August 2023 - In this interview, Rana Kamill (BT) describes the conclusion of a successful collaboration between the ITU and oneM2M to endorse oneM2M’s IoT security specifications which deliver a full feature set standard for IoT systems. Rana also discusses oneM2M’s presence at two ETSI events, IoT Week and Security Week 2023.
Q: Let us begin with a brief introduction about your job and your role in oneM2M and the ITU-T.
I work as an IoT Ecosystem architecture solution manager in BT. I currently own BT’s IoT’s standards roadmap and work closely with the Research and Networks Strategy wider team. I previously worked in BT as a RAN designer and then as a Security consultant providing consultancy across BT’S all Customer Facing Units. I represent BT in various standards body like ETSI, 3GPP and the ITU-T, ITU-T R and oneM2M. I am the ITU-T SG20 (Internet of Things, smart cities and communities) liaison rapporteur to oneM2M, an SG20 WP1/20 vice chair and an associate rapporteur of Q3/20 (IoT and SC&C architectures, protocols and QoS/QoE) and Q6/20 (Security, privacy, trust and identification for IoT and SC&C).
Q: Can you tell us more about the Structure of the ITU and ITU-T?
The International Telecommunication Union (ITU) is the specialized United Nations agency for information and communication technologies (ICTs). It has 193 Member States and a membership of over 900 companies, universities, and international and regional organizations. It acts as a platform for governments and the private sector to coordinate the development of international standards for global telecom networks and services.
The ITU has three main Sectors which are ITU-R, ITU-D and ITU-T.
ITU-R stands for the ITU Recommendation Sector. It coordinates global wireless communication activities and represents the global focal point for standardisation of radiocommunications services and systems. It plays a key role in allocating the global radio spectrum and satellite orbits.
ITU-D stands for the ITU Development Sector and aims to improve access to telecommunications and information communication technologies to underserved communities worldwide. It works on creating policies, regulations, and the provision of training programs and financial strategies in developing countries. ITU-D promotes the right of people across the globe to communicate through access to infrastructure, information, and communication services.
ITU-T stands for the ITU Telecommunication Standardization Sector. It works on developing interoperable technical ICT standards covering all fields of telecommunications on a worldwide basis. ITU-T is also active in defining tariff and accounting principles for international telecommunication services. It acts as a platform for governments and the private sector to coordinate the development of international standards for global telecom networks and services.
The technical work of ITU-T is managed by study groups (SGs) that develop Recommendations, a formal label in ITU-T terminology, and other publications. Telecommunications sector experts from all over the world are involved in those study groups. There are 10 SGs in the ITU-T with SG20 the Internet of Things (IoT) and the Smart Cities and Communities (SC&C)
SG20 consists of a Technical Plenary and two working parties, each of which manages a number of questions. The Question is the basic project unit within ITU-T. Questions address technical studies in a particular area of telecommunication standardization and are driven by contributions. There are seven questions inSG20.
Q: What does the work of ITU-T SG20 focus on?
Study Group 20 works on addressing the standardization requirements of Internet of Things (IoT) technologies, with an initial focus on IoT applications in smart cities and communities (SC&C). The study group works on developing international standards to enable the coordinated development of IoT technologies, including machine-to-machine communications and ubiquitous sensor networks.
It also addresses the standardization of end-to-end architectures for IoT, and mechanisms for the interoperability of IoT applications and datasets employed by various vertically oriented industry sectors.
Q: What is the context for oneM2M’s collaboration with the ITU?
The deployment of IoT technologies is estimated to connect over 50 billion devices to the network, impacting nearly every aspect of our daily lives. IoT is contributing to the convergence of industry sectors. oneM2M and the ITU provide the specialized IoT standardization platform necessary for this convergence, based on a cohesive set of international standards.
Our two organizations have been working together for a few years. In February 2023, the security recommendation document was fully transposed by the ITU-T. “Transposition” is a technical way of saying that the ITU endorses the oneM2M standard. The Security Solutions document has gone through the ITU-T’s typical approval process and has been translated into the ITU’s six official languages which are English, Arabic, Chinese, French, Spanish and Russian. The approval refers to oneM2M’s security solutions technical specification, TS-0003. This is an addition to ITU-T’s earlier Y-4500 series approval of the requirements and architecture associated with an M2M common service layer, built on middleware workflow concepts standardized oneM2M. The approval happened over a multi-step process involving series of discussions between ITU-T and oneM2M experts which I lead. The document got approved under question 6 (Q6) after gaining consensus from the majority of member states and sector members. It was then approved by Working Party 1 and then by the SG20 Technical plenary.
