Doc# 81926499
Liaison Statement
L IA ISON S TATEMENT
Title:*
LS on security framework for Internet of Things
Source:*
ITU-T Study Group 17
Date:*
2015-04-23
To:*
oneM2M
Copy to:
N/A
In response to:
JCA-IoT LS 22
Send replies to:*
Martin Euchner ([email protected])
List of attachments:
Template Version:23 February 2015 (Dot not modify)
© 2017 oneM2M Partners
Page 1 (of 7)
Doc# 81926499
Liaison Statement
INTERNATIONAL TELECOMMUNICATION UNION
COM 17 – LS 191 – E
TELECOMMUNICATION
STANDARDIZATION SECTOR
English only
STUDY PERIOD 2013-2016
Question(s):
Original: English
6/17
Geneva, 8 - 17 April 2015
Ref.: TD 1747 Rev.2
Source:
ITU-T Study Group 17
Title:
LS/r on security framework for Internet of Things (reply to JCA-IoT LS 22)
LIAISON STATEMENT
For action to:
For comment to:
ITU-T SG13
For information to: ETSI TC ITS WG2, 3GPP SA3, ISO/IEC JTC 1/SC 27 SG on IoT, JCA-IoT,
GSMA, oneM2M
Approval:
ITU-T Study Group 17 meeting (17 April 2015)
Deadline:
1 September 2015
Contact:
Jonghyun Baek
Rapporteur of ITU-T Question 6/17
Tel: +82 2 405 6540
Fax: +82 2 405 5219
E-mail: [email protected]
ITU-T Study Group 17, Security, in its Question 6/17, Security aspects of ubiquitous
telecommunication services, is pleased to inform you that we agreed to establish a new work
item draft Recommendation ITU-T X.iotsec-2, security framework for Internet of Thing, at
our April 2015 SG17 meeting (see Annex 1).
This work item is to analyse security threats and challenges in the Internet of Things
environment and to describe security capabilities that could mitigate these threats and address
security challenges.
We are kindly seeking your comments on draft Rec. ITU-T X.iotsec-2 (see Annex 2), and to
provide us with information about relevant documents.
Further, we would like to continue communication and cooperation with you.
© 2017 oneM2M Partners
Page 2 (of 7)
Doc# 81926499
Liaison Statement
Annex 1 – ITU-T Rec. A.1 justification for draft new Recommendation X.iotsec-2
Question: 6/17
Proposed new ITU-T Recommendation
8-17 April, 2015
Reference
X.iotsec-2, Security framework for Internet of Things
and title:
Base text: Annex 2
Editor(s):
Heung Youl Youm, Korea (Republic of),
[email protected];
Xia Junjie, China Unicom, [email protected]
Timing:
Approval
process:
2018-02
TAP
Scope (defines the intent or object of the Recommendation and the aspects covered, thereby indicating
the limits of its applicability):
This Recommendation describes the security framework for Internet of Things.
The Recommendation analyses security threats and challenges in the Internet of Things environment,
and describes security capabilities that could mitigate these threats and address security challenges. A
framework methodology is provided for determining which of these security capabilities will require
specification for mitigating security threats and addressing security challenges for Internet of Things .
Summary (provides a brief overview of the purpose and contents of the Recommendation, thus
permitting readers to judge its usefulness for their work):
The recent advancement of Internet of Things technology has facilitated the implementation of a lowcost, low-power network and devices. Basically, a typical IoT deployment will consist of sensorequipped edge devices on a wired or wireless network sending data via a gateway to a public or private
cloud. Aspects of the topology will vary broadly from application to application; for example, in some
cases the gateway may be on the device. Devices based on such topologies may be built from the
ground up to leverage IoT or may be legacy devices that will have IoT capabilities added postdeployment.
This Recommendation describes the security framework for Internet of Things. The Recommendation
analyses security threats and challenges the Internet of Things environment, and describes security
capabilities that could mitigate these threats and address security challenges. A framework
methodology is provided for determining which of these security capabilities will require specification
for mitigating security threats and addressing security challenges for Internet of Things.
Relations to ITU-T Recommendations or to other standards (approved or under development):
Recommendation ITU-T Y.2060, Overview of the Internet of things
Recommendation ITU-T Y.2063, Framework of the web of things
Recommendation ITU-T Y.2066, Common requirements of the Internet of things
Recommendation ITU-T Y.2069, Terms and definitions for the Internet of things
Liaisons with other study groups or with other standards bodies:
ISO/IEC JTC 1/SC27
Supporting members that are committing to contributing actively to the work item:
China, China Unicom, ETRI, KISA, Korea (Republic of), Uganda, ZTE.
