6.4 Security Requirements
Table10: Security Requirements
| Requirement ID | Description | Release |
|---|---|---|
| SER-001 | The oneM2M System shall incorporate protection against threats to its availability such as Denial of Service attacks. | Partially Implemented in Rel-1 |
| SER-002 | The oneM2M System shall be able to ensure the Confidentiality of data. | Implemented in Rel-1 |
| SER-003 | The oneM2M System shall be able to ensure the Integrity of data. | Implemented in Rel-1 |
| SER-004 | In case where the M2M Devices support USIM/UICC and the Underlying Networks support network layer security, the oneM2M System shall be able to leverage device's USIM/UICC credentials and network's security capability e.g. 3GPP GBA for establishing the M2M Services and M2M Applications level security through interfaces to Underlying Network. | Implemented in Rel-1 |
| SER-005 | In case where the M2M Devices support USIM/UICC and the Underlying Networks support network layer security, and when the oneM2M System is aware of Underlying Network's bootstrapping capability e.g. 3GPP GBA, the oneM2M System shall be able to expose this capability to M2M Services and M2M Applications through API. | Implemented in Rel-1 |
| SER-006 | In case where the M2M Devices support USIM/UICC and the Underlying Networks support network layer security, the oneM2M System shall be able to leverage device's USIM/UICC Credentials when available to bootstrap M2M Security Association. | Implemented in Rel-1 |
| SER-007 | When some of the components of an M2M Solution are not available (e.g. WAN connection lost), the oneM2M System shall be able to support the Confidentiality and the Integrity of data between authorized components of the M2M Solution that are available. | Implemented in Rel-1 |
| SER-008 | The oneM2M System shall support countermeasures against unauthorized access to M2M Services and M2M Application Services. | Implemented in Rel-1 |
| SER-009 | The oneM2M System shall be able to support Mutual Authentication for interaction with Underlying Networks, M2M Services and M2M Application Services. | Implemented in Rel-1 |
| SER-010 | The oneM2M System shall be able to support mechanisms for protection against misuse, cloning, substitution or theft of security credentials. | Implemented in Rel-1 |
| SER-011 | The oneM2M System shall protect the use of the identity of an M2M Stakeholder within the oneM2M System against discovery and misuse by other stakeholders. | Implemented in Rel-1 |
| SER-012 | The oneM2M System shall be able to support countermeasures against Impersonation attacks and replay attacks. | Partially implemented in Rel-1 (see note 3) |
| SER-013 | The oneM2M System shall be able to provide the mechanism for integrity-checking on boot, periodically on run-time, and on software upgrades for software/hardware/firmware component(s) on M2M Device(s). | Not implemented |
| SER-014 | The oneM2M System shall be able to provide configuration data to an authenticated and authorized M2M Application in the M2M Gateway/Device. | Implemented in Rel-1 |
| SER-015 | The oneM2M System shall be able to support mechanisms to provide M2M Service Subscriber identity to authorized and authenticated M2M Applications when the oneM2M System has the M2M Service Subscriber's consent. | Partially implemented (see note 4) |
| SER-016 | The oneM2M System shall be able to support non repudiation within the M2M service layer and in its authorized interactions with the network and application layers. | Implemented in Rel-1 |
| SER-017 | The oneM2M System shall be able to mitigate threats identified in oneM2M TR0008 [i.3]. | Implemented in Rel-1 |
| SER-018 | The oneM2M System shall enable an M2M Stakeholder to use a resource or service and be accountable for that use without exposing its identity to other stakeholders. | Partially implemented |
| SER-019 | The oneM2M System shall be able to use service-level Credentials present inside the M2M Device for establishing the M2M Services and M2M Applications level security. | Implemented in Rel-1 |
| SER-020 | The oneM2M System shall enable legitimate M2M Service Providers to provision their own Credentials into the M2M Devices/Gateways. | Implemented in Rel-1 (see note 5) |
| SER-021 | The oneM2M System shall be able to remotely and securely provision M2M security Credentials in M2M Devices and/or M2M Gateways. | Implemented in Rel-1 (see note 5) |
| SER-022 | The oneM2M System shall enable M2M Application Service Providers to authorize interactions involving their M2M Applications on supporting entities (e.g. Devices/ Gateways/ Service infrastructure). | Implemented in Rel-1 |
| SER-023 | Where a Hardware Security Module (HSM) is supported, the oneM2M System shall be able to rely on the HSM to provide local security. | Partially implemented |
| SER-024 | The oneM2M System shall enable M2M Applications to use different and segregated security environments. | Partially implemented |
| SER-025 | The oneM2M System shall be able to prevent unauthorized M2M Stakeholders from identifying and/or observing the actions of other M2M Stakeholders in the oneM2M System, e.g. access to resources and services (see note 1). | Implemented in Rel-1 |
