This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "ASVS V20 Internet of Things"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
}}
 
}}
  
# V20: Internet of Things Verification Requirements
+
V20: Internet of Things Verification Requirements
 
This section contains controls that are Embedded/IoT device specific. These controls must be taken in conjunction with all other sections of the relevant ASVS Verification Level.
 
This section contains controls that are Embedded/IoT device specific. These controls must be taken in conjunction with all other sections of the relevant ASVS Verification Level.
  
## Control Objective
+
Control Objective
  
 
Embedded/IoT devices should:
 
Embedded/IoT devices should:
Line 15: Line 15:
  
  
## Security Verification Requirements
+
Security Verification Requirements
  
| # | Description | L1 | L2 | L3 | Since |
+
{| class="wikitable"
| --- | --- | --- | --- | -- | -- |
+
! # !! Description !! L1 !! L2 !! L3 !! Since |
| **20.1** | Verify that application layer debugging interfaces such USB or serial are disabled. | ✓ | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that cryptographic keys are unique to each individual device. | ✓ | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that application layer debugging interfaces such USB or serial are disabled. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable. | ✓ | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately. | ✓ | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that cryptographic keys are unique to each individual device. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify that physical debug headers are not present on the device. | ✓ | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that sensitive data is not stored unencrypted on the device. | ✓ | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify that the device prevents leaking of sensitive information. | ✓ | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that the firmware apps protect data-in-transit using transport security. | ✓ | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify that the firmware apps validate the digital signature of server connections. | ✓ | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that wireless communications are mutually authenticated. | ✓ | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that physical debug headers are not present on the device. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify that wireless communications are sent over an encrypted channel.  | ✓ | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that the firmware apps pin the digital signature to a trusted server(s). |  | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that sensitive data is not stored unencrypted on the device. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify the presence of physical tamper resistance and/or tamper detection features, including epoxy. |  | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that identifying markings on chips have been removed. |  | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that the device prevents leaking of sensitive information. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled. |  | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging strings). |  | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that the firmware apps protect data-in-transit using transport security. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify the device validates the boot image signature before loading. |  | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that the firmware update process is not vulnerable to time-of-check vs time-of-use attacks. |  | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that the firmware apps validate the digital signature of server connections. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify the device uses code signing and validates firmware upgrade files before installing. |  | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that the device cannot be downgraded to old versions of valid firmware. |  | ✓ | ✓ | 3.1 |
+
| 20.1 || Verify that wireless communications are mutually authenticated. || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators). |  | ✓ | ✓ | 3.1 |
+
|-
| **20.1** | Verify that the device wipes firmware and sensitive data upon detection of tampering or receipt of invalid message. |  |  | ✓ | 3.1 |
+
| 20.1 || Verify that wireless communications are sent over an encrypted channel.  || ✓ || ✓ || ✓ || 3.1
| **20.1** | Verify that only microcontrollers that support disabling debugging interfaces (e.g. JTAG, SWD) are used. |  |  | ✓ | 3.1 |
+
|-
| **20.1** | Verify that only microcontrollers that provide substantial protection from de-capping and side channel attacks are used. |  |  | ✓ | 3.1 |
+
| 20.1 || Verify that the firmware apps pin the digital signature to a trusted server(s). ||| ✓ || ✓ || 3.1
| **20.1** | Verify that sensitive traces are not exposed to outer layers of the printed circuit board. |  |  | ✓ | 3.1 |
+
|-
| **20.1** | Verify that inter-chip communication is encrypted. |  |  | ✓ | 3.1 |
+
| 20.1 || Verify the presence of physical tamper resistance and/or tamper detection features, including epoxy. ||| ✓ || ✓ || 3.1
| **20.1** | Verify the device uses code signing and validates code before execution. |  |  | ✓ | 3.1 |
+
|-
| **20.1** | Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required. |  |  | ✓ | 3.1 |
+
| 20.1 || Verify that identifying markings on chips have been removed. ||| ✓ || ✓ || 3.1
| **20.1** | Verify that the firmware apps utilize kernel containers for isolation between apps. |  |  | ✓ | 3.1 |
+
|-
 +
| 20.1 || Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled. ||| ✓ || ✓ || 3.1
 +
|-
 +
| 20.1 || Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging strings). ||| ✓ || ✓ || 3.1
 +
|-
 +
| 20.1 || Verify the device validates the boot image signature before loading. ||| ✓ || ✓ || 3.1
 +
|-
 +
| 20.1 || Verify that the firmware update process is not vulnerable to time-of-check vs time-of-use attacks. ||| ✓ || ✓ || 3.1
 +
|-
 +
| 20.1 || Verify the device uses code signing and validates firmware upgrade files before installing. ||| ✓ || ✓ || 3.1
 +
|-
 +
| 20.1 || Verify that the device cannot be downgraded to old versions of valid firmware. ||| ✓ || ✓ || 3.1
 +
|-
 +
| 20.1 || Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators). ||| ✓ || ✓ || 3.1
 +
|-
 +
| 20.1 || Verify that the device wipes firmware and sensitive data upon detection of tampering or receipt of invalid message. |||| ✓ || 3.1
 +
|-
 +
| 20.1 || Verify that only microcontrollers that support disabling debugging interfaces (e.g. JTAG, SWD) are used. |||| ✓ || 3.1
 +
|-
 +
| 20.1 || Verify that only microcontrollers that provide substantial protection from de-capping and side channel attacks are used. |||| ✓ || 3.1
 +
|-
 +
| 20.1 || Verify that sensitive traces are not exposed to outer layers of the printed circuit board. |||| ✓ || 3.1
 +
|-
 +
| 20.1 || Verify that inter-chip communication is encrypted. |||| ✓ || 3.1
 +
|-
 +
| 20.1 || Verify the device uses code signing and validates code before execution. |||| ✓ || 3.1
 +
|-
 +
| 20.1 || Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required. |||| ✓ || 3.1
 +
|-
 +
| 20.1 || Verify that the firmware apps utilize kernel containers for isolation between apps. |||| ✓ || 3.1
 +
|}
  
