Delivery in day(s): 4
Network Technologies - M2M Communication Proof Reading Services
M2M communication technology is one of the most growing fields in present age but brings lot of challenges related to security which are not being addressed by the traditional communication channels. Since M2M communication devices comes with low cost, unguarded and works over distributed channel so it is difficult to manage security systems in these devices. There are several challenges which are still unattended for these devices and present paper would tend to look into various threats related with M2M communication devices. Present paper would explore the various threats related with M2M technology, use cases for M2M technology, TRE application for subscription management and development of trust environment in order to safeguard against possible security threats.
Machine to machine (M2M) communication technology is used to communicate with similar device through wireless and wired system. M2M communication process is an integral part of the Internet of things (IoT) and there are lots of benefits sought by businesses through M2M. Some of the key applications for M2M communication process would include smart citizen, health, defense, industrial automation and logistics etc. In present technological age internet protocol version 6 (IPV6) would be required so that large space required by the IoT can be accommodated. Success of M2M as an integral part of IoT would largely depend upon the adoption of IPV6 in coming time (Leicher et al, 2009).
There are several challenges offered by M2M communication technology along with the key benefits. The major issue faced with the M2M communication technology is security feature which has not been addressed by traditional machines till date. Since machine to machine technology and wireless devices networking come with the feature of mass deployment, low cost and unguarded so they invite range of threats in relation with the security of these devices. The security threats prevailing in the M2M technology can’t be completely addressed by the use of security systems deployed in these devices.
The aim of present paper is to explore the field of M2M communication in order to provide their overview. Use case would be developed in order to provide the key application of M2M communication technology in fields such as metering, traffic cameras, vending machines and cargo tracking etc. Further security threats pertaining to M2M would be discussed along with concept of trusted environment so as to deal with the threats pertaining to M2M. Security and trust development for M2M communication would be developed through validation process. Finally, present paper would look into the TRE application to subscription management in order to present the deep analysis of security threats in M2M communication technology.
II. M2M Communication and Security
M2M communication devices are considered as the next frontiers in wireless communication field but security in M2M communication is a point of big concern for all its stakeholders. Due to low cost of M2M communication devices it is not feasible to deploy global enforcement of security system. Centralized systems protected through firewall would be challenged by dispersed model so there is need for the decentralized systems in the organizational setting (Brickell et al, 2010). For decentralized systems it is imperative to develop the security systems so as to build the controlled risk environment while using M2M communication devices. A device can be trusted if the actual behavior of the device is as per the expectations. Security is a major concern in M2M communication devices due to the fact that these devices would directly connect with the core device through several means such as the wireless system, capillary network or through wired connections as well. Variety of application-specific technologies is required to be integrated with the end to end technology. Customers are having the choice to select particular capillary network depending upon their requirement.
(ii) M2M use cases
There are several use cases defined for the M2M communication systems by the standard organizations around the world. Present section of the report would deal with the important use cases and requirement of security in the particular use case for M2M communication technology. Use case or applications discussed in the present section would be having some common security requirement for M2M but due to critical information handled by these devices it is of immense importance to ensure security of devices being used in the organization. Use cases for M2M communication technology are given as under:
a. Traffic cameras: It has been generally observed that traffic cameras with cellular connectivity are being used in the general motorway or passways in cities. These cameras are being used to manage and monitor overall traffic on the road. These cameras deployed in entire city would be connected to each other so that continuous monitoring can be done. Connectivity between these cameras is established with the help of WLAN connectivity. One of the major benefits for connecting these cameras deployed on road would be to measure the average speed of the vehicle (Camenisch, 2014).
b. Metering: In every households and offices there are meters deployed in order to measure the utilization of gas, water and electricity. Usage measuring process is time inefficient and therefore becomes the costly affair. Automatic meters are deployed in order to record the utilization and send this data to central database system wherein bills are being issued based on the utilization. With implementation of the smart metering technology it becomes compelling for household and offices to monitor the usage of these vital resources so as to optimize use of energy on real time basis.
