The oneM2M specifications enable secure IoT data exchange and information interoperability across different vertical sectors, service providers, and use cases. Credit: GreenButterfly / Shutterstock The ITU Telecommunication Standardization Sector (ITU-T) has approved a set of security specifications for internet of things (IoT) systems. The oneM2M specifications define a common set of IoT service functions to enable secure data exchange and information interoperability across different vertical sectors, service providers, and use cases. The specifications were approved by more than 190 countries and are now available for use by ITU-T member states.The ITU-T is responsible for coordinating standards for telecommunications and information communication technology for cybersecurity. It is one of the three branches of the International Telecommunication Union (ITU), a specialized agency of the United Nations that oversees matters relating to information and communication technologies.International standards bodies launched oneM2M in 2012. ARIB (Japan), ATIS (Americas), CCSA (China), ETSI (Europe), TIA (Americas), TTA (S. Korea), and TTC (Japan) came together to form a global partnership initiative to develop an international standard for interoperable and scalable IoT systems. Authentication, encryption, policies among IOT security specificationsWith its approval of oneM2M, the ITU-T has added IoT security capabilities to its recommendations of the M2M common service layer, according to a press release. The oneM2M standards provide an interoperability testing framework and support a global certification program by the Global Certification Forum (GCF) for oneM2M based products, it added. The specifications set out in the ITU-T Y.4500.3 oneM2M security solutions document are extensive, encompassing three IoT security architecture layers: security functions, security environment abstraction, and secure environments.The security functions layer contains a set of security functions that are exposed at reference point Mca and Mcc, the document read. These security functions are classified as identification, authentication, authorization, security association, sensitive data handling, and security administration. The security environment abstraction layer implements security capabilities such as key derivation, data encryption/decryption, signature generation/verification, and security credential read/write from/to the secure environments. These are invoked to protect the operations in secure environments. In addition, this layer also provides physical access to secure environments.The secure environments layer contains one or multiple secure environments that provide security services to adequately protect sensitive data storage and sensitive function execution. The sensitive data includes secure environment capability, security and asymmetric private keys, local credentials, security policies, identity information, and subscription information. The sensitive functions include data encryption and data decryption.“The architecture needs to be adapted to be suitable for implementation in different entities. For example, the architecture can be mapped to different device classes,” the document read. “Before any M2M common services layer procedure can take place, connectivity has to be established in the underlying network services layer, which may involve independent provisioning and service registration procedures specified by the underlying network.”The service layer security provisioning (security pre-provisioning or security bootstrapping) and security association establishment procedures specified can take place independently (and generally consecutively) from any required network service layer connectivity establishment procedures, according to the document.Security capabilities essential components of all IoT systems“Security-related capabilities are an essential and complementary component in all IoT systems – oneM2M treats security as a common service function that can be applied in the same way across many applications in different verticals,” said Roland Hechwartner, Deutsche Telekom, technical plenary chairman, oneM2M. “It also emphasizes the use of open standards so that service providers can control all entities and services in their deployments without relying on a single company or proprietary set of technologies.”A close rapport between the ITU-T and oneM2M experts helped to deliver common IoT standards and security that benefit the widest community, added Rana Kamill, British Telecom, ITU-T WP1/20 vice chair. Kamill stated that the OneM2M security solutions document went through the ITU-T’s Typical Approval Process – the default method for international standards with regulatory or policy implications. It has also been translated into the ITU’s six official languages (English, Arabic, Chinese, French, Spanish, and Russian). Related content brandpost Sponsored by Palo Alto Networks How you may be affected by the new proposed Critical Infrastructure Cyber Incident Reporting Rule The current cybersecurity regulatory landscape continues to evolve, and CIRCIA’s incident reporting requirements are just one of the many emerging regulations organizations will need to observe By Anand Oswal, Senior Vice President and GM of Network Security at Palo Alto Networks May 15, 2024 5 mins Security news Singing River ransomware attack now thought to have affected over 895,000 The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack. By Shweta Sharma May 15, 2024 4 mins Data Breach Ransomware brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security feature Backlogs at National Vulnerability Database prompt action from NIST and CISA A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases. By John Mello Jr. May 15, 2024 10 mins Threat and Vulnerability Management Security Practices Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe