1、 International Telecommunication Union ITU-T X.1312TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (02/2011) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Ubiquitous sensor network security Security framework for ubiquitous sensor networks Recommen
2、dation ITU-T X.1312 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM
3、ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE
4、 APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cy
5、bersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state e
6、xchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. Rec.
7、ITU-T X.1312 (02/2011) i Recommendation ITU-T X.1312 Security framework for ubiquitous sensor networks Summary Recommendation ITU-T X.1312 provides guidelines for ubiquitous sensor networks (USN) middleware security. It analyses security threats on USN middleware and defines security requirements. H
8、istory Edition Recommendation Approval Study Group 1.0 ITU-T X.1312 2011-02-13 17 ii Rec. ITU-T X.1312 (02/2011) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). Th
9、e ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standa
10、rdization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information
11、technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Com
12、pliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other
13、obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implemen
14、tation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. A
15、s of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urge
16、d to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2011 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1312 (02/2011) iii Table of Contents Page 1 Scope 1 2 References. 1 3
17、Definitions 1 3.1 Terms defined elsewhere 1 4 Abbreviations 2 5 Overview of USN middleware security 2 5.1 USN middleware for applications 3 5.2 USN middleware for sensor networks 4 5.3 USN middleware system 4 6 Security threats to USN middleware 4 6.1 System security threats . 4 6.2 Security threats
18、 on data 5 6.3 Security threats on communication 6 7 Security requirements for USN middleware. 7 7.1 Security requirements for the system . 7 7.2 Security requirements for data 8 7.3 Security requirements for communication . 8 8 Guidelines for USN middleware security . 9 8.1 Middleware system securi
19、ty . 10 8.2 Access control 10 8.3 Stored data protection . 11 8.4 Transmission/receipt data security . 11 8.5 Secure channel 12 Rec. ITU-T X.1312 (02/2011) 1 Recommendation ITU-T X.1312 Security framework for ubiquitous sensor networks 1 Scope This Recommendation provides guidelines for USN middlewa
20、re security and also covers the following: overview of USN middleware security; the functional model of USN middleware; security threats on USN middleware; security requirements for USN middleware; guidelines for USN middleware security. 2 References The following ITU-T Recommendations and other ref
21、erences contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to in
22、vestigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the
23、status of a Recommendation. ITU-T F.744 Recommendation ITU-T F.744 (2009), Service description and requirements for ubiquitous sensor network middleware. ITU-T X.1311 Recommendation ITU-T X.1311 (2011) | ISO/IEC 29180:2011, Information technology Security framework for ubiquitous sensor network. ITU
24、-T Y.2201 Recommendation ITU-T Y.2201 (2009), Requirements and capabilities for ITU-T NGN. ITU-T Y.2221 Recommendation ITU-T Y.2221 (2010), Requirements for support of ubiquitous sensor network (USN) applications and services in the NGN environment. 3 Definitions 3.1 Terms defined elsewhere This Rec
25、ommendation uses the following terms defined elsewhere: 3.1.1 open application interface ITU-T F.744: An interface used by USN applications to access USN middleware. 3.1.2 processed data ITU-T F.744: Data that are processed from raw sensed data by sensor network or USN middleware. 3.1.3 sensed data
26、ITU-T F.744: Data sensed by a sensor that is attached to a specific sensor node. 3.1.4 sensor ITU-T Y.2221: An electronic device that senses a physical condition or chemical compound and delivers an electronic signal proportional to the observed characteristic. 2 Rec. ITU-T X.1312 (02/2011) 3.1.5 se
27、nsor network ITU-T Y.2221: A network comprised of interconnected sensor nodes exchanging sensed data by wired or wireless communication. 3.1.6 sensor network common interface ITU-T F.744: An interface used between USN middleware and a sensor network/radio frequency identification (RFID) reader. 3.1.
28、7 sensor network metadata ITU-T F.744: Information about a sensor network, such as description of the sensor network, sensor node identifier, supported sensor type, the number of attached sensors for each sensor node, and the number of sensor nodes connected to the specific sensor network, etc. 3.1.
