Content for TR 33.812 Word version: 9.2.0

3.1 Definitions 3.2 Symbols 3.3 Abbreviations
...

0 Introduction p. 6

Machine to Machine (M2M) Communication is seen as a form of data communication between entities that may have no human interaction. One of the challenges with M2M communication is that deployed M2M equipments are managed remotely without any direct human interaction with the device.

This Technical Report considers the M2M Equipment as a device that could be a fully self-contained device or a device with interfaces to attach, for example, sensors and on-site service equipment. The current 3GPP system defines the use of a USIM/ISIM application in a UICC as a means of protecting users (until now mostly human users of mobile terminals) and network operators from fraudulent use of the network. Since some of the original assumptions on the use of a USIM/ISIM application in a UICC did not take into account the requirements of M2M Equipment and users, the current UICC based solution needs to be reviewed against the new assumptions that arise from M2M.

TR 22.868 presents a study on facilitating machine-to-machine (M2M) communication in 3GPP systems. This Technical Report goes along with the TR 22.868, evaluating from a security perspective the solutions that might address the M2M use cases. One of the challenges highlighted in TR 22.868 is the possible need to be able to provision (i.e. initialize and/or change the subscription of) M2M equipment remotely, i.e. without requiring a person to attend the location of the M2M equipment. This was captured in clause 6 of TR 22.868, as possible requirements that could facilitate M2M communications in 3GPP systems, and more specifically in clause 5.2.2 of TR 22.868 when handling large numbers of M2M equipment. TR 22.868 mentions only UICC-based solution for M2M use-cases and does not explicitly mention the need to investigate UICC-less-based solutions.

1 Scope p. 7

The scope of this Technical Report is to study the remote subscription management for M2M Equipment (M2ME) when the Machine Communications Identity Module (MCIM) application resides in the UICC and when the MCIM application resides in the M2M equipment. The remote subscription management includes tasks such as remote subscription provisioning and/or remote change of subscription.

The scope of this study includes the definition of a trust model for remote subscription management for M2ME.Security threats and security requirements are identified, and an evaluation of the candidate solutions is presented.

The security implications of the following requirements are within the scope of the study (based on section 5.2.2 of TR 22.868)

The possibility to change subscription for M2MEs out in the field (e.g. after contract expiry) without direct human intervention.
The possibility to allocate the M2ME at initial power up to a network operator without direct human intervention.

Furthermore, this study includes the following items:

an investigation of candidate security solutions architectures that allow remote subscription management to take place in a secure manner;
an identification of current USIM/ISIM functionality that may need to be incorporated in a MCIM application, with or without changes to allow remote subscription management for the M2ME;
an identification of functionality in the network, in the UICC or in the M2ME, that may need to be added due to the remote subscription management method;
the study may identify principle requirements for protected storage and the execution environment (e.g. by collaborating with relevant working groups such as the OMTP Hardware group)
This study is beyond the scope of the first requirement identified in SA1 TR 22.868 since section 5.2.2 of TR 22.868 contains a requirement to have "Tamper Save/Theft proof terminal including a UICC".

2 References p. 7

The following documents contain provisions which, through reference in this text, constitute provisions of the present document.

References are either specific (identified by date of publication, edition number, version number, etc.) or non-specific.
For a specific reference, subsequent revisions do not apply.
For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same Release as the present document.

[1]

TR 21.905: "Vocabulary for 3GPP Specifications".

[2]

TR 22.868: "Study on Facilitating Machine to Machine".

[3]

Trusted Computing Group, "Mobile Reference Architecture and Mobile Trusted Module specifications", https://www.trustedcomputinggroup.org/specs/mobilephone/.

[4]

Global Platform Device Application Security Management, http://www.globalplatform.org/specificationsdevice.asp.

[5]

OMTP Trusted Environment: OMTP TR0, http://www.omtp.org/Publications/Display.aspx?Id=03f37406-be24-424b-b177-dd0cb9dbc719

[6]

OMTP Advanced Trusted Environment: OMTP TR1, http://www.omtp.org/Publications/Display.aspx?Id=24ad518b-6dba-4155-ad51-3143bd43a234

[7]

GSMA/EICTA Principles concerning handset theft, GSMA: Security Principles Related to Handset Theft 3.0.0

[8]

ETSI TS 102 221: "Smart Cards; UICC-Terminal interface; Physical and logical characteristics".

