ImageVerifierCode 换一换
格式:PDF , 页数:62 ,大小:327.91KB ,
资源ID:736352      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-736352.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 103 167-2011 Machine-to-Machine Communications (M2M) Threat analysis and counter-measures to M2M service layer (V1 1 1)《机器对机器通信(M2M) M2M业务层的威胁分析和对策(版本1 1 1)》.pdf)为本站会员(roleaisle130)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 103 167-2011 Machine-to-Machine Communications (M2M) Threat analysis and counter-measures to M2M service layer (V1 1 1)《机器对机器通信(M2M) M2M业务层的威胁分析和对策(版本1 1 1)》.pdf

1、 ETSI TR 103 167 V1.1.1 (2011-08)Technical Report Machine-to-Machine Communications (M2M);Threat analysis and counter-measures to M2M service layerETSI ETSI TR 103 167 V1.1.1 (2011-08)2Reference DTR/M2M-00012ed111 Keywords M2M, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FR

2、ANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may

3、be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF versi

4、on kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp I

5、f you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission. The copyright and the foregoing restriction extend to rep

6、roduction in all media. European Telecommunications Standards Institute 2011. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of t

7、he 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 103 167 V1.1.1 (2011-08)3Contents Intellectual Property Rights 6g3Foreword . 6g31 Scope 7g31.1 General . 7g31.2 Specific . 7g32 References 8g32.1 Normative references . 8g3

8、2.2 Informative references 8g33 Definitions and abbreviations . 8g33.1 Definitions 8g33.2 Abbreviations . 9g34 Methodology Used for Analysis of Threats and Risks . 10g35 System Architecture . 13g35.1 High-Level Architecture . 13g35.2 Layered Model for the M2M System . 14g36 Stakeholders . 15g37 Trus

9、t Model 15g38 Type 1 Threats, Specific to the M2M Service Layer and its Interfaces . 16g38.1 Threat 1: Discovery of Long-Term Service-Layer Keys Stored in M2M Devices or M2M Gateways 16g38.1.1 Description 16g38.1.2 Assessment of Risk . 16g38.1.3 Mitigation of Risk. 17g38.1.3.1 Potential Counter-Meas

10、ures 17g38.1.3.2 Responsibility for Counter-Measures 18g38.2 Threat 2: Deletion of Long-Term Service-Layer Keys Stored in M2M Devices or M2M Gateways 18g38.2.1 Description 18g38.2.2 Assessment of Risk . 19g38.2.3 Mitigation of Risk. 19g38.2.3.1 Potential Counter-Measures 19g38.2.3.2 Responsibility f

11、or Counter-Measures 20g38.3 Threat 3: Replacement of Long-Term Service-Layer Keys Stored in M2M Devices or M2M Gateways . 20g38.3.1 Description 20g38.3.2 Assessment of Risk . 20g38.3.3 Mitigation of Risk. 21g38.3.3.1 Potential Counter-Measures 21g38.3.3.2 Responsibility for Counter-Measures 21g38.4

12、Threat 4: Discovery of Long-Term Service-Layer Keys Stored in the SCs of the M2M Core 21g38.4.1 Description 21g38.4.2 Assessment of Risk . 22g38.4.3 Mitigation of Risk. 22g38.4.3.1 Potential Counter-Measures 22g38.4.3.2 Responsibility for Counter-Measures 23g38.5 Threat 5: Deletion of Long-Term Serv

13、ice-Layer Keys Stored in the SCs of an M2M Core 23g38.5.1 Description 23g38.5.2 Assessment of Risk . 23g38.5.3 Mitigation of Risk. 24g38.5.3.1 Potential Counter-Measures 24g38.5.3.2 Responsibility for Counter-Measures 24g38.6 Threat 6: Discovery of Long-Term Service-Layer Keys Stored in MSBF or MAS

14、. 24g38.6.1 Description 24g38.6.2 Assessment of Risk . 24g3ETSI ETSI TR 103 167 V1.1.1 (2011-08)48.6.3 Mitigation of Risk . 25g38.6.3.1 Potential Counter-Measures 25g38.6.3.2 Responsibility for Counter-Measures 25g38.7 Threat 7: Deletion of Long-Term Service-Layer Keys Stored in the MSBF/MAS 25g38.7

15、.1 Description 25g38.7.2 Assessment of Risk . 26g38.7.3 Mitigation of Risk. 26g38.7.3.1 Potential Counter-Measures 26g38.7.3.2 Responsibility for Counter-Measures 26g38.8 Threat 8: Discover Keys by Eavesdropping on Communications Between Entities 27g38.8.1 Description:. 27g38.8.2 Assessment of Risk

