1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1314 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (11/2014) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Ubiquitous sensor network security Security requirements and
2、 framework of ubiquitous networking Recommendation ITU-T X.1314 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIR
3、ECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1
4、050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV
5、security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cyb
6、ersecurity X.1500X.1519 Vulnerability/state exchange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 CLOUD COMPUTING SECURITY Overvie
7、w of cloud computing security X.1600X.1601 Cloud computing security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computing security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For further details, please refer to the list o
8、f ITU-T Recommendations. Rec. ITU-T X.1314 (11/2014) i Recommendation ITU-T X.1314 Security requirements and framework of ubiquitous networking Summary Recommendation ITU-T X.1314 provides a high-level security framework for ubiquitous networking, analyses security threats and defines the security r
9、equirements to mitigate these threats in ubiquitous networking environment. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X.1314 2014-11-13 17 11.1002/1000/12345 Keywords Object, security framework, security requirement, security threats, ubiquitous networking. _ * To acce
10、ss the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T X.1314 (11/2014) FOREWORD The International Telecommunication Union (ITU) is the Unite
11、d Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommenda
12、tions on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The appro
13、val of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administrati
14、on“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and complianc
15、e with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is re
16、quired of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intelle
17、ctual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. H
18、owever, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2015 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the
19、 prior written permission of ITU. Rec. ITU-T X.1314 (11/2014) iii Table of Contents Page 1 Scope . 1 2 References . 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 2 4 Abbreviations and acronyms 2 5 Conventions 4 6 High-level security framework for ubiquito
20、us networking 4 7 Security threats and requirements . 6 7.1 Service and transport security domain . 6 7.2 End-user security domain . 9 7.3 UN application security domain . 11 7.4 Other network security domains . 14 7.5 End-to-end connectivity security domain . 14 7.6 Interface security domain . 15 A
21、ppendix I Security framework progress from other SDOs. 16 I.1 3GPP M2M security framework (b-3GPP TR33.868) . 16 I.2 oneM2M security framework (b-oneM2M-TS-0003) 17 Bibliography. 21 iv Rec. ITU-T X.1314 (11/2014) Introduction The ETSI Board 69 meeting approved to establish a machine-to-machine (M2M)
22、 Technical Committee (TC) in October 2009. ETSI TC M2M has the following responsibilities: to collect and specify M2M requirements from relevant stakeholders; to develop and maintain an end-to-end overall high level architecture for M2M; to identify gaps where existing standards do not fulfil the re
23、quirements and provide specifications and standards to fill these gaps, where existing standards bodies or groups are unable to do so; to provide the ETSI main centre of expertise in the area of M2M; to co-ordinate ETSIs M2M activity with that of other standardization groups and forums. 3GPP has ini
24、tiated a series of study items on machine-to-machine communications. 3GPP network improvements for machine type communications will be studied. The objectives of these work items are to: identify and specify general requirements for machine type communications; identify service aspects where network
25、 improvements (compared to the current human-to-human (H2H) oriented services) are needed to cater for the specific nature of machine type communications; specify machine type communication requirements for these service aspects where network improvements are needed for machine type communication; s
26、tudy the architecture aspects based on the above requirements. ITU-T Study Group 13 approved Recommendation ITU-T Y.2002 on 29 October 2009. ITU-T Y.2002 provides an overview of ubiquitous networking and of its support in next-generation networks (NGNs). The security considerations of ubiquitous net
27、working were addressed as follows: Basic considerations on the security architecture for NGN are addressed in b-ITU-T Y.2001, while the security requirements of NGN are described in b-ITU-T Y.2701. Concerning the specifics of ubiquitous networking, the various kinds of terminals, devices and content
28、s that can be involved will have to conform to the security requirements of the network they are willing to attach to. When attaching to NGN, the corresponding authentication and authorization requirements are described in ITU-T Y.2702. Objects involved in ubiquitous networking have their own identi
29、ties and are interconnected involving more interactions throughout a dynamic and heterogeneous environment. Accordingly, security as well as the design of the security architecture for a secure information discovery and delivery to users, including persons and objects, is very crucial. Security meas
