sensor-threat.rst - OpenGrok cross reference for /Zephyr-latest/doc/security/sensor-threat.rst

Lines Matching +full:initial +full:- +full:key
1 .. _sensor-threat:
17 .. figure:: media/sensor-model.svg
28 This model also focuses on communicating via the MQTT-over-TLS protocol,
39    on-device flash that is the first code to run. In order to establish
43    programmed into the device, early in production [th-imboot]_.
52       [th-authrepl]_.
55       shall be done in a timely manner [th-timely-update]_.
60       [th-atomic-update]_.
64    are allowed to sign the certificate on the server. For cloud-provider
68    [th-root-certs]_, [th-root-check]_.
72    key, usually either an RSA key or an EC private key. When
82    this update to proceed while the old key is used.
85    of code necessary shall have access to them. [th-secret-storage]_
94    requires the time to be accurate within 5-10 minutes.
103    certificate to be able to intercept this. [th-time]_
114    should be allowed only from authorized parties. [th-conf]_
117    device shall log information about security-pertinent events. IoT
121    resource-available environment. Types of events that should be logged
132    [th-logs]_
184       Initial secrets shall be placed in the device during a
190       configuration information. On resource-constrained devices, it is
210    DNS results or attempt man-in-the-middle attacks
214    service [th-all-tls]_. The TLS stack shall be configured to use only cipher suites
220       [th-tls-ciphers]_.
223       server shall be verified [th-root-check]_.
250       [th-tls-client-auth]_.
256           certificates can be self-signed, or signed by a CA. Since the
262       ii. **Token-based authentication**. It is also possible for the
265           be transmitted in this packet. Instead, a token-based
275       modern, accepted cryptographic random-bit generator to generate
276       these random numbers. It shall use either a Non-Deterministic
279       by an entropy source within the SoC.  Please see NIST SP 800-90A
280       for information on approved RBGs and NIST SP 800-90B for
281       information on testing a device's entropy source [th-entropy]_.
293    lifecycle that impact security include initial provisioning, normal
294    operation, re-provisioning, and destruction.
296    a. **Initial provisioning**. During the initial provisioning stage,
297       it is necessary to program the bootloader, an initial application
298       image, a device secret, and initial configuration data
299       [th-initial-provision]_. In
304       [th-initial-secret]_.
309    c. **Re-provisioning**. Sometimes it is necessary to re-provision a
316       [th-reprovision]_.
321       [th-destruction]_. Possibilities include:
343 .. [th-imboot] Must boot with an immutable bootloader.
345 .. [th-authrepl] Application image shall only be replaced with an
348 .. [th-timely-update]
351 .. [th-atomic-update]
354 .. [th-root-certs]
357 .. [th-root-check]
360 .. [th-secret-storage]
364 .. [th-time]
368 .. [th-conf]
371 .. [th-logs]
372    The system must log security-related events, and either store them
375 .. [th-all-tls]
378 .. [th-tls-ciphers]
382 .. [th-tls-client-auth]
386 .. [th-entropy]
387    The TLS layer shall use a modern, accepted cryptographic random-bit
390 .. [th-initial-provision]
391    The device shall have a per-device secret loaded before deployment.
393 .. [th-initial-secret]
394    The initial secret shall be securely maintained, and destroyed in
397 .. [th-reprovision]
400 .. [th-destruction]
408    See https://www.slideshare.net/kartben/iot-developer-survey-2018. As