Security

Introduction

The following chapter describes the authentication and authorization mechanisms that Bosch IoT Rollouts offers for IoT devices, services, and users. However, for secure software updates in the IoT context additional mechanisms have to be in place:

It is necessary to ensure that artifacts themselves are protected end-to-end, using digital signatures and encryption to safeguard their confidentiality, authenticity, and integrity during the update process. It is recommended to rely on an asymmetric key encryption scheme, if supported by the device. This functionality is not offered by Rollouts by design. Signatures have to be generated and signed by a trusted source as a result of the artifact release process. The responsibility of Rollouts as part of a secure update infrastructure, is to distribute artifacts securely. The end-to-end trust relationship has to be established between the device and the authority that published the artifacts.

We strongly advise not to distribute the encryption key with Rollouts as this would undermine the benefits of the encryption mechanism. Solutions for managing encryption keys on devices exist, e.g. by the Bosch group.

It is as well recommended for IoT devices to implement a secure boot mechanism that prevents persistent compromise of IoT devices and helps to protect from potential misuse of secret key material.