Security

Introduction

The following chapter describes the authentication and authorization mechanisms that Bosch IoT Rollouts offers both for IoT devices as well as for services/users. However, for secure software updates in IoT context additional mechanisms have to be in place.

As the Bosch Holistic IoT security whitepaper describes, it is as well necessary that the update process ensures that the artifacts themselves are protected in an end-to-end manner using digital signatures that can safeguard their authenticity and integrity.

This functionality by design is not offered by Rollouts e.g. by means of automatic artifact signature generation. In fact, signatures have to be generated and signed by a trusted source, i.e. is an outcome of the artifact release process. Rollouts responsibility, as part of a secure update infrastructure, is to distribute artifacts in a secure manner but the end-to-end trust relationship has to be between the device and the authority that published the artifacts.

It is recommended to rely on an asymmetric key encryption scheme if supported by the device. As an additional defense-in-depth measure, it is as well recommended but not necessarily mandatory that software artifacts are encrypted end-to-end to render reverse engineering more difficult.

We strongly advise not to distribute the encryption key with Rollouts, as such a behaviour would undermine the benefits of the encryption mechanism and is, as a result by design again, out of scope for Rollouts. Solutions for managing encryption keys on devices exist, e.g. by the Bosch group.

As mentioned in the whitepaper it is as well recommended that IoT devices implement a secure boot mechanism that prevents persistent compromise of IoT devices and helps to protect from potential misuse of secret key material.