ImageVerifierCode 换一换
格式:PDF , 页数:78 ,大小:1.10MB ,
资源ID:736523      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-736523.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ETSI TR 118 512-2016 oneM2M End-to-End Security and Group Authentication (V2 0 0 oneM2M TR-0012 version 2 0 0)《oneM2M(物联网协议联盟) 端对端安全和组身份验证(V2 0 0 oneM2M TR-0012 版本2 0 0)》.pdf)为本站会员(boatfragile160)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ETSI TR 118 512-2016 oneM2M End-to-End Security and Group Authentication (V2 0 0 oneM2M TR-0012 version 2 0 0)《oneM2M(物联网协议联盟) 端对端安全和组身份验证(V2 0 0 oneM2M TR-0012 版本2 0 0)》.pdf

1、 ETSI TR 118 512 V2.0.0 (2016-09) oneM2M; End-to-End Security and Group Authentication (oneM2M TR-0012 version 2.0.0) TECHNICAL REPORT ETSI ETSI TR 118 512 V2.0.0 (2016-09) 2(oneM2M TR-0012 version 2.0.0) Reference DTR/oneM2M-000012 Keywords IoT, M2M, security ETSI 650 Route des Lucioles F-06921 Sop

2、hia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice The present document can be downloaded from: http:/www.etsi.org/standards-search The p

3、resent document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such ve

4、rsions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the

5、 current status of this and other ETSI documents is available at https:/portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https:/portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification

6、No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the

7、foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2016. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE are Trade Marks of ETSI registered for

8、the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 118 512 V2.0.0 (2016-09) 3(oneM2M TR-0012 version 2.0.0) Contents Intellectual Property Rights 7g3Foreword . 7g31 Scope 8g32 References 8

9、g32.1 Normative references . 8g32.2 Informative references 8g33 Definitions, symbols and abbreviations . 10g33.1 Definitions 10g33.2 Symbols 11g33.3 Abbreviations . 11g34 Conventions 12g35 Use Cases . 12g35.1 Use Case of End-to-End Authentication in Key Distribution . 12g35.1.1 Description 12g35.1.2

10、 Actors 12g35.1.3 Pre-conditions . 13g35.1.4 Normal Flow . 13g35.1.5 Potential requirements 13g35.2 Use Case of Static Group Authentication (Smart Meter Reading) . 14g35.2.1 Description 14g35.2.2 Actors 14g35.2.3 Pre-conditions . 14g35.2.4 Normal flow 14g35.2.5 Potential requirements 15g35.3 Use Cas

11、e of Dynamic Group Authentication (Remote Vehicle Management) 15g35.3.1 Description 15g35.3.2 Actors 15g35.3.3 Pre-conditions . 15g35.3.4 Normal Flow . 15g35.3.5 Potential requirements 16g35.3.5.1 Static group potential requirements . 16g35.3.5.2 Dynamic group potential requirements . 16g35.4 Use Ca

12、se for Secure Group Communication 16g35.4.1 Description 16g35.4.2 Actors 16g35.4.3 Pre-conditions . 17g35.4.4 Normal Flow . 17g35.4.5 Potential requirements 17g35.5 Use case of End-to-End Authentication . 18g35.5.1 Description 18g35.5.2 Actors 18g35.5.3 Pre-Conditions 18g35.5.4 Normal Flow . 18g35.5

13、.5 Potential Requirements . 19g35.6 Use case of End-to-End Message Authentication using Delegated Means 19g35.6.1 Description 19g35.6.2 Actors 19g35.6.3 Pre-Conditions 20g35.6.4 Normal Flow . 20g35.6.5 Potential Requirements . 20g35.7 Use case of End-to-End Data Integrity . 21g35.7.1 Description 21g

14、35.7.2 Actors 21g35.7.3 Pre-Conditions 21g3ETSI ETSI TR 118 512 V2.0.0 (2016-09) 4(oneM2M TR-0012 version 2.0.0) 5.7.4 Normal Flow . 22g35.7.5 Potential Requirements . 22g35.8 Use case for providing security adaptation at each hop 23g35.8.1 Description 23g35.8.2 Actors 23g35.8.3 Pre-conditions . 24g

