ETSI - SR 003 680
SmartM2M; Guidelines for Security, Privacy and Interoperability in IoT System Definition; A Concrete Approach
|Publication Date:||1 March 2020|
Context for the present document
The design, development and deployment of - potentially large - IoT systems require to address a number of topics - such as security, interoperability or privacy - that are related and should be treated in a concerted manner. In this context, several Technical Reports have been developed that each address a specific facet of IoT systems.
• ETSI TR 103 533: "Security; Standards Landscape and best practices" [i.1].
• ETSI TR 103 534: "Teaching Material: Part 1 (Security) [i.2] and Part 2 (Privacy)" [i.3].
• ETSI TR 103 535: "Guidelines for semantic interoperability in the industry" [i.4].
• ETSI TR 103 536: "Strategic/technical
• ETSI TR 103 537: "PlugtestsTM preparation on Semantic Interoperability" [i.6].
• ETSI TR 103 591: "Privacy study report; Standards Landscape and best practices" [i.7].
In order to provide a global and coherent view of all the topics addressed, a common approach has been outlined across the above Technical Reports (TRs) concerned with the objective to ensure that the requirements and specificities of the IoT systems are properly addressed and that the overall results are coherent and complementary.
The present document has been built with this common approach also applied in all of the TRs listed above.
Scope of the present document
The present document intends to be a high-level document for the general public and is not specifically addressing a technical audience (e.g. designers, developers, etc.). It is introducing, in a relatively non-technical manner, to some of the main issues that individuals and organizations should address when they face the development of an IoT system. A strong emphasis is put on interoperability, security, privacy and standards in support.
Based on the analysis of representative Use Cases (eHealth, Smart Buildings, Industrial IoT, IoT-based Mission Critical Communications), which are documented in Annex A, and relating to (and updating) the guidelines developed in the TRs listed in clause 1.1, it provides guidelines for Security, Privacy and Interoperability in IoT System Definition.
The present document is structured as follows:
• Clauses 1 to 3 set the scene and provide references as well as definition of terms, symbols and abbreviations, which are used in the document on hand.
• Clause 4 explains the approach to IoT systems specification, development and deployment taken in the present document.This approach is based on the analysis of typical examples (also termed as Use Cases) which have been selected in order to cover a broad panel of sectors (e.g. eHealth or Smart Buildings) and to answer some of the most pressing questions of the readers from a strategy, management and technology perspective. The clause also suggests how the rest of the document should be read in order to maximize the findings for the readers.
• Clause 5 focuses on questions related to privacy, security and interoperability (platforms interoperability and semantic interoperability) that are addressed from different angles and not just from a simple technical perspective. The text in this clause is mostly presented in the form of a "Frequently Asked Questions" (FAQ) information sheet with the intent to illustrate major questions in IoT, and their solutions, in an easily digestible form. The questions also refer to the associated Technical Reports (detailed in Annex B) and the use case examples (detailed in Annex A).
• Clause 6 offers some strategic, operational and technical guidelines, which intend to fix the issues addressed in clause 5.
• Clause 7 provides observations and lessons learned from the addressed issues and analysis of Use Cases.
• Annex A documents representative Use Cases (eHealth, Smart Buildings, Industrial IoT, IoT-based Mission Critical Communications) relating to the issues addressed in clause 5 and guidelines provided in clause 6.
• Annex B contains short descriptions of the Technical Reports listed in clause 1.1, as well as technical material and others for further reading.