Connect with us

Hi, what are you looking for?

Cyber Security

ISO/IEC 27071

Information technology — Security techniques — Security guidelines for establishing trusted connections between device and service [Draft]

Introduction

The standard aims to provide trustworthy authentication between distributed devices (like sensors and other IoT devices) and cloud-based communications using Public Key Infrastructures and Hardware Security Modules.

Scope and objectives

In this standard, an architecture for trusted connections between devices and services is outlined, including recommendations for HSMs, establishing roots of trust, identity, authentication, and key attestation, and providing data integrity and authentication.

The content

A 30-page document.

The standard’s status

Currently, the standard is at the 4th Working Draft stage.

In 2023, it is scheduled for publication.

Commentary

The following scenario illustrates why mutual authentication is needed. Suppose your electric car keeps detailed technical information about the places it has been driven to, the way it has been driven, how much battery power it has, and so on. In exchange for a warranty extension, driving tips, or warning of issues requiring a service visit, you agree to share information with the vehicle manufacturer regularly through a 4G or 5G connection to a car monitoring app. What is the manufacturer’s method for determining that the data uploaded by your car is your car, not an altered or cloned version? How can the car monitor app ensure that it is being monitored by its manufacturer, not by some naughty hacker searching for your movements and habits for blackmail or kidnap, or by an insurance agent checking your driving record to conclude your risk profile?

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Compliance

ISO/IEC 27034:2011+ – Information technology – Security techniques – Application security (all published except part 4) Introduction Business and IT managers, developers and auditors,...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...