[Owasp_embedded_application_security] Owasp_embedded_application_security Digest, Vol 3, Issue 2

riever55756 at mypacks.net riever55756 at mypacks.net
Thu Oct 9 15:35:58 UTC 2014

Todays Topic

1. Project Details (Derrick Hyatt)

IPsec solves a security issue with embedded systems that are connected to the Internet. There are contingent liabilities based on compliance and new legislation and laws. As you know the Internet protocol has no data security built-in, both application and user data is sent in clear text. This enables a third party to inspect or even modify data from the embedded system as it traverses the Internet. Adding IPsec to an embedded system addresses these threats by using strong encryption, integrity, authentication and replay protection.

IPsec is designed for both IPv4 and IPv6 operation, and is optimized for deployment in embedded systems.
» Supports AH and ESP connections
» Supports Tunnel and Transport modes
» Works with IPv4 and IPv6
» Supports security association bundling (AH + ESP)
» Priority-based handling of IPsec connections
» NATT (NAT Traversal)
» DPD (Dead Peer Detection)
» Hardware crypto offload API	

Encryption Algorithms 
» 3DES
» Twofish	

Hash Algorithms 
» SHA1
» MD5

For additional information for the OWASP embedded application security:-
See: http://www.lsv.ens-cachan.fr/~steel/security_APIs_FAQ.html

-----Original Message-----
>From: owasp_embedded_application_security-request at lists.owasp.org
>Sent: Oct 9, 2014 5:00 AM
>To: owasp_embedded_application_security at lists.owasp.org
>Subject: Owasp_embedded_application_security Digest, Vol 3, Issue 1
>Send Owasp_embedded_application_security mailing list submissions to
>	owasp_embedded_application_security at lists.owasp.org
>To subscribe or unsubscribe via the World Wide Web, visit
>	https://lists.owasp.org/mailman/listinfo/owasp_embedded_application_security
>or, via email, send a message with subject or body 'help' to
>	owasp_embedded_application_security-request at lists.owasp.org
>You can reach the person managing the list at
>	owasp_embedded_application_security-owner at lists.owasp.org
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Owasp_embedded_application_security digest..."
>Today's Topics:
>   1.  Project details (Aaron Guzman)
>Message: 1
>Date: Wed, 8 Oct 2014 15:44:27 -0700
>From: Aaron Guzman <aaron.guzman at owasp.org>
>To: owasp_embedded_application_security at lists.owasp.org
>Subject: [Owasp_embedded_application_security]  Project details
>	<CAAAAxQ3Cx==6KT3WkWWfgA2ZeNBGFS0oRTSL=AMxQBVzEq3vOA at mail.gmail.com>
>Content-Type: text/plain; charset="utf-8"
>Hi Everyone,
>We should create something similar for the embedded security project as the
>document below
>It looks simple enough and we can probably use the doc as a skeleton and
>fill it in appropriately. As IoT becomes more relevant, more and more will
>look at OWASP for embedded security advice.
>https://www.owasp.org/index.php/OWASP_Mobile_Security_Project? is a good
>reference with the amount of details to include in the project. There are
>descriptions on tools, methodologys, vulnerable apps, etc. Im not sure if
>intentional vulnerable embedded images exist but that can be something to
>Aaron G
>Twitter: @scriptingxss
>Linkedin: http://lnkd.in/bds3MgN
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <http://lists.owasp.org/pipermail/owasp_embedded_application_security/attachments/20141008/d50d0609/attachment-0001.html>
>Owasp_embedded_application_security mailing list
>Owasp_embedded_application_security at lists.owasp.org
>End of Owasp_embedded_application_security Digest, Vol 3, Issue 1

More information about the Owasp_embedded_application_security mailing list