© 2017 oneM2M Partners
Page 3 (of 7)
Doc# 81926499
Liaison Statement
Annex 2: Draft Recommendation ITU-T X.iotsec-2
Security framework for Internet of Things
1
Scope
This Recommendation describes the security framework for Internet of Things.
The Recommendation analyses security threats and challenges in the Internet of Things
environment, and describes security capabilities that could mitigate these threats and address
security challenges. A framework methodology is provided for determining which of these
security capabilities will require specification for mitigating security threats and addressing
security challenges for Internet of Things.
2
References
The following ITU-T Recommendation and other references contain provisions which,
through reference in this text, constitute provisions of this Recommendation. At the time of
publication, the editions indicated were valid. All Recommendations and other references are
subject to revision; users of this Recommendation are therefore encouraged to investigate the
possibility of applying the most recent edition of the Recommendations and other references
listed below. A list of the currently valid ITU-T Recommendations is published regularly.
A reference to a document within this Recommendation does not give it, as a stand-alone
document, the status of a Recommendation.
[ITU-T Y.2063] Recommendation ITU-T Y.2063, Framework of the web of things
[ITU-T Y.2066] Recommendation ITU-T Y.2066, Common requirements of the Internet of
things
3
Terms and Definitions
3.1
Terms defined elsewhere
This Recommendation uses the following terms defined elsewhere:
3.1.1 authentication [b-NIST-SP-800-53]: Verification of the identity of a user, process, or
device, often as a prerequisite to allowing access to resources in an information
system.
3.1.2 capability [b-ISO/IEC 19440]: Quality of being able to perform a given activity.
3.2
Terms defined in this Recommendation
This Recommendation defines the following terms:
3.2.1 Internet of Things (IoT) [ITU-T Y.2060]: A global infrastructure for the information
society enabling advanced services by interconnecting (physical and virtual) things
based on existing and evolving, interoperable information and communication
technologies.
NOTE 1 (from [ITU-T Y.2060]) – From a broad perspective, the IoT can be perceived as a
vision with technological and societal implications.
NOTE 2 (from [ITU-T Y.2060]) – Through the exploitation of identification, data capture,
processing and communication capabilities, the IoT makes full use of things to offer services
© 2017 oneM2M Partners
Page 4 (of 7)
Doc# 81926499
Liaison Statement
to all kinds of applications, whilst ensuring that security and privacy requirements are
fulfilled.
4
Abbreviations and acronyms
This Recommendation uses the following abbreviations and acronyms:
IoT
Internet of Things
5
Conventions
This Recommendation uses the following conventions:
6
Overview
The Internet of Things (IoT) is defined as A global infrastructure for the information society
enabling advanced services by interconnecting (physical and virtual) things based on existing
and evolving, interoperable information and communication technologies.
Basically, a typical IoT deployment will consist of sensor-equipped edge devices on a wired
or wireless network sending data via a gateway to a public or private cloud. Aspects of the
topology will vary broadly from application to application; for example, in some cases the
gateway may be on the device. Devices based on such topologies may be built from the
ground up to leverage IoT or may be legacy devices that will have IoT capabilities added
post-deployment.
The Recommendation will be developed based on the general topology for Internet of Things
shown in Figure-1.
Figure -1 - Functional architecture
7 Security threats for Internet of Things
7.1
Security threats for sensor/devices
7.2
Security threats for network
7.3
Security threats for platform/services
8 Security capabilities for Internet of Things
8.1
Security capabilities for sensor/devices
© 2017 oneM2M Partners
Page 5 (of 7)
Doc# 81926499
Liaison Statement
8.2
Security capabilities for network
8.3
Security capabilities for platform/services
© 2017 oneM2M Partners
Page 6 (of 7)
Doc# 81926499
Liaison Statement
Bibliography
[b-NIST SP 800-53] NIST Special Publication 800-53, Security and Privacy Controls for
Federal Information Systems and Organizations
[b-ITU-T X.1310 | ISO/IEC 29180] ITU-T X.1310 | ISO/IEC 29180, Information technology
—Security framework for ubiquitous sensor networks
[b-ITU-T ITU-T Y.2060] Recommendation ITU-T Y.2060, Overview of the Internet of things
[b-ITU-T ITU-T Y.2069] Recommendation ITU-T Y.2069, Terms and definitions for the
Internet of things
_________________
© 2017 oneM2M Partners
Page 7 (of 7)