Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identify best pratices regarding cyber security #176

Open
emiltin opened this issue Sep 25, 2024 · 4 comments
Open

Identify best pratices regarding cyber security #176

emiltin opened this issue Sep 25, 2024 · 4 comments
Assignees
@emiltin
Labels
security

Comments

@emiltin
Copy link
Contributor

emiltin commented Sep 25, 2024

Find 3-5 good sources that describe best practices that relate to our work with RSMP.
Document them so we can always refer to them.
@emiltin emiltin self-assigned this Sep 25, 2024
@emiltin emiltin converted this from a draft issue Sep 25, 2024
@RazeAntoine
Copy link

RazeAntoine commented Sep 26, 2024
edited
Loading

A good start ?
OWASP TOP 10 2025 (more oriented web app but not that bad)
OWASP TOP 10 IOT (IOT focused but 2018)

This need a bit of work to extract accurate information that relate closely to RSMP.

@emiltin
Copy link
Contributor Author

emiltin commented Sep 27, 2024
edited
Loading

Not a best practice as such, but a great project and inspiration for how to deal with security and certificates on remote (embedded) decvices: NervesHub 2.0.0 was just released and some of the changes include:

  • Easier onboarding of devices via Shared Secret
  • Secure device authentication via device certificates & NervesKey
  • Secure, signed and authenticated firmware delivery

https://www.nerves-hub.org

@emiltin
Copy link
Contributor Author

emiltin commented Oct 1, 2024
edited
Loading

For RSMP 4:
MQTT security fundamentals (from Hive MQ): https://www.hivemq.com/mqtt/mqtt-security-fundamentals/
MQTT over QUIC (from EMQX): https://emqx.medium.com/quic-protocol-the-features-use-cases-and-impact-for-iot-iov-10f27441ebe

@emiltin
Copy link
Contributor Author

emiltin commented Oct 22, 2024

https://www.linkedin.com/pulse/top-5-best-practices-ensuring-security-embedded-2samf/
https://lembergsolutions.com/blog/strategies-ensure-embedded-system-security

OTA (over-the-air updates) is mentioned as a best-practice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emiltin emiltin

Labels
security
Projects
Core Security
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emiltin @RazeAntoine