Rec. ITU-T X.1365 (03/2020) Security methodology for the use of identity-based cryptography in support of Internet of things (IoT) services over telecommunication networks
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
     3.1 Terms defined elsewhere
     3.2 Terms defined in this Recommendation
4 Abbreviations and acronyms
5 Conventions
6 Overview
7 System reference architecture for IoT services over telecommunications networks
8 Framework of using identity-based cryptography for IoT services over telecommunications networks
     8.1 IoT system architecture with identity-based cryptography
     8.2 Key management architecture
     8.3 Identity naming
     8.4 Key management
     8.5 Authentication
9 Security requirements
     9.1 Security requirements on master secret key
     9.2 Security requirement on public parameters
     9.3 Security requirement on identifier
     9.4 Security requirement for private key
     9.5 Security requirement for ephemeral secrets
Annex A  Generic formulation and algorithms of identity-based cryptography
Annex B  Identity-based cryptography key data specification
Annex C  Key management operations
     C.1 System initialization
     C.2 Device initialization
          C.2.1 Case 1: Initialization for eUICC
          C.2.2 Case 2: Initialization for non-eUICC IoT devices
     C.3 Public parameter lookup
     C.4 Identity and key provisioning
     C.5 Identity and key revocation
Annex D  Authentication
     D.1 One-pass secret transport protocol
     D.2 TLS-IBS
          D.2.1 ClientHello
          D.2.2 ServerHello
          D.2.3 Server certificate
          D.2.4 Client certificate
     D.3 EAP-TLS-IBS
          D.3.1 EAP-Request
          D.3.2 EAP-Response
          D.3.3 ClientHello
          D.3.4 ServerHello
          D.3.5 Server certificate
          D.3.7 Client certificate
     D.4  EAP-PSK-ECCSI
          D.4.1 Attach
          D.4.2 EAP-PSK--ECCSI first message (message 3 in Figure D.4)
          D.4.3 EAP-PSK--ECCSI second message (message 5 in Figure D.4)
          D.4.4 EAP-PSK--ECCSI third message (message 10 in Figure D.4)
          D.4.5 EAP-PSK--ECCSI fourth message (message 12 in Figure D.4-1)
Appendix I  Identity naming
Appendix II   KMIP extensions to support IBC
Bibliography