
Pre-provisioneddevice/gateway credential types
M2M Bootstrap Procedures
M2M ServiceConnection Procedures
mId security methods
Any type of credentials
Relying onAccess NetworkSecurity
These are just example scenarios. Other scenarios are possible….
Scenario 2: TLS/TCP
21
GBAGBA TLS/TCPTLS/TCP EAP/PANAEAP/PANA
TLS/TCPTLS/TCP EAP/PANAEAP/PANAGBAGBA
TLS/DTLS (Channel Security)
TLS/DTLS (Channel Security)
XML-DSIG/ENC (Object Security)XML-DSIG/ENC
(Object Security)
SIM/AKA credentialSIM/AKA credential CertificatesCertificates
Pre-provisioneddevice/gateway credential types
M2M Bootstrap Procedures
M2M ServiceConnection Procedures
mId security methods
Any type of credentials
Relying onAccess NetworkSecurity
Scenario 3: EAP/PANA
22
GBAGBA TLS/TCPTLS/TCP EAP/PANAEAP/PANA
TLS/TCPTLS/TCP EAP/PANAEAP/PANAGBAGBA
TLS/DTLS (Channel Security)
TLS/DTLS (Channel Security)
XML-DSIG/ENC (Object Security)XML-DSIG/ENC
(Object Security)
SIM/AKA credentialSIM/AKA credential CertificatesCertificates
Pre-provisioneddevice/gateway credential types
M2M Bootstrap Procedures
M2M ServiceConnection Procedures
mId security methods
Any type of credentials
Relying onAccess NetworkSecurity
ETSI Support of Integrity Validation• Integrity Validation (IVal)
– optional feature enabling e.g. to detect tampering of device– enables fine grained access control for both M2M Device/Gateways and
M2M Service Providers.
• Rel-1 supports IVal prior to Bootstrap and during Service Registration procedures– Code Integrity checks performed/stored in Secured Environment– IVal result (4 bytes):
• Mapping device software image to standard M2M services • Sent to M2M Service Provider during service registration.• Signed with IVal key to ensure integrity and authenticity of reported results.
– The M2M Service Provider can grant or deny service access based on the reported IVal results and provider policy
23
Integrity Validation Call Flow
24
M2M Device/Gateway M2M Service Provider MAS/MSBF
Perform IVal for
Bootstrap / Connection
Perform IVal for
Bootstrap / Connection
Device IVal Bootstrap/Connection Security Policy gates whether bootstrap continues or halts
Device IVal Bootstrap/Connection Security Policy gates whether bootstrap continues or halts
Bootstrap Procedure
Service Connection Procedure
Perform IVal for Service
Registration
Perform IVal for Service
Registration
Device IVal Service Registration Security Policy gates whether registration
continues or halts
Device IVal Service Registration Security Policy gates whether registration
continues or halts
Service Registration Request(includes signed IVal results)
IVal results: 32-bit signed mapping of standard service
capabilities
IVal results: 32-bit signed mapping of standard service
capabilities
Access Control based on IVal
results and policies
Access Control based on IVal
results and policies
Access granted or denied based on service provider
policy
Access granted or denied based on service provider
policy
Service Registration Result
Initiate M2M Services