15、35.8.4 Normal Flow . 24g35.8.5 Potential Requirements . 24g36 Candidate Architecture . 24g36.1 Group Authentication Architecture Proposal . 24g36.1.1 Architecture of Static Group Authentication 24g36.1.1.0 Introduction . 24g36.1.1.1 Nodes 25g36.1.1.2 Reference Points . 25g36.1.2 Group Authentication

16、 Requirements 25g36.2 End-to-End Security Framework (ESF) Proposal 1 . 26g36.2.0 Overview 26g36.2.1 End-to-End Security Framework Introduction 26g36.2.2 ESF Security Layer High Level Architecture . 28g36.2.2.1 ESF Security Layer Overview. 28g36.2.2.2 ESF Security Layer Requirements 28g36.2.2.2.0 Ove

17、rview . 28g36.2.2.2.1 Generic Requirements for the ESF Security Layer 29g36.2.2.2.1.1 Generic ESF Security Layer Macro-Considerations 29g36.2.2.2.1.2 Generic ESF Payload Security Requirements 29g36.2.2.2.1.3 Generic ESF Key Establishment Requirements . 29g36.2.2.2.1.4 Generic ESF Facilitation Requir

18、ements . 30g36.2.2.2.1.5 Generic ESF Envelope Serialization Requirements . 30g36.2.2.2.2 ESF-S1 Requirements . 31g36.2.2.2.2.1 ESF-S1 Macro-Considerations 31g36.2.2.2.2.2 ESF-S1 Payload Security Requirements 31g36.2.2.2.2.3 ESF-S1 Key Establishment Requirements . 31g36.2.2.2.2.4 ESF-S1-Specific ESF

19、Facilitation Requirements . 32g36.2.2.2.2.5 ESF-S1 Envelope Serialization Requirements . 33g36.2.2.2.3 ESF-Sm Requirements 33g36.2.2.2.3.1 ESF-Sm Macro-Considerations . 33g36.2.2.2.3.2 ESF-Sm Payload Security Requirements . 33g36.2.2.2.3.3 ESF-Sm Key Establishment Requirements 34g36.2.2.2.3.4 ESF-Sm

20、-Specific ESF Facilitation Requirements 34g36.2.2.2.3.5 ESF-Sm Envelope Requirements . 35g36.2.2.3 ESF-S1 Processing flow 35g36.2.2.4 ESF-Sm Processing Flow 38g36.2.3 ESF Preparation Layer and ESF Integration Layer Processing 39g36.2.3.1 ESF Specifications for ESF Target Data Class 1 39g36.2.3.1.1 P

21、rofile for ESF Target Data Class 1 39g36.2.3.1.2 ESF Target Data Class 1 Processing at the Sending EEP 39g36.2.3.1.3 ESF Target Data Class 1 Processing at the Receiving EEP . 40g36.2.3.2 ESF Specifications for ESF Target Data Class 2 40g36.2.3.2.1 Profile for ESF Target Data Class 2 40g36.2.3.2.2 ES

22、F Target Data Class 2 Processing at the Sending EEP 40g36.2.3.2.3 ESF Target Data Class 2 Processing at the Receiving EEP . 41g36.2.3.3 ESF Specifications for ESF Target Data Class 3 42g36.2.3.3.1 Profile for ESF Target Data Class 3 42g36.2.3.3.2 ESF Target Data Class 3 Processing at the Sending EEP

23、 42g36.2.3.3.3 ESF Target Data Class 3 Processing at the Receiving EEP . 43g37 Available Options . 44g37.1 Review of Existing Technology . 44g37.1.1 Review of Object-Based Security Technology . 44g37.1.1.1 Introduction to Object-Based Security Technology 44g37.1.1.2 Secure/Multipurpose Internet Mail

