IoT Security Standards - Quick Tutorial
IoT is a buzzword for the last 10 years. Currently, the market is bombarded with cheap IoT products. The main problem associated with cheap IoT devices is the leakage of sensitive information. Security Researchers are also trying to develop comprehensive procedures to secure IoT devices. In this article, we have discussed the list of IoT standards essential for evaluating IoT products. These standards should be handy while performing a security analysis of IoT products.
ISO/IEC 30141:2018 Internet of Things (loT) — Reference Architecture
Takes care of end-of-life, security policies, and techniques for IoT products.
ISO/IEC 27000:2018 - Security techniques
Takes care of authentication and authorization schemes, procedures for analyzing and handling security incidents, periodic audits and reviews of security controls, data integrity, and confidentiality, etc.
ISO/IEC 29100:2011 - Security techniques — Privacy framework
Takes care of procedure for collection and procession of personal data.
ISO/IEC 27031:2011 Security techniques — Guidelines for information and communication technology readiness for business continuity
Takes care of processes for self-repair and self-diagnosis to recover from ant type of unintended state.
ISO/IEC 19790:2012 - Security techniques — Security requirements for cryptographic modules
Takes care of authentication mechanism, including two-factor authentication (2FA), multi-factor authentication, storage of authentication credentials (it may be salted, hashed or encrypted), tamper protection, and detection mechanism, etc.
ISO 27034 (application security)
Takes care of procedure of application security and gives assurance to the IoT product.
ISO 27033 (network security)
Takes care of procedure of network security and gives assurance to the IoT product.
ISO 15408 - Common Criteria (CC)
CC consists of three parts - Part 1: Introduction and general model, Part 2: Security functional components and Part 3: Security assurance components. This standard takes care of usage and environment of IoT device, security features such as authentication and authorization, cryptography related aspects such as key management and operation,
ISO 27040 (storage security)
Takes care of storage security and gives assurance to the IoT product.
ISO/IEC 27017:2015 - Security techniques — Code of practice for information security controls based for cloud services
Takes care of security controls for cloud services and gives assurance to the IoT product.
ISO/IEC 11889-1:2015 - Trusted platform module (TPM) library — Part 1: Architecture
Takes care of hardware-based immutable root of trust, secure boot etc. of TPM.
ISO/IEC 29192-2:2012 - Security techniques — Lightweight cryptography — Part 2: Block ciphers
Takes care of implementation of lightweight cryptography techniques in IoT products.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
