Problem Statement
Currently, EVE does not have capabilities of data security at rest.
The current user driven, device management event flow at the high level, is as follows,
Policy layer Proposal
Proposal scope
We propose a define a framework wherein the controller can enforce the device policies on EVE. More specifically, the scope of this
The data security for EVE, will be driven through configuration published to the EVE from controller, using REST APIs. The scope of this document is to define the security policy details, which will be exchanged between controller and EVE. And, this configuration will be user-driven through UI module of the controller.
The proposed user driven, device management event flow, will be as follows.
Data Security on EVE Software
The data security for EVE, can be of the following types,
...
The sensitive configuration for EVE, will be stored in encrypted form (cypher text), till it is ready for use by the end user. viz., data store access credentials.
Security policy Details
Data security policy, will consist of the following,
- Data in transit security policy
- Data at rest security policy
Data in transit policy
Currently, the data in transit is secured through TLS 1.2 framework, between the controller and EVE.
The data in transit security policy, will be applicable for the sensitive configuration data in transit between the controller software and the end user (downloader) inside EVE.
Data at Rest Policy
The data at rest security policy will be applicable to application business sensitive data, covering the following aspects,
- policy activation flag
- encryption algorithm
- data handling policy
- offline activation policy
- key rotation policy
- key Information
Encryption Algorithm
This specifies, the encryption algorithm to be used for data at rest security. [Ref. 1].
- NONE
- AES256
- ADIANTUM
Data handling policy
This specifies the sensitive data handling across encryption algorithm change or, security breach detection.
...
some user defined policy in the controller module.
Off-line Security Policy
WhenEVE is not able to communicaate the controller, it will keep operating, using the last configuration received.On power cycle, if EVE is not able to connect to the controller, the following options are available for the user. And it may require physical access to the device and/or user intervention.
...
The user has to ensure that, proper configuration is stored in the Usb Stick or, inputs them through to Keyboard.
Key rotation policy
This will define the key rotation activation. The key rotation poilcy will be in controller and will not be intimated to EVE.
Keys
This consists of set of Keys information( max. 2). For a key rotation scheme, a maximum of two keys will be intimated to the EVE. Controller will store and publish, the last published key along with the most current key. This will cover cases, when EVE not able to communicate with controller.
Implementation
A new API (EdgeDevPolicy) will be used for handling security policy configuration. The security policystatus/information detail will be added to device status message APIs.
...
Vault manager will poll for security policy configuration. Vault manager will not store the security key configuration in permanent storage/disk at any time.