IoT-A with respect to key management is not yet explicitly defined in this
document.
Most of the communication security and Service security aspects of the IoT-A
security model are implicitly addressed in ETSI M2M – although the terminology
of IoT-A is not explicitly used. The ETSI M2M standard describes a range of
variants that depend on the security characteristics of the underlying network
layers and on the relationships between the M2M service provider and the
network operator. For example, if these stakeholders are identical, key
provisioning can be significantly simplified. One issue clearly not addressed in
ETSI M2M are trust models.
Threat Analysis Mapping
[ETSI TR 103 167] deals with a threat analysis related to the ETSI M2M
standard. In a similar way as the risk analysis provided in this document in
Section 5.2.9 ETSI M2M defines those threats that are most relevant for the
standard, and discusses respective countermeasures. Here, the different focus
of ETSI M2M in terms of network security becomes obvious again, because
most of the threats identified by ETSI M2M deal with keys or message
exchange. That means that the scope of IoT-A is broader, as it also includes,
for instance, Human Users that do not behave correctly. Consequently, IoT-A
refers to a general risk analysis that includes by definition non-malicious
behaviour that still imposes a risk on the system. As the scope of IoT-A is
broader, not all the risks identified within IoT-A are applicable to ETSI M2M, but
the threats of ETSI M2M map well to the risks identified within Section 5.2.9.
This is shown in Table 33 below.
ETSI M2M IoT-A
Threat 1: Discovery of Long-Term
Service-Layer Keys Stored in M2M
Devices or M2M Gateways
Attacker gains knowledge of sensitive exchanged
data
Disclosure of identities and cryptographic materialThreat 2: Deletion of Long-Term Service-
Layer Keys Stored in M2M Devices or
M2M Gateways
Disruption of a global ServiceThreat 3: Replacement of Long-Term
Service-Layer Keys Stored in M2M
Devices or M2M Gateways
Disruption of a global ServiceThreat 4: Discovery of Long-Term
Service-Layer Keys Stored in the SCs of
the M2M Core
Attacker gains knowledge of sensitive exchanged
data
Disclosure of identities and cryptographic materialThreat 5: Deletion of Long-Term Service-
Layer Keys Stored in the SCs of an M2M
Core
Disruption of a global ServiceThreat 6: Discovery of Long-Term
Service-Layer Keys Stored in MSBF or
Attacker gains knowledge of sensitive exchanged