16、. 27g38.8.3 Mitigation of Risk. 28g38.8.3.1 Potential Counter-Measures 28g38.8.3.2 Responsibility for Counter-Measures 30g38.9 Threat 9: Modification of Data Stored in the M2M Service Capabilities . 30g38.9.1 Description:. 30g38.9.2 Assessment of Risk . 30g38.9.3 Mitigation of Risk. 31g38.9.3.1 Pote

17、ntial Counter-Measures 31g38.9.3.2 Responsibility for Counter-Measures 32g38.10 Threat 10: Provisioning of non-Legitimate Keys . 32g38.10.1 Description:. 32g38.10.2 Assessment of Risk . 32g38.10.3 Mitigation of Risk . 33g38.10.3.1 Potential Counter-Measures 33g38.10.3.2 Responsibility for Counter-Me

18、asures 33g38.11 Threat 11: Unauthorised or Corrupted Application and Service-Layer Software in M2M Devices/Gateways 33g38.11.1 Description 33g38.11.2 Assessment of Risk . 34g38.11.3 Mitigation of Risk . 34g38.11.3.1 Potential Counter-Measures 35g38.11.3.2 Responsibility for Counter-Measures 35g38.12

19、 Threat 12: Subverting the M2M Device/Gateway Integrity-Checking Procedures 35g38.12.1 Description 35g38.12.2 Assessment of Risk . 36g38.12.3 Mitigation of Risk . 36g38.12.4 Potential Counter-Measures 36g38.12.4.1 Responsibility for Counter-Measures 37g38.13 Threat 13: Unauthorised or Corrupted Soft

20、ware in M2M Core . 37g38.13.1 Description 37g38.13.2 Assessment of Risk . 37g38.13.3 Mitigation of Risk . 38g38.13.3.1 Potential Counter-Measures 38g38.13.3.2 Responsibility for Counter-Measures 38g38.14 Threat 14: Subverting the Integrity-Checking Procedures in the M2M Core . 38g38.14.1 Description

21、 38g38.14.2 Assessment of Risk . 39g38.14.3 Mitigation of Risk . 39g38.14.3.1 Potential Counter-Measures 39g38.14.3.2 Responsibility for Counter-Measures 40g38.15 Threat 15: General Eavesdropping on M2M Service-Layer Messaging Between Entities 40g38.15.1 Description 40g38.15.2 Assessment of Risk . 4

22、0g38.15.3 Mitigation of Risk . 41g38.15.3.1 Required Counter-Measures 41g38.15.3.2 Responsibility for Counter-Measures 41g38.16 Threat 16: Alteration of M2M Service-Layer Messaging Between Entities 41g38.16.1 Description 41g38.16.2 Assessment of Risk . 42g38.16.3 Mitigation of Risk . 42g3ETSI ETSI T

23、R 103 167 V1.1.1 (2011-08)58.16.3.1 Required Counter-Measures 43g38.16.3.2 Responsibility for Counter-Measures 43g38.17 Threat 17: Replay of M2M Service-Layer Messaging Between Entities . 43g38.17.1 Description 43g38.17.2 Assessment of Risk . 43g38.17.3 Mitigation of Risk . 44g38.17.3.1 Potential Co

24、unter-Measures 44g38.17.3.2 Responsibility for Counter-Measures 44g38.18 Threat 18: Breach of Privacy due to Inter-Application Communications 44g38.18.1 Description 44g38.18.2 Assessment of Risk . 45g38.18.3 Mitigation of Risk . 45g38.18.4 Potential Counter-Measures 46g38.18.5 Responsibility for Cou

25、nter-Measures . 46g38.19 Threat 19: Breach of Privacy due to Attacks on M2M Device/Gateway Service Capabilities 46g38.19.1 Description 46g38.19.2 Assessment of Risk . 46g38.19.3 Mitigation of Risk . 47g38.19.3.1 Potential Counter-Measures 47g38.19.3.2 Responsibility for Counter-Measures 47g39 Type 2

26、 Threats Affecting the M2M Functional Requirements 48g39.1 Threat 20: Discovery of M2M long-term service-layer keys from knowledge of access-network keys. . 48g39.1.1 Description 48g39.1.2 Assessment of Risk . 48g39.1.3 Mitigation of Risk. 49g39.1.3.1 Potential Counter-Measures 49g39.1.3.2 Responsib

27、ility for Counter-Measures 50g39.2 Threat 21: Transfer of Module Containing Access-Network keys and/or M2M long-term keys to a different terminal/Device/Gateway. . 50g39.2.1 Description 50g39.2.2 Assessment of Risk . 50g39.2.3 Mitigation of Risk. 51g39.2.3.1 Potential Counter-Measures 51g39.2.3.2 Re