| SER-026 | The oneM2M System shall be able to provide mechanism for the protection of Confidentiality of the geographical location information (see note 2). | Implemented in Rel-1 |
| SER-027 See REQ-2015-0558R01 |
The M2M System shall support grouping of M2M Applications that have the same access control rights towards one specific resources, together so that access control validation can be performed by validating if the M2M Application is a member of certain group. | Implemented in Rel-2 |
| SER-028 See REQ-2015-0568R04 |
The oneM2M System shall enable security protocol end-points to protect portions of individual application-generated data so that intermediate entities (whether trusted or untrusted) forwarding the data are unable to access the protected portions of the data in clear text. | Implemented in Rel-2 |
| SER-029 See REQ-2015-0568R04 |
The oneM2M System shall enable security protocol end-points to protect portions of individual application-generated data so that security protocol end-points can detect modification, including modification by intermediate service layer entities (whether trusted or untrusted) forwarding the data. | Implemented in Rel-2 |
| SER-030 | The oneM2M System shall enable security protocol end-points to protect portions of individual oneM2M messages so that intermediate entities (whether trusted or untrusted) forwarding the messages are unable to access the protected portions of the messages in clear text. | Implemented in Rel-2 |
| SER-031 See REQ-2015-0569R03 |
The oneM2M System shall enable security protocol end-points to protect portions of individual oneM2M messages so that security protocol end-points can detect modification, including modification by intermediate service layer entities (whether trusted or untrusted) forwarding the messages. | Implemented in Rel-2 |
| SER-032 See REQ-2015-0569R03 |
The oneM2M System shall enable security protocol end-points to establish security sessions which are used for protecting portions of one or more oneM2M messages so that intermediate entities (whether trusted or untrusted) forwarding the messages are unable to access the protected portions of the messages in clear text. | Implemented in Rel-2 |
| SER-033 See REQ-2015-0569R03 |
The oneM2M System shall enable security protocol end-points to establish security sessions which are used for protecting portions of one or more oneM2M messages so that security protocol end-points can detect modification, including modification by intermediate service layer entities (whether trusted or untrusted) forwarding the messages. | Implemented in Rel-2 |
| SER-034 See REQ-2015-0575R01 |
The oneM2M System shall enable security protocol end-points to protect portions of messages or data so that intermediate entities (whether trusted or untrusted) forwarding the messages or data are unable to access the protected portions of messages or data in clear text. | Partially Implemented |
| SER-035 See REQ-2015-0575R01 |
The oneM2M System shall enable security protocol end-points to protect portions of messages or data so that security protocol end-points can detect modification, including modification by intermediate service layer entities (whether trusted or untrusted) forwarding the messages or data. | Partially Implemented |
| SER-036 See REQ-2015-0575R01 |
The oneM2M System shall enable security protocol end-points to authenticate each other without relying on intermediate service layer entities (whether trusted or untrusted). | Implemented in Rel-2 |
| SER-037 See SEC-2015-0515R02 |
The oneM2M System shall be able to support distributed authorization functions for making access control decisions, providing Access Control Policies and providing authorization attributes (e.g. roles). | Partially Implemented |
| SER-038 See SEC-2015-0515R02 |
The oneM2M System shall be able to expose an interoperable interface to provide Access Control Policies by means of specified access control policy language. | Not implemented |
| SER-039 See SEC-2015-0515R02 |
The oneM2M System shall enable individuals to establish policies for controlling access to their personal identifiable information even when it may have been collected without their knowledge. | Implemented in Rel-2 |
| SER-040 See SEC-2015-0517R05 |
When the M2M Devices are grouped and the M2M Gateway is authorized as the delegate of the group to access the M2M Server, the M2M Gateway shall be able to, perform Mutual Authentication with the M2M Server, on behalf of the M2M Devices in thegroup | Not Implemented |
| SER-041 See SEC-2015-0517R05 |
When the M2M Devices are grouped and the M2M Gateway belongs to a third party, oneM2M System shall be able to protect Security and Privacy of communication between individual M2M Device and M2M Server from other M2M devices and the third party M2M Gateway. | Implemented in Rel-2 |
| SER-042 See SEC-2015-0522R02 |
A secured API shall enable application and service layer entities to make use of sensitive functions and data residing within the Secure Environment, independently of the technical implementation of the Secure Environment. | Not Implemented |
| SER-043 See REQ-2015-0590R01 |
