This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "ASVS V20 Internet of Things"

From OWASP
Jump to: navigation, search
(de)
 
Line 1: Line 1:
=== V20: Internet of Things Verification Requirements ===
+
{{taggedDocument
This section contains controls that are Embedded/IoT device specific. These controls must be taken in conjunction with all other sections of the relevant ASVS Verification Level.
+
| type=delete
 
+
| comment=Tagged via fixme/delete.
'''Control Objective:'''
+
}}
 
 
Embedded/IoT devices should:
 
 
 
* Have the same level of security controls within the device as found in the server, by enforcing security controls in a trusted environment.
 
* Sensitive data stored on the device should be done so in a secure manner.
 
* All sensitive data transmitted from the device should utilize transport layer security.
 
 
 
 
 
'''Security Verification Requirements:'''
 
 
 
{| class="wikitable"
 
! # !! Description !! L1 !! L2 !! L3 !! Since |
 
|-
 
| 20.1 || Verify that application layer debugging interfaces such USB or serial are disabled. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that cryptographic keys are unique to each individual device. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that memory protection controls such as ASLR and DEP are enabled by the embedded/IoT operating system, if applicable. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that physical debug headers are not present on the device. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that sensitive data is not stored unencrypted on the device. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that the device prevents leaking of sensitive information. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that the firmware apps protect data-in-transit using transport security. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that the firmware apps validate the digital signature of server connections. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that wireless communications are mutually authenticated. || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that wireless communications are sent over an encrypted channel.  || ✓ || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that the firmware apps pin the digital signature to a trusted server(s). ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify the presence of physical tamper resistance and/or tamper detection features, including epoxy. ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that identifying markings on chips have been removed. ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled. ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify security controls are in place to hinder firmware reverse engineering (e.g., removal of verbose debugging strings). ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify the device validates the boot image signature before loading. ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that the firmware update process is not vulnerable to time-of-check vs time-of-use attacks. ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify the device uses code signing and validates firmware upgrade files before installing. ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that the device cannot be downgraded to old versions of valid firmware. ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators). ||  || ✓ || ✓ || 3.1
 
|-
 
| 20.1 || Verify that the device wipes firmware and sensitive data upon detection of tampering or receipt of invalid message. ||  ||  || ✓ || 3.1
 
|-
 
| 20.1 || Verify that only microcontrollers that support disabling debugging interfaces (e.g. JTAG, SWD) are used. ||  ||  || ✓ || 3.1
 
|-
 
| 20.1 || Verify that only microcontrollers that provide substantial protection from de-capping and side channel attacks are used. ||  ||  || ✓ || 3.1
 
|-
 
| 20.1 || Verify that sensitive traces are not exposed to outer layers of the printed circuit board. ||  ||  || ✓ || 3.1
 
|-
 
| 20.1 || Verify that inter-chip communication is encrypted. ||  ||  || ✓ || 3.1
 
|-
 
| 20.1 || Verify the device uses code signing and validates code before execution. ||  ||  || ✓ || 3.1
 
|-
 
| 20.1 || Verify that sensitive information maintained in memory is overwritten with zeros as soon as it is no longer required. ||  ||  || ✓ || 3.1
 
|-
 
| 20.1 || Verify that the firmware apps utilize kernel containers for isolation between apps. ||  ||  || ✓ || 3.1
 
|}
 
 
 
'''References:'''
 
 
 
For more information, see also:
 
 
 
* [OWASP Internet of Things Top 10](https://www.owasp.org/images/7/71/Internet_of_Things_Top_Ten_2014-OWASP.pdf)
 
* [OWASP Internet of Things Project](https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project)
 
* [Trudy TCP Proxy Tool](https://github.com/praetorian-inc/trudy)
 

Latest revision as of 16:48, 7 November 2018

This page has been recommended for deletion.
You can help OWASP by improving it or discussing it on its Talk page. See FixME
Comment: Tagged via fixme/delete.