24、 Extensions (S/MIME) . 45g3ETSI ETSI TR 118 512 V2.0.0 (2016-09) 5(oneM2M TR-0012 version 2.0.0) 7.1.1.2.1 High Level Description of S/MIME 45g37.1.1.2.2 Considerations regarding of S/MIME . 46g37.1.1.2.2.1 CoAP identification of S/MIME media types 46g37.1.1.2.2.2 Formatting, Parsing and Canonicaliz

25、ation Complexity for S/MIME . 46g37.1.1.3 OpenPGP . 46g37.1.1.3.1 High Level Description of OpenPGP 46g37.1.1.3.2 Considerations for OpenPGP . 46g37.1.1.3.2.1 CoAP identification of the OpenPGP media type 46g37.1.1.3.2.2 Formatting, Parsing and Canonicalization Complexity for OpenPGP . 46g37.1.1.4 X

26、ML Security . 47g37.1.1.4.1 High Level Description of XML Security . 47g37.1.1.4.2 Considerations for XML Security . 47g37.1.1.4.2.1 CoAP identification of the XML Security media type . 47g37.1.1.4.2.2 Formatting, Parsing and Canonicalization Complexity for XML Security 47g37.1.1.4.2.3 Canonicalizat

27、ion and XML Security 48g37.1.1.5 JSON Security . 48g37.1.1.5.1 High Level Description of JSON Security 48g37.1.1.5.2 Considerations for JSON Security . 48g37.1.1.5.2.1 CoAP identification of the JSON Security media type 48g37.1.1.5.2.2 Formatting, Parsing and Canonicalization Complexity for JSON Sec

28、urity . 48g37.2 Group Authentication . 49g37.2.1 Group Authentication Solution 1 49g37.3 A Solution for providing security of data “at-rest“ . 52g37.3.1 General procedure for hosting and accessing secure data . 52g37.3.2 Bootstrapped procedure for providing data security . 54g37.3.2.1 Overall Descri

29、ption . 54g37.3.2.2 Detailed Description 54g37.4 A Solution for providing End-to-End Message Authentication using Symmetric Key 60g37.4.1 End-to-End Security Credential(s) Generation Process 60g37.4.1.1 Overall Description . 60g37.4.1.2 Detailed Description 60g37.5 Proposal for determining detailed

30、Security Requirements, Features and associated Algorithms . 63g37.5.1 Security Determination Process 63g37.5.1.1 Overall Description . 63g37.5.1.2 Detailed Description 63g38 Release 2 End-to-End Security and Rationale 65g38.1 Overview of Release 2 End-to-End Security Features . 65g38.2 Release 2 End

31、-to-End Security of Data (ESData) 65g38.2.1 End-to-End Security of Data (ESData) Overview 65g38.2.2 End-to-End Security of Data (ESData) Functional Architecture 65g38.3 Release 2 End-to-End Security of Primitives (ESPrim) . 67g38.3.1 End-to-End Security of Primitives (ESPrim) Overview . 67g38.3.2 En

32、d-to-End Security of Primitives (ESPrim) Functional Architecture . 67g38.4 Release 2 End-to-End Security Certificate-based Key Establishment (ESCertKE) . 68g38.4.1 End-to-End Security Certificate-based Key Establishment (ESCertKE) Overview . 68g38.4.2 End-to-End Security Certificate-based Key Establ

33、ishment (ESCertKE) Functional Architecture . 68g38.5 Release 2 MAF Security Framework . 69g38.5.1 MAF Security Framework Overview . 69g38.5.2 MAF Security Framework Functional Architecture . 70g38.6 Changes to Release 1 Features in Release 2 . 71g38.6.1 Changes to Remote Security Provisioning Framew

34、orks (RSPFs) 71g38.6.2 Changes to Security Association Establishment Frameworks (SAEFs) . 71g39 Conclusions and recommendations 71g3Annex A: Problem Statement for needing End-to-End Data Security . 72g3A.1 Introduction 72g3Annex B: Use case for remote attestation . 75g3B.1 Description . 75g3ETSI ETS

