市場調査レポート

M2M (Machine-to-Machine) のセキュリティとプライバシー:課題と機会

Machine-to-Machine (M2M) Security and Privacy: Challenges and Opportunities

発行 Mind Commerce 商品コード 310273
出版日 ページ情報 英文 94 Pages
納期: 即日から翌営業日
価格
こちらの商品の販売は終了いたしました。
Back to Top
M2M (Machine-to-Machine) のセキュリティとプライバシー:課題と機会 Machine-to-Machine (M2M) Security and Privacy: Challenges and Opportunities
出版日: 2014年08月01日 ページ情報: 英文 94 Pages

当商品の販売は、2016年06月14日を持ちまして終了しました。

概要

M2M(機械間通信)アプリケーションは現在、あらゆる産業分野で開発され、IoT(モノのインターネット)の急成長も相まって、今後急速に普及しておくものと思われます。他方、ビジネス上の重要なプロセスに関わる機器がネットワーク接続に対応していくのに従い、アプリケーションに対する脅威と悪影響は拡大し続けています。そのため、アプリケーションは物理的攻撃・ネットワーク攻撃の双方を受けやすく、様々な課題を抱えている、ということをよく認識しておくことが重要となります。M2M業界側でもセキュリティ・プライバシー面での脅威への対処の必要性に関する認識が急速に広まりつつありますが、全ての課題と解決策が良く理解されているわけではありません。

当レポートでは、M2M (Machine-to-Machine) のセキュリティ面およびプライバシー面での脅威・課題について分析し、M2Mのセキュリティ面での課題や、M2Mおよび関連技術(クラウド・ビッグデータ)のプライバシー面での課題、業界側の見解・対応策、無線センサーネットワーク(WSN)との接続・一体化に伴う課題などについて調査・考察しております。

エグゼクティブ・サマリー

第1部:M2M (Machine-to-Machine)のセキュリティ

第1章 悪用された脆弱性と攻撃

第2章 M2Mのセキュリティ上の要件

第3章 M2Mアプリケーションの複雑性につながる要素

第4章 M2Mアプリケーションのセキュリティの保証手段

第5章 M2M通信に対する2箇所の攻撃点

  • 未接続デバイスへの物理的攻撃
  • ネットワーク側からの攻撃

第6章 GSM・CDMA経由のM2M通信の違い

第7章 M2Mアプリケーションによる主なデバイス制御機能

第8章 アプリケーション設計の一部としてのセキュリティ

第9章 M2Mのための高度セキュリティ機能

第10章 セキュリティの進化の要素

第11章 市場参入要因の一つとしてのセキュリティ

第12章 デバイスではなく、通信を保護する

第13章 IPV6の利用:セキュリティ面での問題の拡大

第14章 セキュリティ証明書の適切な利用

第15章 セキュリティツール導入時に必要な専門的スキルセット

第16章 標準化のための組織と協力体制

  • AllSeen Alliance
  • IETF
  • Mobile App Security Working Group
  • M2M標準化タスクフォース(MSTF)
  • 業界ごとの技術標準

第2部:M2Mのプライバシー

第17章 プライバシーに関する懸念事項

第18章 ビッグデータに関するプライバシー・セキュリティ上の懸念

第19章 クラウドコンピューティングのプライバシー面での課題

第20章 アプリケーション設計の一部としてのプライバシー

第3部:セキュリティに対する業界側の見解

第21章 セキュリティに関する産業調査

第4部:無線センサーネットワーク

第22章 無線センサーネットワーク(WSN)の概略

第23章 WSNのOSIレイヤーに対するセキュリティ面での脅威

第24章 無線センサーネットワークのセキュリティ面での目標

  • 第一の目標
  • 第二の目標

第25章 無線センサーネットワークの課題

第26章 センサーネットワークに対する攻撃の種類

  • 受動的攻撃
  • 能動的攻撃

第27章 能動的・受動的攻撃に対処するためのセキュリティ対策

  • 低レベルでの対策
  • 高レベルでの対策

第28章 センサーネットワークの標準化

第29章 結論

図表一覧

目次

Machine-to-Machine (M2M) applications will be developed in various sectors of the industry at a rapid pace over the next five years, reaching an inflexion point by 2020 as the Internet of Things (IoT) begins a high growth phase. With increasingly more devices connected to the Internet in which critical business processes depend, the threats to applications increase in terms of incidence, severity, and impact.

It is important to recognize that applications are susceptible to physical attacks on devices as well as network-level attacks, which in many cases have different issues and solutions. The M2M industry is quickly recognizing the need to deal with security and privacy issues pertaining to M2M, but understanding the specific issues and solutions are not broadly understood.

This Mind Commerce research addresses security and privacy based on our many years of M2M coverage as well as recent interviews and survey. The report is divided into four parts as follows:

  • Part One: Evaluates M2M security issues and challenges
  • Part Two: Assesses M2M as well as related technologies (Cloud and Big Data)
  • Part Three: Discusses survey findings, insights and conclusions pertinent to M2M
  • Part Four: Addresses security within Wireless Sensor Networks (WSN) integral to M2M and IoT

All purchases of Mind Commerce reports includes time with an expert analyst who will help you link key findings in the report to the business issues you're addressing. This needs to be used within three months of purchasing the report.

Target Audience:

  • Standards organizations
  • Mobile network operators
  • Security solution providers
  • M2M/IoT platform providers
  • Wireless device manufacturers
  • Privacy infrastructure providers
  • Wireless infrastructure providers
  • M2M and IoT application developers
  • Enterprise employing M2M/IoT solutions
  • Security and privacy advocacy organizations

Table of Contents

EXECUTIVE SUMMARY

Part One: Machine-to-Machine Security

1.0 EXPLOITED VULNERABILITIES AND ATTACKS

2.0 SECURITY REQUIREMENTS FOR M2M

  • 2.1 Authentication
  • 2.2 Confidentiality
  • 2.3 Access control
  • 2.4 Integrity
  • 2.5 Privacy
  • 2.6 Availability
  • 2.7 Non-repudiation

3.0 FACTORS LEADING TO COMPLEXITY IN M2M APPLICATIONS

  • 3.1 Proliferation of Nodes in Network
  • 3.2 Limited Computational Power
  • 3.3 Lack of Awareness
  • 3.4 Lack of Pre-set Rules
  • 3.5 Difficult to Tackle Denial of Power Attacks
  • 3.6 Need to Reduce Risk Exposure 17
  • 3.7 DDoS Attack from Compromised Nodes
  • 3.8 Users Responsible for Enabling Security Protection 1
  • 3.9 Security is Not highest Priority

4.0 MEASURES TO ENSURE SECURITY FOR M2M APPLICATIONS

  • 4.1 Security Considerations during Design Phase
  • 4.2 Define User-level Security
  • 4.3 Limited Access to Internet
  • 4.4 Use of Open-source Software to Configure Specific Security Settings
  • 4.5 Vendors to Disclose Vulnerabilities
  • 4.6 Analyze Attack Surface to Understand Probable Attack Points
  • 4.7 Ensure Secure Design
  • 4.8 Code Signing to Confirm Integrity
  • 4.9 All Value Chain Layers Must be Secured
  • 4.10 Stakeholders to Work in Sync for Security Measures
  • 4.11 Do not Allow Permanent Access
  • 4.12 Implement Typical Security Measures

5.0 TWO POINTS OF ATTACK ON M2M COMMUNICATIONS

  • 5.1 Physical Attacks on Unattended Devices
  • 5.1.1 Recommendations to Increase Security of Physical Devices
  • 5.2 Network-side Attacks
  • 5.2.1 Recommendations to Increase Security on Network Side

6.0 DIFFERENCE IN M2M COMMUNICATION OVER GSM AND CDMA

7.0 CRITICAL DEVICE CONTROLS BY M2M APPLICATIONS

8.0 SECURITY AN INTEGRAL PART OF APPLICATION DESIGN

9.0 SOPHISTICATED SECURITY MECHANISMS FOR M2M SECURITY

  • 9.1 Early Detection of Compromised Nodes
  • 9.2 Bandwidth Efficient Cooperative Authentication

10.0 EVOLVING ELEMENTS OF SECURITY

11.0 SECURITY IS ONE OF MANY GO-TO-MARKET FACTORS

12.0 SECURING THE COMMUNICATIONS AND NOT JUST DEVICES

13.0 USE OF IPV6: ADDED SECURITY PROBLEMS

14.0 ADEQUATE USE OF CERTIFICATE FOR SECURITY

15.0 SPECIAL SKILL-SET REQUIRED FOR DEPLOYING SECURITY TOOLS

16.0 ORGANIZATIONS AND COLLABORATIONS FOR STANDARDS

  • 16.1 AllSeen Alliance
  • 16.2 IETF
  • 16.3 Mobile App Security Working Group
  • 16.4 Machine-to-Machine Standardization Task Force (MSTF)
  • 16.5 Standards by Verticals

Part Two: Machine-to-Machine Privacy

17.0 PRIVACY CONCERNS

  • 17.1 Data Ownership Unclear
  • 17.2 Control Factor Unclear
  • 17.3 Government Initiatives
  • 17.4 Across Boundaries and Verticals
  • 17.5 Aspects of Privacy and Security to be Re-addressed

18.0 PRIVACY AND SECURITY CONCERNS FOR BIG DATA

  • 18.1 Automated Access through Authorizations
  • 18.2 Non-standard Approach to Granting Access
  • 18.3 Business Continuity Risk
  • 18.4 Best Practices

