This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

ASVS V20 Internet of Things

From OWASP
Revision as of 00:01, 6 November 2018 by Tonimir Kisasondi (talk | contribs)

Jump to: navigation, search

V20: Internet of Things Verification Requirements

This section contains controls that are Embedded/IoT device specific. These controls must be taken in conjunction with all other sections of the relevant ASVS Verification Level.

Control Objective:

Embedded/IoT devices should:

  • Have the same level of security controls within the device as found in the server, by enforcing security controls in a trusted environment.
  • Sensitive data stored on the device should be done so in a secure manner.
  • All sensitive data transmitted from the device should utilize transport layer security.


Security Verification Requirements:

# Description L1 L2 L3
20.1 Verify that application layer debugging interfaces such USB or serial are disabled. 3.1
20.1 Verify that cryptographic keys are unique to each individual device. 3.1
20.1 Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable. 3.1
20.1 Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately. 3.1
20.1 Verify that physical debug headers are not present on the device. 3.1
20.1 Verify that sensitive data is not stored unencrypted on the device. 3.1
20.1 Verify that the device prevents leaking of sensitive information. 3.1
20.1 Verify that the firmware apps protect data-in-transit using transport security. 3.1
20.1 Verify that the firmware apps validate the digital signature of server connections. 3.1
20.1 Verify that wireless communications are mutually authenticated. 3.1
20.1 Verify that wireless communications are sent over an encrypted channel. 3.1
20.1 Verify that the firmware apps pin the digital signature to a trusted server(s). 3.1
20.1 Verify the presence of physical tamper resistance and/or tamper detection features, including epoxy. 3.1
20.1 Verify that identifying markings on chips have been removed. 3.1
20.1 Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled. 3.1
20.1 Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging strings). 3.1
20.1 Verify the device validates the boot image signature before loading. 3.1
20.1 Verify that the firmware update process is not vulnerable to time-of-check vs time-of-use attacks. 3.1
20.1 Verify the device uses code signing and validates firmware upgrade files before installing. 3.1
20.1 Verify that the device cannot be downgraded to old versions of valid firmware. 3.1
20.1 Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators). 3.1
20.1 Verify that the device wipes firmware and sensitive data upon detection of tampering or receipt of invalid message. 3.1
20.1 Verify that only microcontrollers that support disabling debugging interfaces (e.g. JTAG, SWD) are used. 3.1
20.1 Verify that only microcontrollers that provide substantial protection from de-capping and side channel attacks are used. 3.1
20.1 Verify that sensitive traces are not exposed to outer layers of the printed circuit board. 3.1
20.1 Verify that inter-chip communication is encrypted. 3.1
20.1 Verify the device uses code signing and validates code before execution. 3.1
20.1 Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required. 3.1
20.1 Verify that the firmware apps utilize kernel containers for isolation between apps. 3.1

References:

For more information, see also: