Click here to close now.

SYS-CON MEDIA Authors: Liz McMillan, Elizabeth White, Carmen Gonzalez, Plutora Blog, Pat Romanski

News Feed Item

Machine-to-Machine (M2M) Security and Privacy: Challenges and Opportunities



 

 

LONDON, Aug. 27, 2014 /PRNewswire/ -- Reportbuyer.com has added a new market research report:

Machine-to-Machine (M2M) Security and Privacy: Challenges and Opportunities

https://www.reportbuyer.com/product/2307727/Machine-to-Machine-M2M-Security-and-Privacy-Challenges-and-Opportunities.html

Overview:

Machine-to-Machine (M2M) applications will be developed in various sectors of the industry at a rapid pace over the next five years, reaching an inflexion point by 2020 as the Internet of Things (IoT) begins a high growth phase. With increasingly more devices connected to the Internet in which critical business processes depend, the threats to applications increase in terms of incidence, severity, and impact.

It is important to recognize that applications are susceptible to physical attacks on devices as well as network-level attacks, which in many cases have different issues and solutions. The M2M industry is quickly recognizing the need to deal with security and privacy issues pertaining to M2M, but understanding the specific issues and solutions are not broadly understood.

This Mind Commerce research addresses security and privacy based on our many years of M2M coverage as well as recent interviews and survey. The report is divided into four parts as follows:

Part One: Evaluates M2M security issues and challenges
Part Two: Assesses M2M as well as related technologies (Cloud and Big Data)
Part Three: Discusses survey findings, insights and conclusions pertinent to M2M
Part Four: Addresses security within Wireless Sensor Networks (WSN) integral to M2M and IoT
All purchases of Mind Commerce reports includes time with an expert analyst who will help you link key findings in the report to the business issues you're addressing. This needs to be used within three months of purchasing the report.


Target Audience:

Standards organizations
Mobile network operators
Security solution providers
M2M/IoT platform providers
Wireless device manufacturers
Privacy infrastructure providers
Wireless infrastructure providers
M2M and IoT application developers
Enterprise employing M2M/IoT solutions
Security and privacy advocacy organizations
Table of Contents:

EXECUTIVE SUMMARY

Part One: Machine-to-Machine Security 12

1.0 EXPLOITED VULNERABILITIES AND ATTACKS 12
2.0 SECURITY REQUIREMENTS FOR M2M 14
2.1 Authentication 14
2.2 Confidentiality 14
2.3 Access control 14
2.4 Integrity 15
2.5 Privacy 15
2.6 Availability 15
2.7 Non-repudiation 15
3.0 FACTORS LEADING TO COMPLEXITY IN M2M APPLICATIONS 16
3.1 Proliferation of Nodes in Network 16
3.2 Limited Computational Power 16
3.3 Lack of Awareness 16
3.4 Lack of Pre-set Rules 17
3.5 Difficult to Tackle Denial of Power Attacks 17
3.6 Need to Reduce Risk Exposure 17
3.7 DDoS Attack from Compromised Nodes 17
3.8 Users Responsible for Enabling Security Protection 18
3.9 Security is Not highest Priority 18
4.0 MEASURES TO ENSURE SECURITY FOR M2M APPLICATIONS 19
4.1 Security Considerations during Design Phase 19
4.2 Define User-level Security 19
4.3 Limited Access to Internet 20
4.4 Use of Open-source Software to Configure Specific Security Settings 20
4.5 Vendors to Disclose Vulnerabilities 20
4.6 Analyze Attack Surface to Understand Probable Attack Points 21
4.7 Ensure Secure Design 21
4.8 Code Signing to Confirm Integrity 21
4.9 All Value Chain Layers Must be Secured 22
4.10 Stakeholders to Work in Sync for Security Measures 22
4.11 Do not Allow Permanent Access 24
4.12 Implement Typical Security Measures 24
5.0 TWO POINTS OF ATTACK ON M2M COMMUNICATIONS 25
5.1 Physical Attacks on Unattended Devices 25
5.1.1 Recommendations to Increase Security of Physical Devices 26
5.2 Network-side Attacks 26
5.2.1 Recommendations to Increase Security on Network Side 27
6.0 DIFFERENCE IN M2M COMMUNICATION OVER GSM AND CDMA 28
7.0 CRITICAL DEVICE CONTROLS BY M2M APPLICATIONS 29
8.0 SECURITY AN INTEGRAL PART OF APPLICATION DESIGN 30
9.0 SOPHISTICATED SECURITY MECHANISMS FOR M2M SECURITY 31
9.1 Early Detection of Compromised Nodes 31
9.2 Bandwidth Efficient Cooperative Authentication 31
10.0 EVOLVING ELEMENTS OF SECURITY 32
11.0 SECURITY IS ONE OF MANY GO-TO-MARKET FACTORS 33
12.0 SECURING THE COMMUNICATIONS AND NOT JUST DEVICES 34
13.0 USE OF IPV6: ADDED SECURITY PROBLEMS 35
14.0 ADEQUATE USE OF CERTIFICATE FOR SECURITY 36
15.0 SPECIAL SKILL-SET REQUIRED FOR DEPLOYING SECURITY TOOLS 37
16.0 ORGANIZATIONS AND COLLABORATIONS FOR STANDARDS 38
16.1 AllSeen Alliance 38
16.2 IETF 39
16.3 Mobile App Security Working Group 39
16.4 Machine-to-Machine Standardization Task Force (MSTF) 39
16.5 Standards by Verticals 40

