The oneM2M specifications enable secure IoT data exchange and information interoperability across different vertical sectors, service providers, and use cases. Credit: GreenButterfly / Shutterstock The ITU Telecommunication Standardization Sector (ITU-T) has approved a set of security specifications for internet of things (IoT) systems. The oneM2M specifications define a common set of IoT service functions to enable secure data exchange and information interoperability across different vertical sectors, service providers, and use cases. The specifications were approved by more than 190 countries and are now available for use by ITU-T member states.The ITU-T is responsible for coordinating standards for telecommunications and information communication technology for cybersecurity. It is one of the three branches of the International Telecommunication Union (ITU), a specialized agency of the United Nations that oversees matters relating to information and communication technologies.International standards bodies launched oneM2M in 2012. ARIB (Japan), ATIS (Americas), CCSA (China), ETSI (Europe), TIA (Americas), TTA (S. Korea), and TTC (Japan) came together to form a global partnership initiative to develop an international standard for interoperable and scalable IoT systems. Authentication, encryption, policies among IOT security specificationsWith its approval of oneM2M, the ITU-T has added IoT security capabilities to its recommendations of the M2M common service layer, according to a press release. The oneM2M standards provide an interoperability testing framework and support a global certification program by the Global Certification Forum (GCF) for oneM2M based products, it added. The specifications set out in the ITU-T Y.4500.3 oneM2M security solutions document are extensive, encompassing three IoT security architecture layers: security functions, security environment abstraction, and secure environments.The security functions layer contains a set of security functions that are exposed at reference point Mca and Mcc, the document read. These security functions are classified as identification, authentication, authorization, security association, sensitive data handling, and security administration. The security environment abstraction layer implements security capabilities such as key derivation, data encryption/decryption, signature generation/verification, and security credential read/write from/to the secure environments. These are invoked to protect the operations in secure environments. In addition, this layer also provides physical access to secure environments.The secure environments layer contains one or multiple secure environments that provide security services to adequately protect sensitive data storage and sensitive function execution. The sensitive data includes secure environment capability, security and asymmetric private keys, local credentials, security policies, identity information, and subscription information. The sensitive functions include data encryption and data decryption.“The architecture needs to be adapted to be suitable for implementation in different entities. For example, the architecture can be mapped to different device classes,” the document read. “Before any M2M common services layer procedure can take place, connectivity has to be established in the underlying network services layer, which may involve independent provisioning and service registration procedures specified by the underlying network.”The service layer security provisioning (security pre-provisioning or security bootstrapping) and security association establishment procedures specified can take place independently (and generally consecutively) from any required network service layer connectivity establishment procedures, according to the document.Security capabilities essential components of all IoT systems“Security-related capabilities are an essential and complementary component in all IoT systems – oneM2M treats security as a common service function that can be applied in the same way across many applications in different verticals,” said Roland Hechwartner, Deutsche Telekom, technical plenary chairman, oneM2M. “It also emphasizes the use of open standards so that service providers can control all entities and services in their deployments without relying on a single company or proprietary set of technologies.”A close rapport between the ITU-T and oneM2M experts helped to deliver common IoT standards and security that benefit the widest community, added Rana Kamill, British Telecom, ITU-T WP1/20 vice chair. Kamill stated that the OneM2M security solutions document went through the ITU-T’s Typical Approval Process – the default method for international standards with regulatory or policy implications. It has also been translated into the ITU’s six official languages (English, Arabic, Chinese, French, Spanish, and Russian). Related content brandpost Sponsored by Microsoft Security Building an AI strategy for the modern SOC Transforming SOC teams with the power of AI—identify the highest risk areas, cybersecurity maturity, existing architecture and tools, and budgetary constraints…just to name a few. By Microsoft Security May 23, 2024 5 mins Security news Tracking manual attacks may deliver zero-day previews According to analysis from LexisNexis, human-based digital fraud attacks are increasing more quickly than bot-based attacks — a difference CISOs should leverage for their defenses. By Evan Schuman May 23, 2024 4 mins Cyberattacks Fraud Cybercrime news analysis Microsoft amps up focus on Windows 11 security to address evolving cyberthreats In addition to its Copilot+ secure-cored PC, the company announced enterprise security enhancements, admin privilege changes, and the deprecation of legacy authentication protocols. By Lynn Greiner May 23, 2024 7 mins Windows Security news LockBit no longer world’s No. 1 ransomware gang After dominating for eight months, LockBit has been overtaken by ransomware gang Play in the wake of a law enforcement crackdown and unmasking of LockBit’s alleged creator. By Viktor Eriksson May 23, 2024 2 mins Ransomware Cybercrime PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe