* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Security considerations for M2M - IEEE 802 LAN/MAN Standards
Cross-site scripting wikipedia , lookup
Information security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Access control wikipedia , lookup
Authentication wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Security-focused operating system wikipedia , lookup
Network tap wikipedia , lookup
Cyberwarfare wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Mobile security wikipedia , lookup
Cyberterrorism wikipedia , lookup
Computer security wikipedia , lookup
Security considerations for M2M IEEE 802.16 Presentation Submission Template (Rev. 9) Document Number: IEEE 802.16ppc-10/0037 Date Submitted: 2010-07-09 Source: Eldad Zeira, Alex Reznik E-mail: [email protected] InterDigital Communications Corp. Venue: Session #68, San Diego Base Contribution: None Purpose: To be discussed and adopted by 802.16 Project Planning Committee / 802.16p Notice: This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.16. Patent Policy: The contributor is familiar with the IEEE-SA Patent Policy and Procedures: <http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>. Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat >. • M2M networks are more vulnerable to security threats than traditional networks – … and handle highly critical missions • Network attacks can lead to false situational awareness, loss of privacy, and even become physical attacks – Compromised by physical or remote reconfiguration or impersonation • SR recognizes this issue and recommends that it is in scope of the M2M PAR 7/7/2017 2 • M2M devices handle highly critical missions while being… – deployed in highly distributed networks – provisioned in the field and managed over the air – operated without human supervision • M2M networks and applications are vulnerable to: – – – – Misleading reports Network (denial of service) attacks Loss of privacy Cyber attacks can become physical attacks • The awareness of an attack is in itself an important security related information 7/7/2017 3 Security susceptibilities of M2M use cases Susceptibility M2M use case Misleading reports Network attacks (particularly for WAN) Secured access, surveillance , remote maintenance False situational awareness DoS attacks prevent obtaining of situational awareness Tracking, tracing & recovery False location reports Prevents timely tracking Public safety Similar to security , especially if acts of terrorism are considered Smart grid 7/7/2017 Cyber attacks become physical attacks Transmission of information to unauthorized parties Payment Health Care Data privacy False situational awareness Prevents awareness of emergency conditions Prevention of timely control requires unavailable electrical resources Transmission of information to unauthorized parties Malicious control can have serious health implications Malicious control can cause lasting damage to grid 4 The vulnerabilities, more precisely… • • • • Physical Attacks such as insertion of valid authentication tokens into a manipulated device, inserting and/or booting with fraudulent or modified software (“re-flashing”), and environmental/side-channel attacks, both before and after in-field deployment. Compromise of Credentials comprising brute force attacks on tokens and (weak) authentication algorithms, physical intrusion, or side-channel attacks, as well as malicious cloning of authentication tokens residing on the device. Configuration Attacks such as fraudulent software update/configuration changes, misconfiguration by the owner, subscriber or user, mis-configuration or compromise of the access control policies. Attacks on the Network. These are the main threats to the network operator: Impersonation of devices, traffic tunneling between impersonated devices, misconfiguration of the firewall in the modem/router/gateways, Denial of Service (DoS) attacks against the core network. They may also include changing the device’s authorized physical location in an unauthorized fashion or attacks on the radio access network, using a rogue device. 7/7/2017 5 Security requirements in SR (0002r7, sec. 4.7) • 802.16 security functions, including integrity protection and the confidentiality for M2M service traffic shall be supported for M2M devices. Expected use cases for WAN M2M systems make them vulnerable to security threats in the form of physical or remote attacks on hardware, software / firmware, compromise of credentials, configuration and network attacks (e.g., denial of service). • WAN M2M system should support appropriate level of authentication for the M2M device or M2M gateway to provide secure access to the authorized M2M devices. The system should support verification and validation of the exchanged data 7/7/2017 6 What do we need to do? • 5.7 Security (from SR) – Enhanced security may require changes to the network entry/re-entry procedure. • No other standardized changes in MAC / PHY are required 7/7/2017 7 Proposed modification to M2M PAR scope • This amendment specifies IEEE Std 802.16 medium access control (MAC) enhancements and minimal OFDMA PHY modifications to provide functionalities for efficient Machine to Machine communication. Enhancements are lower power consumption at the subscriber station, support by the base station of significantly larger numbers of devices, enhanced access priority, time-tolerant/controlled operation, improved device authentication at network entry and efficient support for small burst transmissions. This amendment provides continuing support for WirelessMANAdvanced Air Interface and legacy WirelessMANOFDMA equipment. 7/7/2017 8