The full set of oneM2M’s specifications, approved as the ITU-T Recommendation Y-4500 series, is available at https://www.itu.int/md/T22-SG20-R-0003/en.
Q: What was the importance of getting oneM2M’s Security Solutions Document transposed by the ITU-T?
The ITU badge on the technology standards we have developed in oneM2M removes a barrier to implementation that can be policy driven for some countries in regions such as North Africa and South America. While ETSI standards are very popular in Europe, some countries in other regions mainly refer to ITU standards. One consequence of the convergence between oneM2M and the ITU is to enable a global ecosystem for solutions based on a single standard which can result in lower costs for the wider telecommunications community.
Q: What are some challenges that you faced?
The ITU is intergovernmental in nature and has been characterized by public-private partnerships since its creation. Since the ITU is a part of the UN, the system can be a lot more political than normal standards meetings which are attended by sector members and academics rather than member states like in the ITU.
For example, some member states might oppose to using of certain algorithms, as an example, or they might advise against changing certain procedures that they use. We got our propositions approved and gained consensus from the majority of member states.
Sometimes simple things took time to align like using different words, numerical systems, or naming annexes. Nevertheless, we managed to align all of that and get the documents to a stage everyone was happy with.
Q: Reverting to technical fundamentals, how did oneM2M approach the issue of IoT security?
oneM2M specifies a distributed software/ middleware layer sitting between applications and underlying communication networking hardware/ software integrated into devices gateways and servers. It bridges communication technologies such as fixed, NB-IoT, 3GPP 4G, 5G, etc. In broad terms, oneM2M defines a horizontal architecture for IoT systems, irrespective of application vertical. This means developers can use oneM2M for industrial or intelligent transport applications among other possibilities.
One of the advantages of oneM2M is to enable interoperability. This enables developers to combine components from different vendors and to share IoT data across silos. A good example is a smart city where you might want to interoperate streetlights, transport systems and environmental sensing for example.
oneM2M also defines a set of common service functions (CSFs) which are functions that crop up repeatedly when building IoT systems. Security is one CSF and an important one in the oneM2M feature set.
Security-related functionalities play a vital and supplementary role within all IoT systems. oneM2M regards security as a standardized service function that can be universally employed across various applications spanning diverse industries. The approach also highlights the adoption of open standards, empowering service providers to maintain authority over all components and services in their implementations, independent of any single company or exclusive technological solutions.
Q: How does Security fit into the bigger oneM2M map and how should stakeholders approach IoT Security?
The IoT sector is fragmented and one way this happens is a result of focusing on component technologies. For example, we hear a lot about device management and connectivity which are recurring functions in all IoT systems. The same is true of security. The result is to focus on different aspects related to security such as authentication or encryption, for example. At a country level, we also hear a lot discussed about lawful intercept for example. However, since each country applies different legal rules, it becomes difficult to standardize when the scope has to cover basic security requirements and then to add-on deployment-specific, legal intercept policies.
So, in discussions with different stakeholders, we begin by talking about IoT systems and the idea of looking at the bigger picture beyond security. In oneM2M, we treat security as a common service function that can be applied in the same way across many applications in different verticals. We also emphasize the use of open standards so that service providers can control all entities and services in their deployments without relying on a single company or proprietary set of technologies.
Q: Would you tell us how IoT security featured in the most recent ETSI IoT week?
Yes, it was a great IoT Week on the theme of IoT Technologies for Green and Digital Transformation. I gave a presentation about the role of IoT enhancing digital and green transformation. I also chaired the Security session, for which we had great presenters including the UK’s Department for Science, Innovation and Technology and the Dutch Authority for Digital Infrastructure.
oneM2M was strongly present with presentations and great demonstrations including a oneM2M Information booth on Open-Source Software for IoT and Standardization Work. oneM2m will be strongly present in the ETSI Security week in October 2023. I will be giving a presentation about security in oneM2M so watch this space.