Security

The LWM2M protocol is based on [CoAP] principles and utilizes the UDP and SMS transport channel bindings of the protocol. The LWM2M protocol utilizes the security mechanisms of these channel bindings to implement authentication, confidentiality, and data integrity features of the protocol between communicating LWM2M entities.

For authentication of communicating LWM2M entities, the LWM2M protocol requires that all communication between LWM2M Clients and LWM2M Servers as well as LWM2M Clients and LWM2M Bootstrap Servers are authenticated using mutual authentication. This means that a:

  • LWM2M Client MUST authenticate a LWM2M Server prior to exchange of any information.
  • LWM2M Server MUST authenticate a LWM2M Client prior to exchange of any information.
  • LWM2M Client MUST authenticate a LWM2M Bootstrap Server prior to exchange of any information.
  • LWM2M Bootstrap Server MUST authenticate a LWM2M Client prior to exchange of any information.

For confidentiality and data integrity of information between communicating LWM2M entities, the LWM2M protocol requires that all communication between LWM2M Clients and LWM2M Servers as well as LWM2M Clients and LWM2M Bootstrap Servers are encrypted and integrity protected. This means that a:

  • LWM2M Client MUST encrypt and integrity protect data communicated to a LWM2M Server.
  • LWM2M Server MUST encrypt and integrity protect data communicated to a LWM2M Client.
  • LWM2M Client MUST encrypt and integrity protect data communicated to a LWM2M Bootstrap Server.
  • LWM2M Bootstrap Server MUST encrypt and integrity protect data communicated to a LWM2M Client.

The LWM2M protocol specifies that authorization of LWM2M Servers to access Object Instances and Resources within the LWM2M Client is provided through Access Control Object Instances within the LWM2M Client.

results matching ""

    No results matching ""