19.0 PRIVACY ISSUES IN CLOUD COMPUTING

20.0 PRIVACY AN INTEGRAL PART OF APPLICATION DESIGN

Part Three: Industry Views on Security

21.0 INDUSTRY SURVEY ON SECURITY

  • 21.1 Introduction
  • 21.2 Survey Participants
  • 21.3 Geographic Reach
  • 21.4 Role of M2M in Applications
  • 21.5 Highest Concerns of M2M Solution Deployment
  • 21.6 Highest Security Concern while Deploying M2M Solutions
  • 21.7 Security Solution
  • 21.8 Concluding Remarks on Industry Survey

Part Four: Wireless Sensor Networks

22.0 INTRODUCTION TO WIRELESS SENSOR NETWORKS

23.0 SECURITY THREATS ON OSI LAYERS FOR WSN

  • 23.1 Physical Layer of OSI Model
    • 23.1.1 Attacks in Physical Layer
    • 23.1.2 Countermeasures for Attack in Physical layer
  • 23.2 MAC Layer of OSI Model
    • 23.2.1 Attacks in MAC Layer
    • 23.2.2 Countermeasures for Attack in MAC Layer
  • 23.3 Network Layer of OSI Model
    • 23.3.1 Attacks in Network Layer
    • 23.3.2 Countermeasures for Attack in Network Layer
  • 23.4 Application Layer of OSI Model
    • 23.4.1 Attacks in Application Layer
    • 23.4.2 Countermeasures for Attack in Application layer
  • 23.5 Concluding Remarks on Security Threats on OSI layer

24.0 SECURITY GOALS OF WIRELESS SENSOR NETWORKS

  • 24.1 Primary Security Goals
    • 24.1.1 Data Integrity
    • 24.1.2 Data Authentication
    • 24.1.3 Data Confidentiality
    • 24.1.4 Data Availability
  • 24.2 Secondary Security Goals
    • 24.2.1 Self-Organization
    • 24.2.2 Time Synchronization
    • 24.2.3 Data Freshness
    • 24.2.4 Secure Localization

25.0 CHALLENGES FOR WIRELESS SENSOR NETWORKS

  • 25.1 Wireless Medium inherently Less Secure
  • 25.2 Security Tools to Adopt to Ad-Hoc Nature
  • 25.3 Hostile Environment of Sensor Nodes
  • 25.4 Resource Inadequacy of Sensor Devices
  • 25.5 Massive Scale of IoT / M2M
  • 25.6 Unreliable Communication
    • 25.6.1 Unreliable Transfer
    • 25.6.2 Conflicts
    • 25.6.3 Latency
  • 25.7 Unattended Sensor Nodes
    • 25.7.1 Exposure to Physical Attacks
    • 25.7.2 Managed Remotely
    • 25.7.3 No Central Management Point

26.0 TYPES OF ATTACKS IN SENSOR NETWORKS

  • 26.1 Passive Attack
    • 26.1.1 Attacks against Privacy
  • 26.2 Active Attack
    • 26.2.1 Denial of Service (DoS) Attack
    • 26.2.2 Routing Attacks
    • 26.2.3 Physical Attacks on Devices
    • 26.2.4 Node Subversion
    • 26.2.5 Node Malfunction
    • 26.2.6 Node Outage
    • 26.2.7 Interception of the Messages of Sensor Nodes
    • 26.2.8 Modification of Message
    • 26.2.9 False Node
    • 26.2.10 Node Replication Attacks

27.0 SECURITY MECHANISMS TO COMBAT ACTIVE AND PASSIVE ATTACKS

  • 27.1 Low-Level Mechanism
    • 27.1.1 Secrecy and Authentication
    • 27.1.2 Privacy
    • 27.1.3 Secure Routing
    • 27.1.4 Robustness to Communication Denial of Service
    • 27.1.5 Resilience to Node Capture
    • 27.1.6 Key Establishment and Trust Setup
  • 27.2 High-Level Mechanism
    • 27.2.1 Intrusion Detection
    • 27.2.2 Secure Data Aggregation
    • 27.2.3 Secure Group Management

28.0 SENSOR NETWORK STANDARDIZATION

29.0 CONCLUDINS

LIST OF FIGURES

  • Figure 1: Security Requirements for M2M
  • Figure 2: Factors leading to complexity in M2M Applications
  • Figure 3: Measures to Ensure Security for M2M Applications
  • Figure 4: Organizations and Collaborations for Standards for Safety
  • Figure 5: Privacy Concerns
  • Figure 6: Privacy and Security Concerns for Big Data
  • Figure 7: Industry Security Survey Participants
  • Figure 8: Geographic Reach of Companies
  • Figure 9: Topmost Concerns for Deploying M2M Solutions
  • Figure 10: Topmost M2M Security/Privacy Considerations by Enterprise
  • Figure 11: Attacks on OSI Layers
  • Figure 12: Counter Measures for Attacks in OSI Layers
  • Figure 13: Security Goals of Wireless Sensor Network
  • Figure 14: Challenges for Wireless Sensor Networks
  • Figure 15: Types of Attacks in Sensor Networks
  • Figure 16: Techniques employed to deploy Active attacks
  • Figure 17: Security Mechanisms to Combat Active and Passive Attacks
Back to Top