Part Two: Machine-to-Machine Privacy 41

17.0 PRIVACY CONCERNS 41
17.1 Data Ownership Unclear 42
17.2 Control Factor Unclear 42
17.3 Government Initiatives 43
17.4 Across Boundaries and Verticals 43
17.5 Aspects of Privacy and Security to be Re-addressed 44
18.0 PRIVACY AND SECURITY CONCERNS FOR BIG DATA 45
18.1 Automated Access through Authorizations 45
18.2 Non-standard Approach to Granting Access 46
18.3 Business Continuity Risk 47
18.4 Best Practices 47
19.0 PRIVACY ISSUES IN CLOUD COMPUTING 49
20.0 PRIVACY AN INTEGRAL PART OF APPLICATION DESIGN 50

Part Three: Industry Views on Security 51

21.0 INDUSTRY SURVEY ON SECURITY 51
21.1 Introduction 51
21.2 Survey Participants 51
21.3 Geographic Reach 52
21.4 Role of M2M in Applications 53
21.5 Highest Concerns of M2M Solution Deployment 53
21.6 Highest Security Concern while Deploying M2M Solutions 54
21.7 Security Solution 55
21.8 Concluding Remarks on Industry Survey 55

Part Four: Wireless Sensor Networks 57

22.0 INTRODUCTION TO WIRELESS SENSOR NETWORKS 57
23.0 SECURITY THREATS ON OSI LAYERS FOR WSN 58
23.1 Physical Layer of OSI Model 58
23.1.1 Attacks in Physical Layer 58
23.1.2 Countermeasures for Attack in Physical layer 59
23.2 MAC Layer of OSI Model 62
23.2.1 Attacks in MAC Layer 62
23.2.2 Countermeasures for Attack in MAC Layer 63
23.3 Network Layer of OSI Model 66
23.3.1 Attacks in Network Layer 67
23.3.2 Countermeasures for Attack in Network Layer 69
23.4 Application Layer of OSI Model 71
23.4.1 Attacks in Application Layer 72
23.4.2 Countermeasures for Attack in Application layer 73
23.5 Concluding Remarks on Security Threats on OSI layer 74
24.0 SECURITY GOALS OF WIRELESS SENSOR NETWORKS 76
24.1 Primary Security Goals 76
24.1.1 Data Integrity 76
24.1.2 Data Authentication 77
24.1.3 Data Confidentiality 77
24.1.4 Data Availability 77
24.2 Secondary Security Goals 77
24.2.1 Self-Organization 77
24.2.2 Time Synchronization 77
24.2.3 Data Freshness 78
24.2.4 Secure Localization 78
25.0 CHALLENGES FOR WIRELESS SENSOR NETWORKS 79
25.1 Wireless Medium inherently Less Secure 79
25.2 Security Tools to Adopt to Ad-Hoc Nature 79
25.3 Hostile Environment of Sensor Nodes 80
25.4 Resource Inadequacy of Sensor Devices 80
25.5 Massive Scale of IoT / M2M 80
25.6 Unreliable Communication 80
25.6.1 Unreliable Transfer 80
25.6.2 Conflicts 80
25.6.3 Latency 81
25.7 Unattended Sensor Nodes 81
25.7.1 Exposure to Physical Attacks 81
25.7.2 Managed Remotely 81
25.7.3 No Central Management Point 81
26.0 TYPES OF ATTACKS IN SENSOR NETWORKS 82
26.1 Passive Attack 82
26.1.1 Attacks against Privacy 82
26.2 Active Attack 83
26.2.1 Denial of Service (DoS) Attack 84
26.2.2 Routing Attacks 84
26.2.3 Physical Attacks on Devices 85
26.2.4 Node Subversion 86
26.2.5 Node Malfunction 86
26.2.6 Node Outage 86
26.2.7 Interception of the Messages of Sensor Nodes 86
26.2.8 Modification of Message 86
26.2.9 False Node 86
26.2.10 Node Replication Attacks 87
27.0 SECURITY MECHANISMS TO COMBAT ACTIVE AND PASSIVE ATTACKS 88
27.1 Low-Level Mechanism 88
27.1.1 Secrecy and Authentication 88
27.1.2 Privacy 89
27.1.3 Secure Routing 89
27.1.4 Robustness to Communication Denial of Service 89
27.1.5 Resilience to Node Capture 89
27.1.6 Key Establishment and Trust Setup 90
27.2 High-Level Mechanism 90
27.2.1 Intrusion Detection 90
27.2.2 Secure Data Aggregation 90
27.2.3 Secure Group Management 90
28.0 SENSOR NETWORK STANDARDIZATION 92
29.0 CONCLUDINS 93

