Security considerations for M2MIEEE 802.16 Presentation Submission Template (Rev. 9)

Document Number:IEEE 802.16ppc-10/0037

Date Submitted:2010-07-09

Source:Eldad Zeira, Alex Reznik E-mail: eldad.zeira@interdigital.comInterDigital Communications Corp.

Venue:Session #68, San Diego

Base Contribution:None

Purpose:To be discussed and adopted by 802.16 Project Planning Committee / 802.16p

Notice:This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material contained herein.

Release:The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that

this contribution may be made public by IEEE 802.16.

Patent Policy:The contributor is familiar with the IEEE-SA Patent Policy and Procedures:

<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and <http://standards.ieee.org/guides/opman/sect6.html#6.3>.Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and <http://standards.ieee.org/board/pat >.

204/18/23

• M2M networks are more vulnerable to security threats than traditional networks– … and handle highly critical missions

• Network attacks can lead to false situational awareness, loss of privacy, and even become physical attacks – Compromised by physical or remote reconfiguration or

impersonation

• SR recognizes this issue and recommends that it is in scope of the M2M PAR

304/18/23

• M2M devices handle highly critical missions while being… – deployed in highly distributed networks

– provisioned in the field and managed over the air

– operated without human supervision

• M2M networks and applications are vulnerable to:– Misleading reports

– Network (denial of service) attacks

– Loss of privacy

– Cyber attacks can become physical attacks

• The awareness of an attack is in itself an important security related information

404/18/23

Security susceptibilities of M2M use casesSusceptibility Misleading

reportsNetwork attacks(particularly for WAN)

Data privacy Cyber attacks become physical attacks

M2M use case

Secured access, surveillance , remote maintenance

False situational awareness

DoS attacks prevent obtaining of situational awareness

Tracking, tracing & recovery

False location reports

Prevents timely tracking

Public safety Similar to security , especially if acts of terrorism are considered

Payment Transmission of information to unauthorized parties

Health Care False situational awareness

Prevents awareness of emergency conditions

Transmission of information to unauthorized parties

Malicious control can have serious health implications

Smart grid Prevention of timely control requires unavailable electrical resources

Malicious control can cause lasting damage to grid

504/18/23

The vulnerabilities, more precisely…• Physical Attacks such as insertion of valid authentication tokens into a manipulated

device, inserting and/or booting with fraudulent or modified software (“re-flashing”), and environmental/side-channel attacks, both before and after in-field deployment.

• Compromise of Credentials comprising brute force attacks on tokens and (weak) authentication algorithms, physical intrusion, or side-channel attacks, as well as malicious cloning of authentication tokens residing on the device.

• Configuration Attacks such as fraudulent software update/configuration changes, mis-configuration by the owner, subscriber or user, mis-configuration or compromise of the access control policies.

• Attacks on the Network. These are the main threats to the network operator: Impersonation of devices, traffic tunneling between impersonated devices, mis-configuration of the firewall in the modem/router/gateways, Denial of Service (DoS) attacks against the core network. They may also include changing the device’s authorized physical location in an unauthorized fashion or attacks on the radio access network, using a rogue device.

604/18/23

Security requirements in SR (0002r7, sec. 4.7)

• 802.16 security functions, including integrity protection and the confidentiality for M2M service traffic shall be supported for M2M devices. Expected use cases for WAN M2M systems make them vulnerable to security threats in the form of physical or remote attacks on hardware, software / firmware, compromise of credentials, configuration and network attacks (e.g., denial of service).

• WAN M2M system should support appropriate level of authentication for the M2M device or M2M gateway to provide secure access to the authorized M2M devices. The system should support verification and validation of the exchanged data

704/18/23

What do we need to do?

• 5.7 Security (from SR)– Enhanced security may require changes to the

network entry/re-entry procedure.

• No other standardized changes in MAC / PHY are required

804/18/23

Proposed modification to M2M PAR scope

• This amendment specifies IEEE Std 802.16 medium access control (MAC) enhancements and minimal OFDMA PHY modifications to provide functionalities for efficient Machine to Machine communication. Enhancements are lower power consumption at the subscriber station, support by the base station of significantly larger numbers of devices, enhanced access priority, time-tolerant/controlled operation, improved device authentication at network entry and efficient support for small burst transmissions. This amendment provides continuing support for WirelessMAN-Advanced Air Interface and legacy WirelessMAN-OFDMA equipment.