1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1311 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (02/2011) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Ubiquitous sensor network security Information technology Se
2、curity framework for ubiquitous sensor networks Recommendation ITU-T X.1311 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.
3、400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security ma
4、nagement X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170
5、X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Ove
6、rview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details,
7、 please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1311 (02/2011) i INTERNATIONAL STANDARD ISO/IEC 29180 RECOMMENDATION ITU-T X.1311 Information technology Security framework for ubiquitous sensor networks Summary The recent advancement of wireless-based communication technology and el
8、ectronics has facilitated the implementation of a low-cost, low-power sensor network. Basically, a ubiquitous sensor network (USN) consists of three parts: a sensor network consisting of a large number of sensor nodes, a base station (also known as a gateway) interfacing between the sensor network a
9、nd an application server, and the application server controlling the sensor node in the sensor network or collecting the sensed information from the sensor nodes in the sensor network. Recommendation ITU-T X.1311 | ISO/IEC 29180 describes the security threats to and security requirements of the ubiq
10、uitous sensor network. In addition, this Recommendation | International Standard categorizes the security technologies according to the security functions that satisfy the said security requirements and where the security technologies are applied in the security model of the ubiquitous sensor networ
11、k. Finally, the security functional requirements and security technologies for the ubiquitous sensor networks are presented. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1311 2011-02-13 17 Keywords Authenticated broadcast group-wise key, message, node-to-node authentication, pair-
12、wise key establishment, secure data aggregation, security framework for ubiquitous sensor networks, sensor node security. ii Rec. ITU-T X.1311 (02/2011) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommu-nications, information
13、and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide
14、basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Re
15、solution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administrati
16、on and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions
17、are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the p
18、ossibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of t
19、he Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest inf
20、ormation and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2011 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1311 (02/2011) iii CONTENTS Pa
21、ge 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations | International Standards 1 2.2 Paired Recommendations | International Standards equivalent in technical content . 1 2.3 Additional references 1 3 Definitions 2 3.1 Terms defined elsewhere . 2 3.2 Terms defined in this Recommendatio
22、n | International Standard 2 4 Abbreviations . 3 5 Conventions 4 6 Overview 4 7 Threats and security models for ubiquitous sensor networks . 7 7.1 Threat models in sensor networks . 7 7.2 Threat models in IP networks 10 7.3 Security model for USNs 10 8 General security dimensions for USN 10 9 Securi
23、ty dimensions and threats in ubiquitous sensor networks . 11 9.1 Security dimensions and threats for the message exchange in sensor networks . 11 9.2 Security dimension and threats for the message exchange in the IP network . 14 10 Security techniques for ubiquitous sensor networks . 14 10.1 Key man
24、agement . 14 10.2 Authenticated broadcast 15 10.3 Secure data aggregation 16 10.4 Data freshness . 17 10.5 Tamper-resistant module . 17 10.6 USN middleware security . 17 10.7 IP network security . 17 10.8 Sensor node authentication 18 10.9 Privacy protection in sensor networks . 18 11 Specific secur
25、ity functional requirements for USN 18 11.1 Mandatory functional requirement 18 11.2 Recommended functional specifications . 18 11.3 Optional functional specifications . 18 Annex A Key management in sensor networks 20 A.1 Threat time 20 A.2 Key management classes . 20 A.3 Key schemes 21 Annex B Auth
26、enticated broadcast in sensor networks: TPC 23 B.1 Construction of TPC . 23 B.2 Construction of TPCT . 24 B.3 Authenticated broadcast 25 Annex C Authentication mechanisms in sensor networks 26 C.1 XOR-based mechanism . 26 C.2 Hash-based mechanism . 27 C.3 Public key-based authentication 29 Annex D S
27、ecure data aggregation in sensor networks 32 D.1 Elect aggregation node and supervisor 32 D.2 Implementation of supervisor functions 33 D.3 Upload supervising message . 33 D.4 Determine the trust of aggregation nodes 33 iv Rec. ITU-T X.1311 (02/2011) Page D.5 Send revocation message 33 Bibliography
28、34 Rec. ITU-T X.1311 (02/2011) v Introduction This Recommendation | International Standard describes the security threats to and security requirements of the ubiquitous sensor network. In addition, this Recommendation | International Standard categorizes the security technologies according to the se
29、curity functions that satisfy the said security requirements and where the security technologies are applied in the security model of ubiquitous sensor networks. Finally, the security functional requirements and security technologies for the ubiquitous sensor networks are presented. ISO/IEC 29180:20
