Open Trust Protocol (OTrP) created

There’s a new IoT security-centric informational IETF Internet Draft out, called OTrP, Open Trust Protocol. Their spec is released as an informational IETF Internet Draft, the companies of the 5 authors are from: Symantec, Interce, Solacia, and ARM. One of the news sites mentions the full list of companies backing this protocol are: Intercede, Solacia, Symantec, Beanpod, Sequitur Labs, Sprint, Thundersoft, Trustkernel, Verimatrix and ARM. I can’t find any web site for this group.

“This document specifies the Open Trust Protocol (OTrP), a protocol to install, update, and delete applications and to manage security configuration in a Trusted Execution Environment (TEE).TEEs are used in environments where security services should be isolated from a regular operating system (often called rich OS). This form of compartmentlization grants a smaller codebase access to security sensitive services and restricts communication from the rich OS to those security services via mediated access. […]”

https://www.ietf.org/id/draft-pei-opentrustprotocol-01.txt
https://tools.ietf.org/html/draft-pei-opentrustprotocol-01
https://www.arm.com/about/newsroom/connected-devices-need-e-commerce-standard-security-say-cyber-security-experts.php

PS: A bit off-topic, but IETF- and IoT- related, found when looking for above URLs:
https://www.internetsociety.org/publications/ietf-journal-april-2016/internet-things-standards-and-guidance-ietf

OTA releases draft IoT Trust Framework spec

As found on Dark Reading, yesterday the IoT Working Group of the Online Trust Alliance (OTA) released a trust framework draft.

Internet of Things Lacks Safety Today, Opening Door to Major Threats Tomorrow, Warns OTA

BELLEVUE, Wash. – The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, today released its Internet of Things Trust Framework, the first global, multi-stakeholder effort to address IoT risks comprehensively. The framework presents guidelines for IoT manufacturers, developers and retailers to follow when designing, creating, adapting and marketing connected devices in two key categories: home automation and consumer health and fitness wearables. In the spirit of collaboration, OTA openly invites industry leaders to review the document and provide feedback. With members that include ADT, AVG Technologies, Microsoft, Symantec, Target, TRUSTe, Verisign and nearly 100 other subject matter experts, the OTA IoT Working Group was formed in January 2015. Through extensive research, this taskforce concluded that the safety and reliability of any IoT device, app or service depends equally on security and privacy, as well as a third, often overlooked component: sustainability.

IoT Trust Framework – Security, Privacy & Sustainability

The Internet of Things (IoT) moniker is being applied to 1000’s of devices, offering increased utility, functionality and other consumer and business benefits.  In the rapid race to bring products to market, many lack basic security protocols, privacy considerations and related safeguards.  Others have insecure processes and appear to be failing to consider fundamental privacy principles. While it is recognized there is no “perfect security” or “absolute privacy”, the lack of standards and controls increases the risk of exploits, data breaches and abusive data use policies to consumers and businesses worldwide.

https://otalliance.org/initiatives/internet-things
https://otalliance.org/news-events/press-releases/internet-things-lacks-safety-today-opening-door-major-threats-tomorrow

Click to access iot_trust_frameworkv1.pdf

http://www.darkreading.com/endpoint/iot-working-group-crafts-framework-for-security-privacy-/d/d-id/1321708