1 / 17

Discussion on IoT Security

Study Group Leadership Assembly. Discussion on IoT Security. Arkadiy Kremer ITU-T SG17 Chairman kremer@rans.ru. Challenges in ICT Infrastructure Development. General using of TCP/IP protocol family Modular approach to maximize business advantages with limited resources

amccracken
Download Presentation

Discussion on IoT Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Study Group Leadership Assembly Discussion on IoT Security Arkadiy Kremer ITU-T SG17 Chairman kremer@rans.ru

  2. Challenges in ICT Infrastructure Development • General using of TCP/IP protocol family • Modular approach to maximize business advantages with limited resources • Rapid availability a great number of different and complicated end-user’s devices • Quick growth the quantity of users for ubiquitous networks, cloud computing and SDN cloud configuration infrastructure • Convergence of telecom with non-telecom businesses • Challenging threats and vulnerabilities in challenging environment • Quick growth of international criminal societies and illegal use of the ICT infrastructure

  3. Main Pillars for Providing Confidence & Security • Promoting societal awareness of security issues, culture of security and ethics • Legislation, regulation and enforcement infrastructure • Standardization (technical regulation)

  4. Developing an Effective Security Strategy • Security frameworks and architectures provide guidance in the selection and use of Recommendations • Outreach documents and activities promote wider understanding of the complexities of security protection • To get the priorities right and to demonstrate our ability to deliver timely, relevant and effective Recommendations • To suggest the performance measures that provide some indication of the effectiveness of our Recommendations • To provide testability of our Recommendations since the implementations can be independently assessed and certified

  5. Developing Countries Participation in SG17(Leadership)

  6. Developing Countries Participationin SG17(Participation and Contributing) * Average over last 6 meetings

  7. Questions for Discussion at the SGLA • How does the rapid evolution of technology affect the IoT security equation? • What is the business case for international standardized tools to be implemented? • In which areas we may improve collaboration within the ITU-T and with other SDOs and industry consortia? • What role ITU-T can play, that is unique, essential, recognized as such by the ICT industry and others, and within the mandate of the ITU? • How we can enhance the participation in the ITU-T IoT security standardization activity?

  8. IoT Challenges • The challenges and risks of having billions of Things and users connected together are complex and may be hard to control • Doing something as simple as giving a device an IP address (which is basically all that IoT is about) transforms it into a tiny information hub that you can extract information from on the fly • Concerns have been raised in relation to the IoT Identification Management (IdM) issues, in which each Thing (user and device) will be required to have a unique identity, and the IdM to be able to distinguish between a device and user, as well as ensuring identity and information context safety and security Budapest, Hungary, 12 October 2015

  9. IoT IdM related Security To improve on security in the context of IoT, we need • A useful adaptive and risk based authentication capabilities • Access control and • Trust management systems that are context-aware. The following steps will be needed • To design an architecture of IdM by employing attack resistant and practical methods for access control, trust management, risk based authentication that is also context-aware and capable of addressing the task of identity mapping for IoT This requires capabilities for • Efficient context management scheme for device classification • Develop and using Digital Object Identification and addressing methods • Specifying trust management model and framework • Risk based and adaptive authentication methods • Adaptive access control schemes Budapest, Hungary, 12 October 2015

  10. Context Based IdM • The task of digitizing our daily interactions, is moving us toward a context-aware computing world • Computing agents will need to share their context, in order to be able find common solutions • This is similar to Authorization enforcement has evolved from the use of groups to the use of roles, and to the use of attributes  • (draft) Rec. ITU-T X.1257 (IdM taxonomy) is a step in this direction Budapest, Hungary, 12 October 2015

  11. IoT Addressing and Identification (1) • IoT can be abstracted as digital objects (OID or DOI) • IoT can be assigned an IP address • From an IdM and security point of view there is a fundamental difference between addresses and identifier of devices. • Addresses determine communication endpoint • While an address is unique at a given point in time, addresses need not be permanent. • A device can have its address changed. • A new device can take on the address of a previous device. • And a device can have more than one IP address. • Identifiers (OID or DOI) are a dedicated, publicly known attribute or name for an identity, a person or a device. • Identifiers are valid within a specific domain. • A device can have more than one identifier, but it requires at least one unique identifier within any domain through which it can be accessed Note: Rec. ITU-T X.1255 and Rec. ITU-T X.668 (OID) can be used with IoT Budapest, Hungary, 12 October 2015

  12. IoT Addressing and Identification (2) • Addressing and Identification places requirements on the IoT in IdM • Internet of Things (IoT), security mechanism should be stringent, flexible and nonintrusive. • Scalability issue in IoT makes identity management (IdM) of ubiquitous objects more challenging • There is a need of context-aware access control solution for IdM • Context information in terms of object classification is useful for designing effective policies and efficient access control mechanisms • X.668 (OID), X.1255 and X.1257 can serve as the foundation of secure context aware IoT IdM frameworks Budapest, Hungary, 12 October 2015

  13. 5G Communications Security User equipment Access networks Mobile operator’s core network External IP networks Budapest, Hungary, 12 October 2015

  14. Recommendations on IoT security in SG17 (within Q4, Q6, Q9, Q10, Q11, Q12/17) Published ITU-T Recommendations: • F.511 Directory service - Support of tag-based identification services • ITU-T X.668 | ISO/IEC 9834-9, Information technology – Open Systems Interconnection – Procedures for the operation of OSI Registration Authorities: Registration of object identifier arcs for applications and services using tag-based identification • X.1171, Threats and requirements for protection of personally identifiable information in applications using tag-based identification • X.1275, Guidelines on protection of personally identifiable information in the application of RFID technology • X.1311 | ISO/IEC 29180, Information technology – Security framework for ubiquitous sensor networks • X.1312, Ubiquitous sensor network middleware security guidelines • X.1313, Security requirements for wireless sensor network routing • X.1314, Security requirements and framework of ubiquitous networking Budapest, Hungary, 12 October 2015

  15. Work items on IoT security in SG17 X.iotsec-1, Simple encryption procedure for Internet of Things (IoT) environments X.iotsec-2, Security framework for Internet of Things X.oiddev, Information technology – Use of object identifiers in the Internet of Things X.oid-iot, ITU-T X.660 – Supplement on Guidelines for using object identifiers (OID) for the Internet of Things Budapest, Hungary, 12 October 2015

  16. Special Session on collaboration between SG20 and SG17 on IoT Security Information from TSAG: No Recommendations, work items, or parts of Questions under responsibility of SG17 were transferred to SG20 at this time TSAG requested that a report on security and privacy would have to be submitted four weeks prior to the next TSAG meeting.Both ITU-T SG17 (Security) and ITU-T SG20, and possibly others, were invited to contribute to the report, taking into account activities being undertaken by external entities on these subjects SG17 is asked to contribute to a report (by end of 2015) on security and privacy for the next TSAG meeting in February 2016. Liaison statement to SG20:SG17 has already established effective principles for effective collaboration with SG13 on “Cloud Security”.These principles, and experience in working with SG13 can serve as a model not only for SG17 work on IoT security and privacy with SG20, but for enhanced collaboration between SG20 and other SGs in ITU-T Liaison officer from SG17 to SG20: Ms Adriane LaPointe (US) Creation of CG-IoTsec: co-conveners are SG20 and SG17 Chairmen Budapest, Hungary, 12 October 2015

  17. Thank You! Arkadiy Kremer ITU-T SG17 Chairman kremer@rans.ru Budapest, Hungary, 12 October 2015

More Related