30、12 (E) Rec. ITU-T X.1311 (02/2011) 1 INTERNATIONAL STANDARD RECOMMENDATION ITU-T Information technology Security framework for ubiquitous sensor networks 1 Scope The recent advancement of wireless-based communication technology and electronics has facilitated the implementation of a low-cost, low-po
31、wer sensor network. Basically, a ubiquitous sensor network (USN) consists of three parts: a sensor network consisting of a large number of sensor nodes, a base station (also known as a gateway) interfacing between the sensor networks and an application server, and the application server controlling
32、the sensor node in the sensor network or collecting the sensed information from the sensor nodes in the sensor network. USN can be an intelligent information infrastructure of advanced e-Life society, which delivers user-oriented information and provides knowledge services to anyone anytime, anywher
33、e and wherein information and knowledge are developed using context awareness by detecting, storing, processing, and integrating the situational and environmental information gathered from sensor tags and/or sensor nodes affixed to anything. Since there are many security and privacy threats in trans
34、ferring and storing information in the USN, appropriate security mechanisms may be needed to protect against those threats in the USN. This Recommendation | International Standard describes the security threats to and security requirements of the ubiquitous sensor network. In addition, this Recommen
35、dation | International Standard categorizes the security technologies according to the security functions that satisfy the said security requirements and where the security technologies are applied in the security model of the USN. Finally, the security requirements and security technologies for the
36、 USN are presented. 2 Normative references The following Recommendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated were valid. All Rec
37、ommendations and Standards are subject to revision, and parties to agreements based on this Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain reg
38、isters of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations | International Standards None. 2.2 Paired Recommendations | International Standards equivalent in techn
39、ical content Recommendation ITU-T X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ISO/IEC 7498-2:1989, Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture. Recommendation ITU-T X.805 (2003), Secu
40、rity architecture for systems providing end-to-end communications. ISO/IEC 18028-2:2006, Information technology Security techniques IT network security Part 2: Network security architecture. 2.3 Additional references Recommendation ITU-T H.235.0 (2005), H.323 security: Framework for security in H-se
41、ries (H.323 and other H.245-based) multimedia systems. Recommendation ITU-T X.1111 (2007), Framework of security technologies for home network. Recommendation ITU-T X.1191 (2009), Functional requirements and architecture for IPTV security aspects. ISO/IEC 29180:2012 (E) 2 Rec. ITU-T X.1311 (02/2011)
42、 Recommendation ITU-T Y.2221 (2010), Requirements for support of ubiquitous sensor network (USN) applications and services in the NGN environment. Recommendation ITU-T Y.2701 (2007), Security requirements for NGN release 1. FIPS PUB 140-2 (2001), Security Requirements for Cryptographic Modules. 3 De
43、finitions 3.1 Terms defined elsewhere This Recommendation | International Standard uses the following terms defined elsewhere: 3.1.1 Terms from FIPS PUB 140-2 a) key transport b) tamper detection c) tamper evidence d) tamper response. 3.1.2 Terms from Rec. ITU-T Y.2221 a) sensor b) sensor network c)
44、 USN middleware d) ubiquitous sensor network (USN). 3.1.3 Terms from Rec. ITU-T H.235.0 a) attack. 3.1.4 Terms from Rec. ITU-T X.1191 a) tamper-resistant. 3.1.5 Terms from Rec. ITU-T X.800 | ISO/IEC 7498-2 This Recommendation | International Standard uses the following terms, which are defined elsew
45、here: a) access control b) authentication c) authorization d) confidentiality e) data origin authentication f) denial of service g) digital signature h) integrity i) key j) key management k) peer-entity authentication l) privacy m) repudiation n) security policy o) threat. 3.2 Terms defined in this
46、Recommendation | International Standard For the purposes of this Recommendation | International Standard, the following definitions apply: 3.2.1 aggregator node: Sensor node that performs the data aggregation function in a sensor network. ISO/IEC 29180:2012 (E) Rec. ITU-T X.1311 (02/2011) 3 3.2.2 bo
47、otstrapping: Refers to a process performed in a secure context prior to the deployment of the sensor node to establish a security association between the sensor nodes that may have been initialized with credentials, enabling a sensor node to communicate securely with other sensor nodes after their d
48、eployment. 3.2.3 credentials: Set of security-related information consisting of keys, keying materials, and cryptographic algorithm-related parameters permitting a successful interaction with a security system. 3.2.4 data aggregation: In-network process that transfers the aggregation value to the si
49、nk node by combining the sensed values sent by a number of sensor nodes into concise digest. 3.2.5 group-wise key: Refers to a key that is used to protect multicast communications among a set of sensor nodes over a shared wireless link. 3.2.6 intrusion detection: Process of monitoring the events occurring in a computer system or a network and analysing them for intrusions. 3.2.7 key agreement: A key establishment procedure (either manual or electronic) where the resultant key is a
