In April 2020, the European Telecommunications Standards Institute (ETSI) released the EN 303 645, which brings together some best practises in the Consumer IoT field.
To ensure a secure product, the ETSI Technical Committee Cyber Security (CYBER) highlighted 14 points regarding both hardware and software design, but also some company policies concerning the user data management and design principles.
Securely store sensitive security parameters
Communicate securely
Minimize exposed attack surfaces
Ensure software integrity
No universal default password
Ensure that personal data is secure
Make the system resilient to outages
Validate input data
Implement a means to manage reports of vulnerabilities
Keep software updated
Examine system telemetry data
Make it easy for users to delete user data
Make installation and maintenance easy
Clearly explain what personal data is collected and what for
To address the hardware requirement, both secure bootloader and encrypted flash are required. But this isn’t always enough, how can you be sure your keys are securely stored and how do you limit the exposed attack surface?
The best way to manage all these concerns at once is to rely on a secure element by Wisekey and depending on the security certification you need, there are several options and among them:
Wisekey is the leader supplier of secure elements and its products have passed all the required security standard tests.