28、sponsibility for Counter-Measures 52g310 Actions Recommended for ETSI TC M2M . 53g310.1 Assurance of Counter-Measures . 53g310.2 Recommended Mapping of Counter-Measures onto Architectural Features 56g3History 62g3ETSI ETSI TR 103 167 V1.1.1 (2011-08)6Intellectual Property Rights IPRs essential or po

29、tentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essenti

30、al, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can b

31、e given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Machine-to-Machine communicati

32、ons (M2M). The present document may be referenced by other TRs and Technical Standards (TS) developed by ETSI TC M2M. The present document is a TR and therefore, the content is informative. ETSI ETSI TR 103 167 V1.1.1 (2011-08)71 Scope 1.1 General Below are reproduced some of the terms of reference

33、concerning security handling in ETSI TC M2M i.1. “Requirements pertaining to detailed security analysis (such as the analysis of threats, risks and counter-measures) are within the scope of ETSI TC M2M. Wherever possible, detailed solution work based on other SDOs existing mechanisms shall be perfor

34、med by those SDOs, based on input which TC M2M may provide. Identified solution gaps which are not addressed by other SDOs can be handled in ETSI TC M2M. Security aspects which are part of the current architecture document shall remain with the current architecture document for the purpose of Releas

35、e 1, because of the tight integration needed to provide a solid basis for Release 1. Note: this requirement is intended to avoid the creation of separate security architecture specifications for Release 1“. 1.2 Specific Below are the terms of reference in the WI description i.2. In the present docum

36、ent, threats against M2M functional architecture, Service layer and interfaces are identified and analysed for impact and for likelihood. The need for countermeasures is determined. The threat analysis considers only the following two types of threat (with the following order of priority): 1) Type 1

37、 threats: threats that are specific to M2M service layer or interfaces for the service layer. 2) Type 2 threats: threats that may not be specific to M2M service layer but which have a significant impact upon M2M functional requirements. The level of risk (i.e. combined likelihood and impact) of iden

38、tified threats is also evaluated. As a result of that, there is a prioritisation of threats and therefore of countermeasures and security requirements. Concerning countermeasures identified in the present document, the scope includes: consideration of merits and demerits (i.e. pros and cons) of iden

39、tified countermeasures; evaluation of countermeasures to determine: 1) the need for a standardised solution/implementation, 2) availability of existing standardised solutions (e.g. from other SDOs), 3) the need for a new standardised solution (either from another SDO or from ETSI M2M). Additionally:

40、 Threats against, or originating from, any stakeholders may be considered. Countermeasures which are normal practice in IT systems (e.g. maintenance logs, firewalls) are out of scope. Content in the present document may lead to new requirements in future releases of TS 102 689 i.5 and normative text

41、 in TS 102 690 i.6. ETSI ETSI TR 103 167 V1.1.1 (2011-08)82 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version

42、of the reference document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI c

43、annot guarantee their long term validity. 2.1 Normative references The following referenced documents are necessary for the application of the present document. Not applicable. 2.2 Informative references The following referenced documents are not necessary for the application of the present document

44、 but they assist the user with regard to a particular subject area. i.1 Document M2M(10)0278r1: “Security Handling in ETSI TC M2M“. i.2 Work Item Description for WI00012. i.3 CPNI (Centre for the Protection of National Infrastructure) criteria. NOTE: See http:/www.cpni.gov.uk/. i.4 ETSI TS 102 165-1

45、: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Methods and protocols; Part 1: Method and proforma for Threat, Risk, Vulnerability Analysis“. i.5 ETSI TS 102 689 (V1.1.1): “Machine-to-Machine communications (M2M); M2M service requirements“. i.6 E

46、TSI TS 102 690: “Machine-to-Machine communications (M2M); M2M functional architecture“. i.7 ETSI TR 102 725: “Machine to Machine Communications (M2M); M2M definitions“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply

47、: NOTE: References have been included where definitions have been obtained from other sources. Where appropriate, additional text has been added in square brackets. asset: anything that has value to the stakeholder, its business operations and its continuity i.4 Device Lower Layer (DLL): component o

48、f the Lower Layer in a M2M Device Lower Layer (LL): allows DSCL, GSCL and NSCL Components to exchange data on behalf of applications, and perform other appropriate communication Gateway Lower Layer (GLL): component of the Lower Layer in a M2M Gateway ETSI ETSI TR 103 167 V1.1.1 (2011-08)9impact: res

49、ult of an unwanted information security incident, caused by a threat, which affects assets i.4 incident: event relevant to the analysed system M2M area network layer: provides the communication between DA/GA components and DSCL/GSCL components M2M service providers domain: domain which includes the Network Application Domain and any standardised systems under the control of the M2M Service Provider which interact with the M2M Service Capabilities M2M System: comprises Network Application Domain, M2M Devices Domain and any interfa

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1