 


LIST OF FIGURES

Figure 1: Security Requirements for M2M 14
Figure 2: Factors leading to complexity in M2M Applications 16
Figure 3: Measures to Ensure Security for M2M Applications 19
Figure 4: Organizations and Collaborations for Standards for Safety 38
Figure 5: Privacy Concerns 42
Figure 6: Privacy and Security Concerns for Big Data 45
Figure 7: Industry Security Survey Participants 52
Figure 8: Geographic Reach of Companies 53
Figure 9: Topmost Concerns for Deploying M2M Solutions 54
Figure 10: Topmost M2M Security/Privacy Considerations by Enterprise 55
Figure 11: Attacks on OSI Layers 58
Figure 12: Counter Measures for Attacks in OSI Layers 74
Figure 13: Security Goals of Wireless Sensor Network 76
Figure 14: Challenges for Wireless Sensor Networks 79
Figure 15: Types of Attacks in Sensor Networks 82
Figure 16: Techniques employed to deploy Active attacks 84
Figure 17: Security Mechanisms to Combat Active and Passive Attacks 88

 


Read the full report:
Machine-to-Machine (M2M) Security and Privacy: Challenges and Opportunities

https://www.reportbuyer.com/product/2307727/Machine-to-Machine-M2M-Security-and-Privacy-Challenges-and-Opportunities.html

For more information:
Sarah Smith
Research Advisor at Reportbuyer.com
Email: [email protected]
Tel: +44 208 816 85 48
Website: www.reportbuyer.com

 

SOURCE ReportBuyer

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Containers Expo Blog covers the world of containers, as this lightweight alternative to virtual machines enables developers to work with identical dev environments and stacks. Containers Expo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Bookmark Containers Expo Blog ▸ Here Follow new article posts on Twitter at @ContainersExpo
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impac...
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. 8th International Big Data Expo, co-located with 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the cloud computing bo...
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the...
You use an agile process; your goal is to make your organization more agile. But what about your data infrastructure? The truth is, today's databases are anything but agile - they are effectively static repositories that are cumbersome to work with, difficult to change, and cannot keep pace with application demands. Performance suffers as a result, and it takes far longer than it should to deliver new features and capabilities needed to make your organization competitive. As your application an...
Move from reactive to proactive cloud management in a heterogeneous cloud infrastructure. In his session at 16th Cloud Expo, Manoj Khabe, Innovative Solution-Focused Transformation Leader at Vicom Computer Services, Inc., will show how to replace a help desk-centric approach with an ITIL-based service model and service-centric CMDB that’s tightly integrated with an event and incident management platform. Learn how to expand the scope of operations management to service management. He will al...
Over the years, a variety of methodologies have emerged in order to overcome the challenges related to project constraints. The successful use of each methodology seems highly context-dependent. However, communication seems to be the common denominator of the many challenges that project management methodologies intend to resolve. In this respect, Information and Communication Technologies (ICTs) can be viewed as powerful tools for managing projects. Few research papers have focused on the way...
As the world moves from DevOps to NoOps, application deployment to the cloud ought to become a lot simpler. However, applications have been architected with a much tighter coupling than it needs to be which makes deployment in different environments and migration between them harder. The microservices architecture, which is the basis of many new age distributed systems such as OpenStack, Netflix and so on is at the heart of CloudFoundry – a complete developer-oriented Platform as a Service (PaaS...
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, ...
High-performing enterprise Software Quality Assurance (SQA) teams validate systems that are ready for use - getting most actively involved as components integrate and form complete systems. These teams catch and report on defects, making sure the customer gets the best software possible. SQA teams have leveraged automation and virtualization to execute more thorough testing in less time - bringing Dev and Ops together, ensuring production readiness. Does the emergence of DevOps mean the end of E...
The term culture has had a polarizing effect among DevOps supporters. Some propose that culture change is critical for success with DevOps, but are remiss to define culture. Some talk about a DevOps culture but then reference activities that could lead to culture change and there are those that talk about culture change as a set of behaviors that need to be adopted by those in IT. There is no question that businesses successful in adopting a DevOps mindset have seen departmental culture change, ...
Amazon and Google have built software-defined data centers (SDDCs) that deliver massively scalable services with great efficiency. Yet, building SDDCs has proven to be a near impossibility for companies without hyper-scale resources. In his session at 15th Cloud Expo, David Cauthron, CTO and Founder of NIMBOXX, highlighted how a mid-sized manufacturer of global industrial equipment bridged the gap from virtualization to software-defined services, streamlining operations and costs while connect...
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential. The DevOps Summit at Cloud Expo – to be held June 3-5, 2015, at the Javits Center in New York City – will expand the DevOps community, enable a wide...
Cloud Expo, Inc. has announced today that Andi Mann returns to DevOps Summit 2015 as Conference Chair. The 4th International DevOps Summit will take place on June 9-11, 2015, at the Javits Center in New York City. "DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the great team at ...