...
Currently, EVE does not have capabilities of data security at rest. This is being designed and implemented. While EVE provides capabilities or building blocks, it is up to the EVE Controller to stitch them together to achieve a security goal. For this EVE needs to define its interface towards EVE controller, and provision a way to define security policies from the Controller. This proposal defines such an interface.
Current Workflow in Provisioning EVE
The current user driven, device management event flow at the high level, is as follows,
...
Introducing a new stage in EVE provisioning: The Security Policy Enforcement
We propose a define a framework wherein the controller can enforce the device policies on EVE. More specifically, the scope of this document is to define the security policy details, which will be exchanged between controller and EVE. And, this configuration will be user-driven through UI module of the controller.
The proposed user driven, device management event flow, will be as follows.
Vault Manager to anchor handling of security policies
This module in EVE, will be responsible for periodic device policy fetch from controller and enforce themthem on the device. More more details, are spefcified in specified in [Ref.1].
Data Security on EVE Software
...
Currently, TLS 1.2 is used for data in transit security, for configuration/status/information exchange between the controller and EVE.
Additionally, sensitive object level configuration information, viz. data store credentials, will be secured end-to-end between the controller and the end-user of the information, downloader(inside EVE (downloader), by using the device cert/key pair.
...
The data at rest security policy will be applicable to application business sensitive data, covering the following aspects,
...
- encryption algorithm
- data handling policy
- offline activation policy
- key rotation policy
- key Information
...
- NONE
- AES256
- ADIANTUM
Data handling policy
This specifies Data handling policy will define, how the sensitive data handling across will be handled, when user changes encryption algorithm change or, security breach detection.
- RETAIN
- DESTROY
- DESTROY_ON_SECURITY_BREACH
RETAIN: The application business sensitive data will be retained on encryption algorithm /policy activation flag change.
DESTROY: The application business sensitive data will be destroyed on encryption algorithm /policy activation flag change.
DESTROY_ON_SECURITY_BREACH: can be initiated by the user, on compromised device detection or, by
some user defined policy in the controller module.
Off-line Security Policy
Data Recovery Policy
When an EVE node faces network outageWhenEVE is not able to communicaate the controller, it will keep operating, using the last configuration received.
On power cycle, if EVE is not able to connect to the controller, the following options are available for the user. And it recycle, followed by network outage, for an EVE node, the EVE node may require physical access to the device and/or user intervention,
wirh the following options.
- None
- USBKEY
- KEYBOARD
The user has to ensure that, proper configuration is stored in the Usb Stick or, inputs them through to Keyboard.
...
This consists of set of Keys information( max. 2). For a key rotation scheme, a maximum of two keys will be intimated to the EVE. Controller will store and publish, the last published key along with the most current key. This will cover cases, when EVE not able to communicate with controller.
Implementation
A new API (EdgeDevPolicy) will be used for handling security policy configuration. The security policystatus/information detail will be added to device status message APIs.
The security policy configuration will be handled by vault manager in EVE. [Ref. 1].
Vault manager will poll for security policy configuration. Vault manager will not store the security key configuration in permanent storage/disk at any time.