The oneM2M System shall enable authorizing a oneM2M entity to temporarily delegate its access rights (or a subset thereof) to another authorized oneM2M entity, wherein the dynamically delegated access rights shall not enable the "delegated-to" oneM2M entity to delegate the same rights in turn to a third oneM2M entity. | Not Implemented |
| SER-044 See REQ-2015-0591R04 |
For M2M Application Service data, that are processed by an M2M Application B in a M2M entity (e.g. M2M Gateway) on its path from an originator A to the recipient M2M Application C, the oneM2M System shall provide means that enable the recipient to verify both: integrity of the data received by the M2M Application B from the originator A; and, at the same time: that the M2M Application B that has processed the data has not been compromised. |
Not Implemented |
| SER-045 See REQ-2015-0604R02 |
The oneM2M System shall support classification of application data by M2M Applications into various security levels that are specified by oneM2M and support the mapping of these levels to applicable security capabilities. | Not Implemented |
| SER-046 See REQ-2015-0605R04 |
The oneM2M System shall enable to protect portions of individual application generated data that is at-rest (e.g. hosted data) for integrity protection and data creator Authentication. | Implemented in Rel-2 |
| SER-047 See REQ-2015-0605R04 |
The oneM2M System shall enable to protect portions of individual application data at-rest (e.g. hosted data) for confidentiality protection. | Implemented in Rel-2 |
| SER-048 See REQ-2015-0605R04 |
The oneM2M System shall ensure that the end-to-end data Credentials are protected for Confidentiality, integrity and against tampering. | Implemented in Rel-2 |
| SER-049 See REQ-2015-0605R04 |
The oneM2M System shall ensure that the end-to-end data Credentials are protected from exposure to intermediate entities. | Implemented in Rel-2 |
| SER-050 See REQ-2015-0620 |
The oneM2M System shall enable pre-defined conditions to be protected from unauthorized modification. | Implemented in Rel-2 |
| SER-051 See REQ-2015-0620 |
The oneM2M System shall enable the deletion of M2M data produced/stored by the M2M Devices/Gateways based on request from an authorized entity. | Implemented in Rel-2 |
| SER-052 See REQ-2015-0621R01 |
The oneM2M System shall store and process privacy preferences in an interoperable manner. | Implemented in Rel-2 |
| SER-053 See REQ-2015-0621R01 |
The oneM2M System shall support privacy profiles at various levels to care for conditions of legal requirements, manufacturers, and data subjects. | Implemented in Rel-2 |
| SER-054 See REQ-2015-0621R01 |
The oneM2M System shall be able to prioritize privacy profiles where there is a conflict between profiles (legal profile takes priority over data subject profile, for example). | Implemented in Rel-2 |
| SER-055 See REQ-2015-0623R01 |
The oneM2M System shall be able to support configuration of security related settings of its infrastructure side components by a privileged user through standardized API. | Not implemented |
| SER-056 See REQ-2015-0623R01 |
The oneM2M System shall allow overriding of security settings by a privileged User through standardized API. | Not implemented |
| SER-057 See REQ-2015-0623R01 |
The oneM2M System shall support a mechanism enabling addition/deletion of information enabling authentication of oneM2M entities through standardized API. | Not implemented |
| SER-058 See REQ-2015-0627R02 |
The oneM2M System shall enable delegation of security functions (e.g. message authentication/integrity protection) of an entity to a trust-worthy entity. | Implemented in Rel-2 |
| SER-059 See REQ-2015-0628R01 |
The oneM2M System shall protect the authenticity, Integrity, and Confidentiality of the representation of the delegated access rights. | Implemented in Rel-2 |
| SER-060 See REQ-2015-0628R01 |
The oneM2M System shall be able to revoke the representation of the delegated access rights. | Implemented in Rel-2 |
| SER-061 See 0585R01- App-ID Requirements |
The oneM2M System shall be able to verify the App-ID to support the detection of impersonation or to support revocation. | Not implemented |
| SER-062 See REQ-2016-0056R01 |
The oneM2M System shall be able to reuse the privacy policy of the Underlying Network. | Not implemented |
| SER-063 See REQ-2016-0056R01 |
The oneM2M System shall be able to share its privacy policy with the Underlying Network. | Not implemented |
| SER-064 See REQ-2017-0005R03 |
The M2M Devices shall provide a mechanism to prevent installation or modification of the software/middleware/firmware which run on the M2M Devices, unless it is authorized by an allowed stakeholder. | Implemented in Release 3? |
| SER-065 See REQ-2017-0005R03 |
The oneM2M System shall be able to detect installation or modification of the software/middleware/firmware of M2M Devices that has not been authorized by an allowed stakeholder. | Implemented in Release 3? |
| SER-066 See REQ-2017-0005R03 |
The oneM2M System shall enable allowed stakeholders to restrict or prevent operation of M2M devices using software/middleware/firmware that the stakeholders did not authorize. | Implemented in Release 3? |
| SER-067 See REQ-2017-0005R03 |
