Q4 2023
What do we have?
For Requirements
- TR-124
- Section SEC.
- WT-492
- Device security
- Firmware validation
- Security applications
- Trusted EE
- Device security
- Smart Home
- Nothing yet
- Device Firmware
- HTTPS is required for the URL
- Checksum validation
- Firmware for Connected Devices (cell radio / IOT devices)
For Data Model
- VPN/Tunneling - differentiating security of stuff vs. security services for the operators?
- Secured Role (Controller Trust / Roles / Permissions)
For Our Protocols
- TR-369
- Certificate auth
- What works, what doesn't?
- We all love certs, but do people implement them correctly? Do they need guidance?
- Session Context
- Certificate auth
For Messaging
- Confusing mix between 124 requirements, how to use them, and which DM objects to implement
What do we need
?For Requirements
TR-124
- Physical box security
- Physical port security (turning on and off)
- Other design requirements that are currently in GENERAL.DESIGN.
- Secure Bootloader
- Certificates
(Secure memory) - What requirements can we reference or use?
- Roles, runlevels
- Triage interfaces that reference other requirements
Smart Home
- What requirements can we reference or use?
- What things are operator specific?
For Data Model
- Security profiles
- Profiles about data model things
- But also actual security profiles (levels of response based on the location of the device)
- Intrusion Detection System (IDS)
-
DEV2DM-324Getting issue details...
STATUS
- Security flows - hardware acceleration
- Flow identification
- Physical security alerts/status
- Provisioning of CPE Certificates used for mutual authentication - - DEV2DM-913Getting issue details... STATUS
- Device fingerprinting/identification
- Type, OS, version, etc.
- Theories of Operation for Security using stuff that exists
- Getting ToO from security app vendors and look for gaps
- Gap analysis with prpl
For Our Protocols
For Messaging
- Tool to match requirements in 124 to data model requirements 181
- ToO/Whitepaper on authentication/use of certificates