ETSI - TR 103 534-1
SmartM2M; Teaching material; Part 1: Security
| Organization: | ETSI |
| Publication Date: | 1 August 2019 |
| Status: | active |
| Page Count: | 35 |
scope:
Context for the present document
The design, development and deployment of - potentially large - IoT systems require to address a number of topics - such as privacy, interoperability or security - that are related and should be treated in a concerted manner. In this context, several Technical Reports have been developed that each address a specific facet of IoT systems.
In order to provide a global a coherent view of all the topics addressed, a common approach has been outlined across the the present document concerned with the objective to ensure that the requirements and specificities of the IoT systems are properly addressed and that the overall results are coherent and complementary.
The present document has been built with this common approach also applied in all of the other documents listed below:
ETSI TR 103 533 [i.1]
ETSI TR 103 534 [i.15]
NOTE: ETSI TR 103 534-1 is the present document
ETSI TR 103 535 [i.3]
ETSI TR 103 536 [i.4]
ETSI TR 103 537 [i.5]
ETSI TR 103 591 [i.19]
Scope of the present document
The present document presents teaching material to allow readers, identified by role, to gain knowledge of the fundamentals of IoT security.
The present document is structured as a set of annexes each containing the outline of training material. The more detailed training material, in the form of a set of PowerPoint slides is provided in archive tr_10353401v010101p0
The annexes contain training material in the following areas:
• Threat, Vulnerability and Risk Analysis (TVRA) in IoT:
- The role of TVRA is primarily to ensure that a system is designed and deployed with a thorough understanding of the environment in which it will be deployed, the purpose of the system, the components or assets of the system, the links between the deployment and its environment, and the technical/procedural
- The material in this clause extends from material prepared for the ETSI TVRA Workshop (March 2009) and is based on the TVRA method published in ETSI TS 102 165-1 [i.2] with specific IoT use cases to drive the TVRA exercise.
• Secure configuration of IoT devices:
- The vast majority of security failures occur as a result of poor configuration. For example reliance on default security attributes (the default password conundrum). The purpose of this module is to give guidance on how to securely configure IoT devices to minimise their attack surface.
• Cryptographic security basics as they apply in IoT:
- Cryptography is the mathematical toolset that underpins the majority of countermeasures (i.e. authentication, encryption, integrity proof and verification). The purpose of this module is to give a simple grounding in the role and purpose, and the underlying mechanisms of cryptography. Amongst the topics to be covered are the following:
• Role of cryptography in security
• Historic roots of cryptography
• Relationship identification to pre-select cryptographic architecture
• Core cryptographic modes
- The material provides examples based on AES as published in FIPS 197 [i.11] and the Diffie Hellman asymmetric key exchange protocol.
• Secure operation of IoT devices:
- Closely related to secure configuration is secure operation and this module addresses the measures required to assure that a securely configured device can be operated securely.
• Applying best practices to IoT security:
- The purpose of this module is to give specific training in how to apply the best practices identified in ETSI TR 103 533 [i.1] to real IoT systems.
• Programming guide for secure IoT:
- The purpose of this module is to give guidance on secure or safe programming. By means of coding examples (in programming languages including Swift, C, C++, Java) the steps to minimise security flaws in programming of IoT devices.
• Guide to selecting a training provider:
- A guide to the identification and selection of training providers and training programmes in IoT.
Document History