c. Vending machines: Vending machines are considered to be an efficient method in order to distribute retail goods and tracking stock levels in the retail outlet. Vending machines are quite vulnerable for attack on the content used in them. This would enhance the threat for vending machine for the value of items and payment system established through them. Multimedia marketing is also pushed with the help of vending machines and connectivity method for vending machines comes with variety of options.
d. Asset/cargo tracking: These devices are being used in order to allow user to monitor movement of cargo, critical parameter tracking and performing remote commands given by user. Usage of M2M communication technology is done for cargo tracking in areas where in physical access to the cargo is not possible. Such kind of environment is created in order to protect cargo from threat and resist theft (Chaum, 2009). Placement done for cargo in this way would lead to the fact that it is costly to physically access cargo.
(iii) Security threats for M2M
Some of the key features for which M2M devices are being used include low cost, does not require human intervention for long time, small and can communicate through WLAN or WAN. There is not much requirement for human intervention in M2M devices and they can operate through remote. Further it has been observed that most of M2M devices would be deployed in large quantity and would be mobile due to which it is not feasible to deploy personnel in order to manage these devices. Due to these features there are several vulnerabilities introduced for threat in M2M devices and wireless communication systems over which communication take place. Some of the key categories of security vulnerabilities associated with M2M communication technology can be given as under:
Compromise of credentials:There can be attacks on the authentication algorithms, side channel attacks, malicious cloning of attacks and cloning for authentication which resides in the machine communication identity module (MCIM). All these are the ways which can create threat for the machine to machine communication wherein through intrusion in the system credentials can be compromised. It is important to manage the credentials so that these attacks can be avoided and safety for the machine to machine communication system and other devices attached to them can be ensured.
Physical attacks: Physical attacks on the machine to machine communication system devices would include authentications with fraudulent details on the manipulated devices and booting with the fraudulent software. There is possibility for the physical attacks on the machine to machine communication devices and validation should be done in order to check the integrity of the software and data authentication tokens etc (Haldar et al, 2012).
Attack on core network:Major threat for the machine to machine communication system would relate with the mobile communication network deployed in the system. Some of the threat possibilities would include impersonation of devices, firewall mis-configuration and DoS attack on the core network in M2M communication systems. Location of the authorized device can also be changed by making attack on the radio access network deployed in the M2M communication network.
Protocol attack on device:These attacks would be directed against the device connected to M2M communication system. Some of the protocol attacks on devices would include man in middle attack for the first time network access, compromising a device with exploitation of the active network services and attack on the OAM.
Configuration attack:There can be several configuration related attacks on the devices attached with M2M communication system. These attacks would include mis-configuration from the owner or users of the device, mis-configuration done by the access control list and fraudulent software update done for the devices (Sadeghi and Stüble, 2012).
Identity privacy attack:These attacks would include eavesdropping for other users or data sent over the UTRAN.
All these threats are having high importance as there can be loss of data, intrusion from unauthenticated user and undesirable activities in the M2M communication system established. Vulnerability level of each security threat mentioned above would depend upon the importance level of data present in the system, type of attack, intention for the attack and capabilities of the security systems to safeguard the data or systems against such attacks.
(iv) Trusted environment
Formations of the trusted boundaries in the communication system are important so as to protect against any possible threats from the external environment. System needs to develop security related elements and capabilities so as to develop the trusted environment as these are the basic blocks for trusted environment in M2M communication system. Components in M2M communication would also include the methods for extending the trusted environment boundaries and to communicate the safety for the external environmental elements. A trusted environment would provide the construction of system characteristics for the trust enforcement. Below are the vital components of the trusted environment:
a. Introduction for the trusted environment
Trusted environment can be defined as the logically separated entity available with the M2M device. This would help in order to provide the safety for software execution and storage of data within the given device (Chen et al, 2008). Trusted environment would build isolation for the software and data contained in system so that the same can be protected against any external intrusion. Hardware security anchors would be developed and these would protect against the hardware security measures. Based on the route of trust, trusted environment would reach in a state that would determine the trustworthiness of the system. A simple diagram showing the various components of trusted environment within a M2M device can be given as under:
Figure 1: Showing the components of TRE in M2M device
Trust boundaries within the system would be extended to the operating system, storage devices and other software present within the system. State and configuration assessment methods are deployed in the system setting so as to know the exact status and configuration of each device. Measurement results obtained through device would be stored and integrity would be maintained in the device. In addition to this external validation is also being done so as to know the status and configuration of the device.
