Skip to content

Risk Factor [COM] proposal to a new classification

Vertical Standard Comment

Please complete the below fields. Further instructions can be found in the repositories README.md Do not forget to add a Label, using the sidebar on the right.

Standard Version (see README.md for info):

Line Number:

Clause/Subclause:

Paragraph/Figure/Table:

Comment:

These COM chapter can't be exclusive.

[COM] Complexity of network interface implementation

  • [COM-L-0] Minimal features to send/recv packets
  • [COM-L-1] Some simple performance features
  • [COM-L-2] Encryption features on device
  • [COM-L-3] Entire RTOS managing radio, PXE boot, remote management, or similar

Example : a Bluetooth USB dongle. It supports L-2 to encrypt Bluetooth packet using AES-128 and have a RTOS inside to manage the lower part of the Bluetooth stack so it support L-3 as well.

L-1 is not clear, what kind of performance feature this is related to ? Throughput ? Power consumption ? Radio performance ? I don't see how the performance could play a role on cybersecurity.

Proposed Changes:

  • [COM-L-0] Minimal feature to send/receive analog signals, typically used in Software Defined (Radio) products. e.g. IRDA, FM tranceivers, CAN bus transceivers, GMSL video tranceivers, 4-20 mA tranceiver.
  • [COM-L-1] Minimal features to send/recv packets without any firmware involved or a micro-firmware for signal processing and analog control only (RF control, power amplifier control, Low Noise amplifier control, error correction decoder...) e.g. ISM radio transceiver, Ethernet PHY.
  • [COM-L-2] More advanced features supporting access control layer and/or network stack implemented by a firmware or HW. e.g. Wifi transceiver, PLC modem,
  • [COM-L-3] Network interface with network service implemented by a firmware e.g. embedded web server, device management client/server (LWM2M, SNMP...), Bluetooth GATT/ATT profile, e.g. Cellular modem module, Wifi Network coprocessor,

==> Case L-3 will require mandatory security layers, case L-2 can support security layer or it could be implemented in the host. So the proposal is to add another chapter regarding the security, especially the security storage which will enable a lot of risk on the network interface.

[SEC-L-0] No security assets stored and used in the network interface. The security layers may be supported in upper layer on top of the network interface.

[SEC-L-1] Security assets are used by the network interface but dynamically provided through the API. e.g. Wifi WPA session keys, MACSec keys in MACSec PHY.

[SEC-L-2] Security assets are used and stored in the network interface. e.g. Cellular modem, Matter certificate chain in Matter controller, LoRAWAN keys, Wifi password in a Wifi Network controler...

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information