Page 97 - 2015 Security in Telecommunications and Information Technology
P. 97
Unleashing the potential of the Internet of Things 3
8.8.1 Communication security
Secure, trusted and privacy protected communication capability is required, so that unauthorized
access to the content of data can be prohibited, integrity of data can be guaranteed and privacy-related
content of data can be protected during data transmission or transfer in IoT [SP1].
8.8.2 Data management security
Secure, trusted and privacy protected data management capability is required, so that unauthorized
access to the content of data can be prohibited, integrity of data can be guaranteed and privacy-related
content of data can be protected when storing or processing data in IoT [SP2].
8.8.3 Service provision security
Secure, trusted and privacy protected service provision capability is required, so that unauthorized
access to service and fraudulent service provision can be prohibited and privacy information related
to IoT users can be protected [SP3].
8.8.4 Integration of security policies and techniques
The ability to integrate different security policies and techniques is required, so as to ensure a
consistent security control over the variety of devices and user networks in IoT [SP4].
8.8.5 Mutual authentication and authorization
Before a device (or an IoT user) can access the IoT, mutual authentication and authorization between
the device (or the IoT user) and IoT is required to be performed according to predefined security
policies [SP5].
8.8.6 Security audit
Security audit is required to be supported in IoT. Any data access or attempt to access IoT applications
are required to be fully transparent, traceable and reproducible according to appropriate regulation
and laws. In particular, IoT is required to support security audit for data transmission, storage,
processing and application access [SP6].
Rec. ITU-T Y.4100/Y.2066 (06/2014) 83