  
 
+
References:
## References
 
  
 
For more information, see also:
 
For more information, see also:

Revision as of 00:00, 6 November 2018

This Page is up to date, but it may need a nicer design! Please help OWASP to FixME.

V20: Internet of Things Verification Requirements This section contains controls that are Embedded/IoT device specific. These controls must be taken in conjunction with all other sections of the relevant ASVS Verification Level.

Control Objective

Embedded/IoT devices should:

  • Have the same level of security controls within the device as found in the server, by enforcing security controls in a trusted environment.
  • Sensitive data stored on the device should be done so in a secure manner.
  • All sensitive data transmitted from the device should utilize transport layer security.


Security Verification Requirements

# Description L1 L2 L3
20.1 Verify that application layer debugging interfaces such USB or serial are disabled. 3.1
20.1 Verify that cryptographic keys are unique to each individual device. 3.1
20.1 Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable. 3.1
20.1 Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately. 3.1
20.1 Verify that physical debug headers are not present on the device. 3.1
20.1 Verify that sensitive data is not stored unencrypted on the device. 3.1
20.1 Verify that the device prevents leaking of sensitive information. 3.1
20.1 Verify that the firmware apps protect data-in-transit using transport security. 3.1
20.1 Verify that the firmware apps validate the digital signature of server connections. 3.1
20.1 Verify that wireless communications are mutually authenticated. 3.1
20.1 Verify that wireless communications are sent over an encrypted channel. 3.1
20.1 Verify that the firmware apps pin the digital signature to a trusted server(s). 3.1
20.1 Verify the presence of physical tamper resistance and/or tamper detection features, including epoxy. 3.1
20.1 Verify that identifying markings on chips have been removed. 3.1
20.1 Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled. 3.1
20.1 Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging strings). 3.1
20.1 Verify the device validates the boot image signature before loading. 3.1
20.1 Verify that the firmware update process is not vulnerable to time-of-check vs time-of-use attacks. 3.1
20.1 Verify the device uses code signing and validates firmware upgrade files before installing. 3.1
20.1 Verify that the device cannot be downgraded to old versions of valid firmware. 3.1
20.1 Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators). 3.1
20.1 Verify that the device wipes firmware and sensitive data upon detection of tampering or receipt of invalid message. 3.1
20.1 Verify that only microcontrollers that support disabling debugging interfaces (e.g. JTAG, SWD) are used. 3.1
20.1 Verify that only microcontrollers that provide substantial protection from de-capping and side channel attacks are used. 3.1
20.1 Verify that sensitive traces are not exposed to outer layers of the printed circuit board. 3.1
20.1 Verify that inter-chip communication is encrypted. 3.1
20.1 Verify the device uses code signing and validates code before execution. 3.1
20.1 Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required. 3.1
20.1 Verify that the firmware apps utilize kernel containers for isolation between apps. 3.1


References:

For more information, see also: