Proposal scope
The data security for eve software module will be driven through configuration published to the EVE software from the controller, through REST APIs. The scope of this document is to define the security policy details, which will be exchanged between the controller module and Eve software. This configuration will be user-driven through UI module for the controller.
Data Security on Eve Software
The data security for the Eve Module, can be of the following types,
- Data in transit
- Data at rest
Data in transit security, is applicable for controller and Eve Module data exchange. The data in transit security for Application instance data traffic will be prerogative of the application software and, is out of scope for the current proposal.
Currently, TLS 1.2 is used for data in transit security, for configuration/status/information exchange between the controller and Eve Module. Additionally, sensitive configuration information, viz. data store credentials, will be secured between the controller and the end-user of the information, inside Eve software (downloader), by using the device cert/key pair.
Data at rest security is applicable for the Application Instance mutable business sensitive data and storage for Eve Module sensitive configuration information.
Application instance mutable business sensitive data will be stored in a reserved partition/directory and the security policy configuration will be applied on it.
The sensitive configuration for Eve Module, will be stored in encrypted form (cypher text), till it is ready for use by the end user. viz., data store access credentials.
Security policy Details
Data security policy, will consist of the following,
- Data in transit security policy
- Data at rest security policy
Data in transit policy
Currently, the data in transit is secured through TLS 1.2 framework, between the controller software and Eve module.
The data in transit security policy, will be applicable for the sensitive configuration data in transit between the controller software and the end user (downloader) inside Eve module.
Data at Rest Policy
The data at rest security policy will be applicable to application business sensitive data, covering the following aspects,
- policy activation flag
- encryption algorithm
- data handling policy
- offline activation policy
- key rotation policy
- key Information
Encryption Algorithm
This specifies, the encryption algorithm to be used for data at rest security. [Ref. 1].
- NONE
- AES256
- ADIANTUM
Data handling policy
This specifies the sensitive data handling across encryption algorithm change or, security breach detection.
- RETAIN
- DESTROY
- DESTROY_ON_SECURITY_BREACH
RETAIN: The application business sensitive data will be retained on encryption algorithm/policy activation flag change.
DESTROY: The application business sensitive data will be destroyed on encryption algorithm/policy activation flag change.
DESTROY_ON_SECURITY_BREACH: can be initiated by the user, on compromised device detection or, by
some user defined policy in the controller module.
Off-line Security Policy
When is the Eve software is not able to contact the controller module, it will keep operating, using the last configuration received.On power cycle, if the device is not able to connect to the controller, the following options are available for the user. And it may require physical access to the device and/or user intervention.
- USBKEY
- KEYBOARD
The user has to ensure that, proper configuration is stored in the USBKEY or, inputs them through to KEYBOARD for the Eve software.
Key rotation policy
This will define the key rotation activation. The key rotation poilcy will be in controller module and will not be intimated to Eve software.
Keys
This consists of set of Keys information( max. 2). For a key rotation scheme, a maximum of two keys will be intimated to the Eve software. The controller module will store and publish, the last key it has published to the Eve module along with the most current key, to the Eve module. This will cover the cases for the Eve module not able to communicate with the controller module.
Implementation
A new API (EdgeDevPolicy) will be used for handling security policy configuration. The security policystatus/information detail will be added to device status message APIs.
On Eve software, the security policy configuration will be handled by vault manager. [Ref. 1].
Vault manager will poll for security policy configuration. Vault manager will not store the security key configuration in permanent storage/disk at any time.