35、I TR 118 512 V2.0.0 (2016-09) 6(oneM2M TR-0012 version 2.0.0) B.2 Actors . 75g3B.3 Pre-conditions . 76g3B.4 Normal flow . 76g3B.5 Potential requirements 76g3Annex C: Bibliography 77g3History 78g3ETSI ETSI TR 118 512 V2.0.0 (2016-09) 7(oneM2M TR-0012 version 2.0.0) Intellectual Property Rights IPRs e

36、ssential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or poten

37、tially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (https:/ipr.etsi.org/). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No

38、 guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Partnership Project oneM2M (oneM2M

39、). ETSI ETSI TR 118 512 V2.0.0 (2016-09) 8(oneM2M TR-0012 version 2.0.0) 1 Scope The present document provides options and analyses for the security features and mechanisms providing end-to-end security and group authentication for oneM2M. The scope of this technical report includes use cases, threa

40、t analyses, high level architecture, generic requirements, available options, evaluation of options, and detailed procedures for executing end-to-end security and group authentication. 2 References 2.1 Normative references References are either specific (identified by date of publication and/or edit

41、ion number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including any amendments) applies. Referenced documents which are not found to be publicly available in the expected loc

42、ation might be found at https:/docbox.etsi.org/Reference/. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are necessary for the application of the present document. Not appli

43、cable. 2.2 Informative references References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the referenced document (including

44、 any amendments) applies. NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee their long term validity. The following referenced documents are not necessary for the application of the present document but they assist the user with regard to

45、 a particular subject area. i.1 ETSI TS 118 111: “oneM2M; Common Terminology (oneM2M TS-0011)“. i.2 W3C Recommendation: “Canonical XML Version 1.0“, 2001. NOTE: Available at http:/www.w3.org/TR/xml-c14n. i.3 IETF RFC 7165: “Use Cases and Requirements for JSON Object Signing and Encryption (JOSE)“. i

46、.4 IETF RFC 5166: “An Interface and Algorithms for Authenticated Encryption“, 2008. i.5 oneM2M drafting rules. NOTE: Available at http:/www.onem2m.org/images/files/oneM2M-Drafting-Rules.pdf. i.6 ETSI TS 118 101: “oneM2M; Functional Architecture (oneM2M TS-0001)“. i.7 ETSI TS 118 102: “oneM2M; Requir

47、ements (oneM2M TS-0002)“. i.8 ETSI TS 118 103: “oneM2M; Security solutions (oneM2M TS-0003)“. i.9 ETSI TS 118 104: “oneM2M; Service Layer Core Protocol Specification (oneM2M TS-0004)“. ETSI ETSI TR 118 512 V2.0.0 (2016-09) 9(oneM2M TR-0012 version 2.0.0) i.10 W3C Recommendation “XML Signature Syntax

48、 and Processing v1.1“, 2013. NOTE: Available at http:/www.w3.org/TR/xmldsig-core1/. i.11 W3C Recommendation: “XML Encryption Syntax and Processing v1.1“, 2013. NOTE: Available at http:/www.w3.org/TR/xmlenc-core1/. i.12 IETF RFC 5246: “The Transport Layer Security (TLS) Protocol Version 1.2“. i.13 IE

49、TF RFC 6347: “Datagram Transport Layer Security Version 1.2“. i.14 IETF RFC 4648: “The Base16, Base32, and Base64 Data Encodings“. i.15 IETF RFC 4301: “Security Architecture for the Internet Protocol“, 2005. i.16 IETF RFC 4880: “OpenPGP Message Format“, 2007. i.17 IETF RFC 5751: “Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification“, 2010. i.18 Ferguson, Niels Unicode Normalization Forms“, Unicode 5.1.0, March 2008. NOTE: Available at http:/www.unicode.org. i.45 IETF RFC 2014: “HMAC: Keyed-Hashing f

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1