b. Requirement, functionality and interface
As shown in figure 1 above that software and database management systems present in the M2M communication devices are separated from the communication system developed in the system. This would help in developing trust environment and ensure safety of the data and software present in the system (Gross et al, 2011). Database system and software are divided into two parts which are core functions and subsidiary functions. Core function of the system would include secure storage, protected TRE ID, protected memory, RNG, crypto functions and secure execution etc. Subsidiary functions involved in the device would include M2M device validation which would help in authentication of the device, discovery & registration, MCIM lifecycle management, integrity checking, security policy functions and transaction audit records etc.
Trust environment would provide the cryptographic functions in order to ensure security of the system. These functions would include symmetric and asymmetric encryption and decryption process. Storage data can be inside the TRE or outside the TRE but there would be high level of security formed for data. This data would be encrypted and a key would be stored inside TRE to decode the data. TRE would also establish the secured channel in order to make communication with the other parts of the device but these parts needs to be outside TRE. There are two types of interface which can be present in the present system and these are protected interfaces and unprotected interfaces (Morales, 2013). Protected interfaces would be providing integrity protection and confidentiality of the data present inside the system. Security protocols can be used in order to maintain confidentiality of the data. In case of usage for security protocols inside the organization it is important to deploy the authentication methods for suitable TRE communication.
Unprotected interfaces for the M2M communication system would involve communication between TRE and general resources which are being used in the M2M communication system. Unprotected interface available in the system would be benefited from the other protection mechanism present in the system such as interface available for TRE check for the code of its counterpart. For a secured boot up of the M2M device various features and functionalities inside the communication system can be given with the help of figure 1 above.
(v) Verification of trustworthiness for M2M
There are two major aspects for the specific requirements and security threats available in M2M communication related devices are demand for high flexibility & configurability of the equipment and unpredictable connectivity to the core network. Both these aspects of M2M devices would take place at the particular instant of time and interaction with the network should be taken into account so as to apply this for the broad range of use cases in M2M communication systems. These systems can provide highly effective in order to implement the cost effective and optimal systems for M2M communication systems (Bernstein, 2014). Security would be an important element in order to resolve technological problems encountered above and to fulfill the below given two goals:
The first objective would be to ensure locally and remotely the state of M2M device. Security properties and trustworthiness operations of the M2M devices would be assessed.
Second objective would be to ensure that M2M devices reach to the state of secured device without having access to the network. Network connectivity should not be required in order to ensure that M2M devices are operating with the secured access.
These objectives are most critical element in order to play the protection goals and to change the status of goals in controlled way. Stakeholders, M2M device owners and network operators have suitable interest in order to validate the M2M devices. Validation can be defined as the process to check the state of security relevant properties for a particular system. Testing means for a system would be different in its pre deployment and after deployment phases. There are basically three types of validation which can be done for the M2M communication devices and these three are autonomous validation, remove validation and semi-autonomous validation. Autonomous validation is being done for the closed systems such as the smart cards etc which do not have any communication with the exterior devices for communicating their state information.
Remote validation process is also known as the remote attestation wherein open systems would be used for the validation process. In this open system validation report states are revealed in a secured manner. There can be several other validation processes and these validation processes would be present in between these extreme conditions defined. Remote validation process would be operating in case of the open systems only and unrestricted operational state changes would take place in remote validation process against the closed system being used in case of the autonomous validation process. This process is known as the abstraction for the trusted companies group named remote attestation. Broad spectrum which lies in between autonomous validation and remote validation would be named as semi-autonomous validation. There is only one technical specification based example for the semi-autonomous validation process and this is known as the secure boot from the TCG mobile phone working group. For the three validation processes as specified above there can be mapping variants and these can be given by figure 2 below:
Figure 2: Showing the mapping variants for the validation process
As shown in the figure 2 above that the three validation processes are remote, autonomous and semi-autonomous. These three validation process are related with the relying party based on the attestation, signal and remediation RIM provisioning process. In remote validation process and autonomous validation process there would be communication happening from the one side only while there is no channel to process the both side communication (Höller et al, 2014). While in case of the semi autonomous validation process communication would be two sided wherein from semi-autonomous there would be attestation process through which data would propagate while from other side remediation RIM provisioning would take place.
(vi) TRE application to subscription management
M2M devices have very different operational working method wherein they would operate without any human intervention and this separate these devices from the mobile phones. Another difference between M2M communication and mobile phone would be related with the subscription as in mobile phone there would be subscription from one human to a network operator. In case of M2M communication subscriber would be usually a network for large number of M2M devices and this would provide services to the large number of end consumers. In M2M communication system situation would be quite complex as user would decide who would be the operator for his machine at the time of deployment of machine in field. These users would change the operator of their machine from one network to another without having human intervention. This is one of the most important features for M2M communication devices wherein WAN communication subscription for M2M devices would lead to fast uptake of the M2M communication devices.
For 2G and 3G mobile services subscription is being offered with the help of UICC card which is deployed in the subscriber identity module. Figure 3 below shows the network architecture of the architecture alternative:
Figure 3: Showing the network authentication and MCIM provisioning
As shown in the figure 3 above that M2M device can be obtained through air interface provided in VNO. Provisional IP connectivity is provided by the registered operator (RO) with the help of initial connectivity function (Chaum, 2009). Discovery and registration function is also provided with the help of RO system. This functionality would help the M2M device to search for the selected home operator (SHO). Once M2M device would find SHO then it will download the SHO subscription network in a trusted network environment. Before allowing the download it would first check the authenticity of the device. Authenticity of the device is checked with the help of platform validation authority (PVA).
Usage of M2M communication systems are growing day by day and have lead to several use cases for the M2M devices in the organizational context. Due to the nature of M2M devices being used in the systems having characteristics such as unguarded and using distributed network there are lot of security threats arising for these devices. With evolution of these threats for the M2M communication devices there is requirement for the new security measures and requirement of flexibility as well. It is imperative to build the paradigm shift which would lead to development of the trust environment in organizational settings. There are two important building blocks for the formation of trust environment within these systems and these two building blocks are local state control which is developed through secured boot and semi-autonomous validation. With help of implementing unique requirements for M2M markets it is important that remote management of platform and subscription management is possible for M2M devices. The ideas presented in the above paper would help in order to explore for the new business opportunities in field of M2M communication devices. Further in order to enhance security for the M2M devices it is imperative to build hardware backed security so that threats for M2M communication devices can be avoided.
Leicher A, Kuntze, N. and Schmidt, U. (2009). Implementation of a Trusted Ticket System, in Proceedings of the IFIP sec. Boston, MA, USA, 2009, to be published.
Brickell, J. Camenisch, E and Chen, L (2010). Direct anonymous attestation, in Proc. 11th ACM Conf. on Computer and Communications Security, pp. 132-145. sch, J. (2014). Better Privacy for Trusted Computing Platforms,” in Proc. 9th European Symposium On Research in Computer Security (ESORICS 2014), pp. 73–88.
Chaum, D. (2009). “Security without Identification: Transaction Systems to make Big Brother Obsolete,” Communications of the ACM, vol. 28, no. 10, pp. 1030–1044,
Haldar, D. Chandra,V.and Franz, M. (2012). “Semantic remote attestation: A virtual machine directed approach to trusted computing,” in USENIX Virtual Machine Research and Technology Symposium (VM ’04), pp. 29-41.
The quality and affordable service provider in Australia is OZ Assignment Help. Students help with assignment writing, essay writing, dissertation writing, research report writing and more educational writing.