This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP TASC Framework Project

From OWASP
Jump to: navigation, search
OWASP Project Header.jpg

TASC Framework Project

Things Authentication and Secure Communications (for Resource Constrained Systems)

Makers, professionally or as hobbyists, are creating "Internet of Things" (IoT) devices using low power systems such as Arduino. Security is often an afterthought or not considered at all. This project will make it easy to secure communications between devices.

This project will put a communications protocol and medium agnostic encryption and authentication layer onto resource constrained devices such as the Arduino.

The use of this framework will require no specialist security knowledge.

Description

The TASC Framework (Things Authentication and Secure Communications) provides a lightweight abstracted security framework and supporting libraries to provide authentication and secure communications on resource constrained systems. For example developers creating "Internet of Things" (IoT) devices using low power systems such as Arduino who are not security experts.

Licensing

The libraries and source code / examples associated with this project are licenced under Apache 2.0 Licence in order to encourage the broadest possible use in embedded systems where dynamic linking may not be practical.

The documentation and guidelines are licenced under Creative Commons Attribution ShareAlike 3.0 Licence.

What is OWASP TASC Framework Project?

Low powered devices such as those found in IoT developments will often be placed on people's home networks or within range of other's wireless communications devices. This leaves them vulnerable to compromises - particularly with regards to integrity and confidentiality.

The OWASP TASC Framework looks to address these issues in a way that makes no assumptions about the mechanism of the transmission of the data or commands - whether it be visible light, infra-red, 433MHz, 1-wire, serial, I2C, Bluetooth, WiFi etc. This is done by providing the capability to secure the payload and allowing the device developer the freedom to choose the communication medium.

Using an AES library such as: http://forum.arduino.cc/index.php?topic=88890.0 symmetric key encryption of the message payloads to ensure the authentication, integrity, and confidentiality of messages.

Project Resources

Source Code

Documentation

Wiki Home Page

Issue Tracker

Slide Presentation

The framework consists of a coordinator, a key manager, and one or more pairing mechanisms.

Presentation

Not yet...but watch this space...

Project Leader

Related Projects

Please let us know of any relevant related projects.

Openhub

Quick Download

Nothing yet but we should have some deliverables ready soon.

News and Events

  • [23 July 2015] First version of the project wiki page up!

Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png

Cc-button-y-sa-small.pngProject Type Files DOC.jpg

Apache-feather-small.gifProject Type Files CODE.jpg

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_TASC_Framework_Project&oldid=205274"