29、8 sensor network metadata directory service ITU-T F.744: A directory service that provides sensor network metadata. 3.1.9 sensor node ITU-T Y.2221: A device consisting of sensor(s) and optional actuator(s) with capabilities of sensed data processing and networking. 3.1.10 ubiquitous sensor network (
30、USN) ITU-T Y.2221: A conceptual network built over existing physical networks which make use of sensed data and provide knowledge services to anyone, anywhere and at anytime, and where the information is generated by using context awareness. 3.1.11 USN middleware ITU-T Y.2221: A set of logical funct
31、ions to support USN applications and services. 4 Abbreviations This Recommendation uses the following abbreviations and acronyms: API Application Programming Interface DDoS Distributed Denial of Service DoS Denial of Service RFID Radio Frequency Identification SN Sensor Network USN Ubiquitous Sensor
32、 Network WSN Wireless Sensor Network 5 Overview of USN middleware security USN middleware is an intermediate entity that provides the functions commonly required by different types of USN applications and services. USN middleware receives requests from USN applications, and delivers those requests t
33、o the appropriate sensor networks. Similarly, USN middleware receives sensed data or processed data from sensor networks and delivers them to appropriate USN applications. USN middleware can provide information processing functions such as query processing, context-aware processing, event processing
34、, sensor network monitoring and the like ITU-T F.744. This means that all the data involved in USN services pass through USN middleware. For this reason, an attack on USN middleware can cause serious damage such as service disruption, misuse, system failure, and more. Rec. ITU-T X.1312 (02/2011) 3 I
35、n the USN service environment where USN middleware works, there are three main elements: the USN application, the USN middleware and the sensor network. In this environment, the USN application utilizes the sensed data and/or activates some actuators, and the sensor network produces sensed data and
36、controls actuators. The USN middleware provides functions commonly required by different USN applications and services over the shared sensor networks ITU-T F.744. Figure 1 Functional model of USN middleware As shown in Figure 1, USN middleware provides five functions: open application interface pro
37、cessing, basic functions, advanced functions, sensor network common interface processing and security service. Of these functions, this Recommendation focuses on security service. Security service in USN middleware is approached from the following three perspectives. 5.1 USN middleware for applicati
38、ons Applications use USN middleware to control sensor networks and collect sensing information from the sensor networks connected to the USN middleware. Applications send queries to USN middleware to acquire raw sensing value and/or processed information. Information is integrated and derived from r
39、aw sensing data from a (or multiple) sensor network(s). The USN middleware interprets application requests and sends requests to various sensor networks in ways that are comprehensible by each sensor network. Multiple applications can share the sensing information through USN middleware. USN middlew
40、are can provide raw sensing value from sensor networks. In addition, USN middleware integrates several raw sensing values from different sensor networks, and, even more, provides processed information from several sensing values and legacy data. Furthermore, USN middleware can derive processed infor
41、mation from raw sensing data, historical data and legacy data using mining technology, context-aware technology, and event processing technology. 4 Rec. ITU-T X.1312 (02/2011) An application can control sensor networks that are connected to USN middleware. The application may activate/deactivate som
42、e kinds of actuators, change the sensor networks topology, or even dynamically change applications running on a sensor node. Usually, a sensor network is powered by batteries. Furthermore, the devices required for a sensor network, such as sensor node, sink node, and gateway, are not cheap. For this
43、 reason, applications have to manage sensor networks in a cost-effective way. 5.2 USN middleware for sensor networks Sensor networks use USN middleware to provide sensing values to the applications. A sensor network provides its sensing value as response to a request, or without an explicit request.
44、 Usually, a sensor network is used for environmental surveillance. From a USN middleware viewpoint, sensor networks are information providers. Sensing information flowing into USN middleware is flowing into several applications. Therefore, the authenticity of sensing information is very crucial to t
45、he USN middleware and the USN application. 5.3 USN middleware system USN middleware is used to provide a logical link between a USN application and a sensor network, and plays a pivotal role in data processing for USN service. Also, it manages a variety of sensor networks and supports many USN appli
46、cations. In this situation, if security challenges occur in USN middleware, serious damage will be caused, and confidence in the USN service will be lost. For this reason, USN middleware security should be considered as a design point of USN middleware and securely maintained. 6 Security threats to
47、USN middleware USN middleware is located between the USN application and the sensor network in the USN service model. It processes sensing data from the sensor network, and sends the processed information to the appropriate application. Therefore, attacks on USN middleware cause USN service disrupti
48、on, misuse, system failure, and so on. The following clause examines USN middleware security threats by analysing potential attacks related to USN middleware. USN middleware security threats can be divided into three groups according to the target: device, data and network. 6.1 System security threa
49、ts As stated earlier, USN middleware plays an important role in USN service. For this reason, if USN middleware is compromised by an attack, the USN service may be completely disrupted. Accordingly, this clause defines security threats that can occur on USN middleware as a system. 6.1.1 Unauthorized USN middleware access Unauthorized USN middleware access by a USN application. This security threat occurs when an unregistered USN application tries to access USN middleware. An attacker can us
