1 Dec
2017
1 Dec
'17
11:03 a.m.
On 2017-11-30 17:31, Alex Smirnoff wrote:
Ok, I see four basic requirements here: 1) IoT device should receive regular security updates 2) security status of the device should be manageable (get patchlevel, update OTA) for every active device 3) updates should be digitally signed (unless user is allowed to bypass this restriction under certain conditions) 4) the "non IoT" counterpart of the infrastructure, whatever it be, including development and release process, should be reasonably protected.
Did I miss anything?
I think it's useful to point to related work in the IETF circles (e.g. https://tools.ietf.org/html/draft-moore-iot-security-bcp-01) that has a much broader set of requirements with good explanations. Cheers, Robert