From 278a4b4aa17f3d33eca39ae9ba08fca89db89446 Mon Sep 17 00:00:00 2001 From: d-beamon <110328067+d-beamon@users.noreply.github.com> Date: Wed, 8 Mar 2023 16:24:26 +0100 Subject: [PATCH 1/4] Update security-considerations.md I have suggested changes to make some of the terms more clear and consistent with the definitions on the Cloud subsite. I have also suggested that we extract the boards security considerations from the Applications and Tools, so that it has its own section. --- .../security-considerations.md | 36 +++++++++---------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md b/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md index 573daa1ec5..4d79767dae 100644 --- a/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md +++ b/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md @@ -121,26 +121,31 @@ If it is determined that a breach has occurred, system(s) or system component(s) PII data will only be stored as long as Arduino legitimately needs it and in accordance with Arduino’s Privacy Policy. -## Security Considerations for Specific Arduino Cloud Components +## Security Considerations for Specific Arduino Cloud applications and tools -### Arduino Cloud CLI - -The Arduino Cloud CLI provides a way for interacting with the Arduino IoT Cloud via the command line. The communication is carried out via an HTTPS connection and authentication is performed via API key credentials stored on the local machine. - -### Arduino Cloud Editor +### Arduino Web Editor -The Arduino Cloud Editor allows customers to create sketches they can subsequently deploy on boards. Each customer has a separate area where their sketches are stored so that no other customer has access to them. Sketches can be made publicly available to everyone, in which case access is granted by whomever possesses the link to access them. +The Arduino Web Editor allows customers to create sketches they can subsequently deploy on boards. Each customer has a separate area where their sketches are stored so that no other customer has access to them. Sketches can be made publicly available to everyone, in which case access is granted by whomever possesses the link to access them. -The Arduino Cloud Editor also provides a secret tab that can be used to securely store sensitive information needed by the device (e.g. Wi-Fi credentials, API credentials). Secrets in this tab are encrypted with the AES-256 algorithm to safely store them in the Cloud. -In order to communicate with the Arduino Cloud Editor, web browsers should be able to communicate over the internet to port 80, 443 and 8080 towards Arduino’s subdomains \*.arduino.cc. +The Arduino Web Editor also provides a secret tab that can be used to securely store sensitive information needed by the device (e.g. Wi-Fi credentials, API credentials). Secrets in this tab are encrypted with the AES-256 algorithm to safely store them in the Cloud. +In order to communicate with the Arduino Web Editor, web browsers should be able to communicate over the internet to port 80, 443 and 8080 towards Arduino’s subdomains \*.arduino.cc. ### Arduino IoT Cloud The Arduino IoT Cloud collects MQTT events through a data pipeline which is accessible only by the owner of the data and access authorization is enforced via our backend API. -### Arduino Boards Security +### Arduino Cloud CLI + +The Arduino Cloud CLI provides a way for interacting with the Arduino IoT Cloud via the command line. The communication is carried out via an HTTPS connection and authentication is performed via API key credentials stored on the local machine. + +### Arduino Create Agent + +The Arduino Create Agent fills the gap between your browser and your boards and allows users to deploy their sketches on their board using the Arduino Web Editor. The Arduino Create Agent runs a web server bound to localhost that receives requests from the Arduino Web Editor to operate on the boards. The security of such communication is ensured by cryptographic signature of the commands that are sent to the Arduino Create Agent. Whenever the Arduino Web Editor wants to send a command to the Arduino Create Agent, it cryptographically signs the command and appends the signature to the request sent to the agent. The agent verifies the signature and, if it is correct, accepts and executes the command. -#### Device Identity and Secure Communication +For usage with certain browsers, specifically with Safari on macOS, the Arduino Create Agent needs to run the web server using a TLS connection. A local Certificate Authority (CA) is generated and used to sign a certificate for the localhost domain. The private key of the CA is erased once the certificate for localhost is signed, while the public certificate of the CA is installed in the local system. The web server of the Arduino Create Agent will then run with a TLS connection. This is done to obey the mixed content specification implemented in Safari which is enforced also for resources loaded from localhost. +## Security Considerations for Arduino Boards + +### Device Identity and Secure Communication Devices onboarding and communication with the Arduino Cloud is ensured to protect the confidentiality of the data exchanged between Arduino devices and the Cloud. The following image shows the Device setup phase and the Device operation phase. @@ -164,13 +169,6 @@ The device establishes a mutual-TLS authenticated connection with the IoTCloud M * The device can establish the identity of the MQTT server it is attempting to connect to; To establish such secure connections, devices must be able to connect to *.arduino.cc on port 8884 and 8883. -#### Secrets Management +### Secrets Management In order to provide confidentiality and integrity of secrets stored within Arduino boards, a secure element chip is available on a selection of boards that provides hardware level encryption and tamperproofing protection. Integration with the Arduino Cloud leverages such a secure element to store the board certificate used to perform the mutual authentication with the MQTT server. Customers may also leverage the secure element chip to store sensitive information required by the board to operate based on the specific use cases. - - -### Arduino Create Agent - -The Arduino Create Agent fills the gap between