Page 687 - Unleashing the potenti al of the Internet of Things

P. 687

Unleashing the potential of the Internet of Things 5

8.7 Secure capabilities of EHM components

According to the capability requirements described in clause 9.7 of [ITU-T Y.2065], the EHM
components are required to support the following security capabilities:

1) Authentication and authorization
The EHM gateway, EHM terminal, IoT platform and EHM application server are required to
support authentication and authorization mechanisms.
The EHM gateway and IoT platform are required to support authentication and authorization
for EHM devices and EHM application servers.
The EHM devices and EHM application servers are recommended to support a mutual
authentication and authorization when accessing the EHM gateway or IoT platform.
The authentication and authorization mechanisms among the EHM gateway, IoT platform,
EHM devices and EHM application servers can be based on network level authentication
mechanisms (e.g., IP based or SIM card based) or application level authentication
mechanisms (e.g., certificate based or account and password based).
The authentication and authorization mechanisms between EHM devices and the EHM
gateway can be additionally based on authentication mechanisms (e.g., Bluetooth based,
wired connection based) of the local network among EHM devices and gateways.
The EHM terminal and EHM application server are required to support authentication and
authorization for EHM customer access.
NOTE – EHM gateways that support EHM customer access are also required to provide
authentication and authorization for accessing users.
2) Secure communications
All EHM components are required to support secure communications. The EHM application,
EHM terminal and IoT platform are required to support secure communications through the
communication network. The EHM end point is required to support secure communications
through the local network among EHM devices and gateways. The EHM gateway is required
to support secure communications through both the communication network and the local
network among EHM devices and EHM gateways.
3) Confidentiality
All EHM components are required to enforce the confidentiality of the data whenever the
data are exchanged, stored or processed.
4) Integrity
All EHM components are required to guarantee the integrity of data when the data are
transmitted. Any loss of integrity of the transmitted data must be recognizable by the
receiving components.
5) Access control
The EHM gateway, EHM terminal, IoT platform and EHM application server are required to
ensure that only authorized EHM components are able to access protected data and only
authorized users can access the EHM components.

6) Audit trail
The EHM gateway, EHM terminal, IoT platform and EHM application server are required to
trace and record any access or attempt to access EHM data.
7) Data storage security
All EHM components that support data storage are required to support data integrity
validation and data privacy protection. In addition, the IoT platform and EHM application
server are required to support data backup, anti-hacker data protection, uninterruptible power
of data storage and data recovery.

Rec. ITU-T Y.4408/Y.2075 (09/2015) 673

682 683 684 685 686 687 688 689 690 691 692