30、ures should take into account, for all use, cases that rely upon NGN capabilities but which are in line with the guidelines and principles for ubiquitous networking. ITU-T Question 6/17 has standardized the security of ubiquitous sensor network (USN). Recommendations ITU-T X.1311, ITU-T X.1312, and
31、ITU-T X.1313 respectively deal with the different security issues of USN: Rec. ITU-T X.1314 (11/2014) v Recommendation ITU-T X.1311 | ISO/IEC 29180, Information technology Security framework for ubiquitous sensor networks, describes security threats to and security requirements of the USN. In additi
32、on, this Recommendation categorizes security technologies according to the security functions that satisfy the said security requirements and where the security technologies are applied in the security model of the USN. Finally, b-ITU-T X.1311 presents the security functional requirements and securi
33、ty technologies. Recommendation ITU-T X.1312, Ubiquitous sensor network middleware security guidelines, provides guidelines for USN middleware security. It analyses security threats on USN middleware and defines security requirements. Recommendation ITU-T X.1313, Secure routing mechanisms for wirele
34、ss sensor network, provides the security requirements for wireless sensor network routing. It explains the general network topologies and routing protocols in USNs. In addition, this Recommendation analyses the security threats facing wireless sensor networks. Ubiquitous networking anticipates a com
35、prehensive and complex system in the future. Meanwhile, some important issues for ubiquitous telecommunication are already being developed by the major standards development organizations (SDOs). Security is one of the most important issues for ubiquitous networking. Security requirements and measur
36、ements to 3GPP network, USN and M2M service layer have already been studied among 3GPP, ITU-T and ETSI. However, there are limited discussions on security of ubiquitous networking so far. Therefore, more detailed security requirements to ubiquitous networking supported by NGN should be researched, a
37、nd its security architecture should be provided based on the architectural model for ubiquitous networking in ITU-T Y.2002. Rec. ITU-T X.1314 (11/2014) 1 Recommendation ITU-T X.1314 Security requirements and framework of ubiquitous networking 1 Scope This Recommendation provides a high-level securit
38、y framework for ubiquitous networking. This framework is divided into security domains, which include an analysis of security threats. High-level security requirements then are derived based on this analysis. 2 References The following ITU-T Recommendations and other references contain provisions wh
39、ich, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of
40、applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. I
41、TU-T Y.2002 Recommendation ITU-T Y.2002 (2009), Overview of ubiquitous networking and of its support in NGN. ITU-T Y.2702 Recommendation ITU-T Y.2702 (2008), Authentication and authorization requirements for NGN release 1. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the follow
42、ing terms defined elsewhere: 3.1.1 next generation network (NGN) b-ITU-T Y.2001: A packet-based network able to provide telecommunication services and able to make use of multiple broadband, QoS-enabled transport technologies and in which service-related functions are independent from underlying tra
43、nsport-related technologies. It enables unfettered access for users to networks and to competing service providers and/or services of their choice. It supports generalized mobility which will allow consistent and ubiquitous provision of services to users. 3.1.2 object b-ITU-T Q.1300: An intrinsic re
44、presentation of an entity that is described at an appropriate level of abstraction in terms of its attributes and functions. NOTE 1 b-ITU-T Y.2002 An object is characterized by its behaviour. An object is distinct from any other object. An object interacts with its environment including other object
45、s at its interaction points. An object is informally said to perform functions and offer services (an object which makes a function available is said to offer a service). For modelling purposes, these functions and services are specified in terms of the behaviour of the object and of its interfaces.
46、 An object can perform more than one function. A function can be performed by the cooperation of several objects. See b-ITU-T X.902 for further information. NOTE 2 b-ITU-T Y.2002 Objects include terminal devices (e.g., used by a person to access the network such as mobile phones, personal computers,
47、 etc.), remote monitoring devices (e.g., cameras, sensors, etc.), information devices (e.g., content delivery server), products, contents, and resources. 3.1.3 security domain b-ITU-T X.810: A set of elements, a security policy, a security authority and a set of security-relevant activities in which
48、 the set of elements are subject to the security policy for the specified activities, and the security policy is administered by the security authority for the security domain. 2 Rec. ITU-T X.1314 (11/2014) 3.1.4 threat b-ISO/IEC 27000: Potential cause of an unwanted incident, which may result in ha
49、rm to a system or organisation. 3.1.5 ubiquitous networking ITU-T Y.2002: The ability for persons and/or devices to access services and communicate while minimizing technical restrictions regarding where, when and how these services are accessed, in the context of the service(s) subscribed to. 3.1.6 ubiquitous sensor network (USN) b-ITU-T Y.2221: A conceptual network built over existing physical networks which makes use of sensed data and provi
