Design-In-Expertise And Service
Search for ...
Search:
Manufacturer Category Article Free text

IoT Security for EN 303 645

 

In April 2020, the European Telecommunications Standards Institute (ETSI) released the EN 303 645, which brings together some best practises in the Consumer IoT field.

To ensure a secure product, the ETSI Technical Committee Cyber Security (CYBER) highlighted 14 points regarding both hardware and software design, but also some company policies concerning the user data management and design principles.

THE 14 POINTS

  • Hardware
    • Securely store sensitive security parameters

    • Communicate securely

    • Minimize exposed attack surfaces

    • Ensure software integrity

  • Software/Firmware
    • No universal default password

    • Ensure that personal data is secure

    • Make the system resilient to outages

    • Validate input data

  • Company Policy
    • Implement a means to manage reports of vulnerabilities

    • Keep software updated

    • Examine system telemetry data

    • Make it easy for users to delete user data

    • Make installation and maintenance easy

    • Clearly explain what personal data is collected and what for

How to address the hardware requirements

To address the hardware requirement, both secure bootloader and encrypted flash are required. But this isn’t always enough, how can you be sure your keys are securely stored and how do you limit the exposed attack surface?

The best way to manage all these concerns at once is to rely on a secure element by Wisekey and depending on the security certification you need, there are several options and among them:

Wisekey is the leader supplier of secure elements and its products have passed all the required security standard tests.

    Bitte kontaktieren Sie mich zu oben genannten Thema per

    Ich bin interessiert an:

    AngebotBesuchsterminDatenblattMusterSonstiges