...
- encryption algorithm
- data handling policy
- data recovery policy
- key rotation policy
- key Information
Encryption Algorithm
This specifies, the encryption algorithm to be used for data at rest security. [Ref. 1].
- NONE
- AES256
- ADIANTUM
Data handling policy
Data handling policy will define, sensitive storage data handling, on encryption algorithm change,
...
some user defined policy in the controller module.
Data Recovery Policy
When an EVE node faces network outage, it will keep operating, using the last known policy configuration.
...
The user has to ensure that, proper configuration is stored in the USB Stick or inputs them through to Keyboard.
Key rotation policy
This will define the key rotation activation. The key rotation poilcy will be in the controller and will not be intimated to EVE.
Keys
This consists of set of Keys information( max. 2). For a key rotation scheme, a maximum of two keys will be intimated to the EVE node. Controller will store and publish, the last published key along with the most current key. This will cover cases, when the EVE node is not able to communicate with controller.
Data in transit policy (Mostly a placeholder for now, details added for brevity)
Currently, the data in transit is secured through TLS 1.2 framework, for configuration/ status/ information exchange between the controller and EVE. The data in transit security for Application instance data traffic will be prerogative of the application software and, is out of scope for the current proposal. The scope of data in transit security policy, will be applicable for the sensitive object level configuration data in transit between the controller software and the end user (downloader) inside EVE, viz., data store credentials. This will be done by using the device cert/key pair. The sensitive configuration for EVE, will be stored in encrypted form (cypher text), till it is ready for use by downloader.
...