your browser and your boards and allows users to deploy their sketches on their board using the Arduino Cloud Editor. The Arduino Create Agent runs a web server bound to localhost that receives requests from the Arduino Cloud Editor to operate on the boards. The security of such communication is ensured by cryptographic signature of the commands that are sent to the Arduino Create Agent. Whenever the Arduino Cloud Editor wants to send a command to the Arduino Create Agent, it cryptographically signs the command and appends the signature to the request sent to the agent. The agent verifies the signature and, if it is correct, accepts and executes the command. - -For usage with certain browsers, specifically with Safari on macOS, the Arduino Create Agent needs to run the web server using a TLS connection. A local Certificate Authority (CA) is generated and used to sign a certificate for the localhost domain. The private key of the CA is erased once the certificate for localhost is signed, while the public certificate of the CA is installed in the local system. The web server of the Arduino Create Agent will then run with a TLS connection. This is done to obey the mixed content specification implemented in Safari which is enforced also for resources loaded from localhost. \ No newline at end of file From fb7223125331455dadad88f0f9ab5504afd87431 Mon Sep 17 00:00:00 2001 From: Josefine Hansson <66409231+jhansson-ard@users.noreply.github.com> Date: Thu, 9 Mar 2023 09:12:18 +0100 Subject: [PATCH 2/4] Update content/arduino-cloud/02.features/00.security-considerations/security-considerations.md --- .../00.security-considerations/security-considerations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md b/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md index 4d79767dae..cab88fa4ad 100644 --- a/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md +++ b/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md @@ -121,7 +121,7 @@ If it is determined that a breach has occurred, system(s) or system component(s) PII data will only be stored as long as Arduino legitimately needs it and in accordance with Arduino’s Privacy Policy. -## Security Considerations for Specific Arduino Cloud applications and tools +## Arduino Cloud Applications and Tools ### Arduino Web Editor From 11ff68f97d779fe4a0d74a9d50714467fe090f9c Mon Sep 17 00:00:00 2001 From: Josefine Hansson <66409231+jhansson-ard@users.noreply.github.com> Date: Thu, 20 Apr 2023 08:59:36 +0200 Subject: [PATCH 3/4] Update content/arduino-cloud/02.features/00.security-considerations/security-considerations.md --- .../00.security-considerations/security-considerations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md b/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md index f93f70e8ec..34d10b01f9 100644 --- a/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md +++ b/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md @@ -127,7 +127,7 @@ PII data will only be stored as long as Arduino legitimately needs it and in acc The Arduino Web Editor allows customers to create sketches they can subsequently deploy on boards. Each customer has a separate area where their sketches are stored so that no other customer has access to them. Sketches can be made publicly available to everyone, in which case access is granted by whomever possesses the link to access them. -The Arduino Web Editor also provides a secret tab that can be used to securely store sensitive information needed by the device (e.g. Wi-Fi credentials, API credentials). Secrets in this tab are encrypted with the AES-256 algorithm to safely store them in the Cloud. +The Arduino Web Editor also provides a secret tab that can be used to securely store sensitive information needed by the device (e.g. Wi-Fi® credentials, API credentials). Secrets in this tab are encrypted with the AES-256 algorithm to safely store them in the Cloud. In order to communicate with the Arduino Web Editor, web browsers should be able to communicate over the internet to port 80, 443 and 8080 towards Arduino’s subdomains \*.arduino.cc. ### Arduino IoT Cloud From 9f1eb6b344b9fe7ccbbb787fb03236389f934d2a Mon Sep 17 00:00:00 2001 From: Josefine Hansson <66409231+jhansson-ard@users.noreply.github.com> Date: Thu, 20 Apr 2023 09:01:04 +0200 Subject: [PATCH 4/4] Update content/arduino-cloud/02.features/00.security-considerations/security-considerations.md --- .../00.security-considerations/security-considerations.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md b/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md index 34d10b01f9..958b4ea1cd 100644 --- a/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md +++ b/content/arduino-cloud/02.features/00.security-considerations/security-considerations.md @@ -143,6 +143,7 @@ The Arduino Cloud CLI provides a way for interacting with the Arduino IoT Cloud The Arduino Create Agent fills the gap between your browser and your boards and allows users to deploy their sketches on their board using the Arduino Web Editor. The Arduino Create Agent runs a web server bound to localhost that receives requests from the Arduino Web Editor to operate on the boards. The security of such communication is ensured by cryptographic signature of the commands that are sent to the Arduino Create Agent. Whenever the Arduino Web Editor wants to send a command to the Arduino Create Agent, it cryptographically signs the command and appends the signature to the request sent to the agent. The agent verifies the signature and, if it is correct, accepts and executes the command. For usage with certain browsers, specifically with Safari on macOS, the Arduino Create Agent needs to run the web server using a TLS connection. A local Certificate Authority (CA) is generated and used to sign a certificate for the localhost domain. The private key of the CA is erased once the certificate for localhost is signed, while the public certificate of the CA is installed in the local system. The web server of the Arduino Create Agent will then run with a TLS connection. This is done to obey the mixed content specification implemented in Safari which is enforced also for resources loaded from localhost. + ## Security Considerations for Arduino Boards ### Device Identity and Secure Communication