The oneM2M System shall be able to prevent malfunction of M2M Devices caused by receiving unsolicited messages or information. | Implemented in Release 3? |
| SER-068 See REQ-2017-0030R05 |
The information exchanged within the oneM2M System shall use cryptographic technology to ensure information authentication and information integrity. | Implemented in Rel-2 |
| SER-069 See REQ-2017-0030R05 |
The oneM2M System shall be able to securely transfer information by using an appropriate method such as digital signature. | Implemented in Rel-2 |
| SER-070 See REQ-2017-0030R05 |
The oneM2M System shall be able to support security mechanisms to protect cryptographic keys and cryptographic operations by using tamper resistant elements such as TPM (Trusted Platform Module), HSM (Hardware Security Module) and SIM (Subscriber Identity Module). | Partially Implemented Note 7 |
| SER-071 See REQ-2017-0030R05 |
The oneM2M System shall be able to support processing and granting of requests based on access rights of a resource if the required conditions are met | Implemented in Rel-1 |
| SER-072 See REQ-2017-0030R05 |
The oneM2M System shall provide privacy protection mechanisms at the central server. | Implemented in Rel-2 |
| SER-073 See REQ-2017-0031R05 |
The oneM2M system shall be able to support authentication using device key and the integrity check ofM2M Device(s). | Rel-3? |
| SER-074 See REQ-2017-0031R05 |
The oneM2M system shall be able to support anonymization of the t information being provided, when requested by M2M Applications.. | Rel-3/ future releases? |
| SER-075 See REQ-2017-0031R05 |
The oneM2M System shall apply appropriate security levels for Applications that can have safety impacts (e.g. protection from malicious attacks) | Rel-3/ future releases? |
| SER-076 See REQ-2018-0001 |
The oneM2M System shall be able to provide a framework for end-to-end authentication of user applications to the M2M vendor's specific nodes (non oneM2M). | |
| SER-077 See REQ-2018-0021R03 |
The oneM2M System shall be able to authenticate metadata (e.g. Firmware version, Manufacturer ID, HW version) from field devices (e.g. located behind a gateway). | |
| SER-078 See REQ-2018-0021R03 |
The oneM2M System shall be able to trigger the secure (e.g. authenticity, integrity, and confidentiality protected) Firmware/Software update of field devices. | |
| SER-079 See ARC-2018-0062 |
The oneM2M System shall support access control and authorization mechanisms based on M2M Service Subscriber and M2M Service User identification. | Rel-4 |
| SER-080 See ARC-2018-0062 |
The oneM2M System shall support M2M Service Subscriber and M2M Service User profiles specifying their restrictions (e.g. privacy restrictions, max number and/or types of applications and devices the M2M Service Subscriber and its authorized M2M Service Users are allowed to register to the M2M System, the maximum number of resources or bytes of data that the M2M Service Subscriber can store in the M2M System, etc.) and their default configurations (e.g. access control policies, expiration times, max number of content instances, etc.). | Rel-4 |
| SER-081 See ARC--2018-0062 |
The oneM2M System shall support access control and authorization mechanisms based on M2M Service Subscriber and M2M Service User identification. | |
| SER-082 See ARC--2018-0062 |
The oneM2M System shall support M2M Service Subscriber and M2M Service User profiles specifying their restrictions (e.g. privacy restrictions, max number and/or types of applications and devices the M2M Service Subscriber and its authorized M2M Service Users are allowed to register to the M2M System, the maximum number of resources or bytes of data that the M2M Service Subscriber can store in the M2M System, etc.) and their default configurations (e.g. access control policies, expiration times, max number of content instances, etc.). | |
| SER-083 See RDM-2019-0054R01 |
The oneM2M System shall support access control and authorization mechanisms for the M2M Service Subscriber or M2M Service User information, based on dynamic parameters (e.g. on/off duty time schedule, location, role or job position etc.). | Rel-4 |
| SER-084 See RDM-2019-0054R01 |
The oneM2M System shall be able to access M2M Service Subscriber information or M2M Service User information based on dynamic parameters (e.g. on/off duty time schedule, location, role or job position, etc.) from M2M Applications. | Rel-4 |
NOTE 1: The above requirement does not cover items outside of the oneM2M System, e.g. Underlying Networks.
NOTE 2: Geographical location information can be more than simply longitude and latitude.
NOTE 3: Partly supported for Impersonation attacks not supported for Replay attacks.
NOTE 4: The oneM2M System has no means to verify a subscriber's consent. This requirement is only fulfillable at application level.
NOTE 5: Regarding remote provisioning, Release 1 supports remote provisioning of symmetric key credentials only.
NOTE6: An M2M device may include e.g. firmware managed by an OEM vendor, middleware managed by a service provider and software managed by an application provider. The entity managing a software piece is designed as "allowed stakeholder" in the requirements above.
NOTE 7: Support for SIM is supported in Release 1 and Release 2.