[9]

TS 31.102: "Characteristics of the USIM Application".

[10]

TS 31.103: "Characteristics of the IP Multimedia Services Identity Module (ISIM) Application".

[11]

TS 31.101: "UICC-Terminal Interface, Physical and Logical Characteristics".

[12]

ETSI TS 101 220: "Smart cards; ETSI numbering system for telecommunication application providers".

[13]

OMA-TS-DM_Bootstrap-V1_2: "OMA Device Management Bootstrap" http://member.openmobilealliance.org/ftp/Public_documents/DM/Permanent_documents/

[14]

OMA-TS-DM-Security-V1_2: "OMA Device Management Security" http://member.openmobilealliance.org/ftp/Public_documents/DM/Permanent_documents/

3 Definitions, symbols and abbreviations p. 8

3.1 Definitions p. 8

For the purposes of the present document, the terms and definitions given in TR 21.905 and the following apply. A term defined in the present document takes precedence over the definition of the same term, if any, in TR 21.905.

Trusted Environment:

The Trusted environment (TRE) with the M2ME provides some hardware and software protection and separation for the provisioning, storage, execution and management of MCIMs. A TRE can be validated at any time by an external agency that is authorised to do so.

MCIM:

For the purposes of the present document the Machine Communication Identity Module (MCIM) is a term that indicates the collection of M2M security data and functions for a M2ME for accessing a 3GPP network. This may be an IMS network. MCIM may reside on a UICC or on a TRE.

M2M end user:

The entity using the M2ME. In general, a M2M end user might not have any direct contractual relationship with the MNO providing service to the M2ME.

M2M subscriber:

The entity "owning" one or more M2ME(s) and having a contractual relationship with the MNO to provide service the M2ME(s).

M2ME :

A M2ME is a device equipped for Machine To Machine Communication, which communicates through a PLMN.

M2ME identity:

A permanent private identity that uniquely identifies each M2M Equipment. The M2ME identity is installed in the M2ME by the supplier. The M2ME identity follows the same format as the IMEI.

Provisional Connectivity ID (PCID):

A temporary private identity that identifies each M2ME. The PCID, where required, should be installed in the M2ME by the supplier in order to allow the M2ME to register in a 3GPP network without being associated yet with any specific future selected home operator. The PCID follows the same format as the IMSI.

TRE identity:

A permanent private identity that uniquely identifies each Trusted Environment. The TRE identity is installed in the TRE by the TRE supplier in order to be able to identify the TRE during provisioning of MCIMs.

3.2 Symbols p. 9

For the purposes of the present document, the following symbols apply:

3.3 Abbreviations p. 9

For the purposes of the present document, the abbreviations given in TR 21.905 and the following apply. An abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in TR 21.905.

ACL

Access Control List

ADSL

Asymmetric Digital Subscriber Line

Access Network

Authentication Vector

BOOTP

BOOTstrap Protocol

CCIF

Connectivity Credentials Issuing Function

DdoS

Distributed Denial of Service (attack)

DHCP

Dynamic Host Configuration Protocol

Device Management

DPF

Downloading and Provisioning Function

DRF

Discovery and Registration Function

Home Operator

ICF

Initial Connectivity Function

ICSP

Initial Connectivity Service Provider

Internet Protocol

MCIM

Machine Communication Identity Module

MITM

Man In The Middle (attack)

MMI

Man-Machine Interface

M2M

Machine-to-Machine

M2ME

M2M equipment

NGN

Next Generation Network

OCSP

Online Certificate Status Protocol

OMA

Open Mobile Alliance

PCID

Provisional Connectivity IDentity

PfC

Platform Credential

PKCS

Public Key Cryptography Standard

PKI

Public Key Infrastructure

Personal Network

PNM

Personal Network Management

Packet Switched

PVA

Platform Validation Authority

RAM

Remote Application Management

RFM

Remote File Management

Registration Operator

SHO

Selected Home Operator

TCG

Trusted Computing Group

TRE

Trusted Environment

VNO

Visited Network Operator

WLAN

Wireless Local Area Network