top of page

Data Protection and Privacy

Data protection encompasses the practices, policies, and technologies designed to safeguard data from unauthorized access, corruption, or theft. It ensures the integrity, confidentiality, and availability of data, mitigating the risk of misuse or exposure. Techniques such as encryption, access controls, and secure storage are employed to protect sensitive information from breaches and cyberattacks.

Privacy relates to an individual's right to control how their personal information is collected, used, shared, and stored. It emphasizes the lawful and transparent handling of personal data, ensuring individuals are informed about and can consent to how their data is processed. Privacy regulations, such as GDPR and CCPA, establish standards for how organizations must handle personal data to protect individuals' rights.

Data Protection

Overview and key principles of data protection for learning and understanding.

Tools and Technologies

Identify tools, technologies, and resources that can be effectively integrated into your product.

Education and Awareness

Discover resources to enhance your knowledge of data protection.

Compliance and Standards

Explore resources to understand compliance and standards in data protection.

Understanding Data Protection and Privacy

Data is one of the most important asset in your device, to achieve the security goals you have to implement security measures to ensure that both Data at Rest and Data in Transit are secured.

Before diving into technical implementations, define your security goals for data, which are:

  • Confidentiality: Ensure data is accessible only to authorized parties.

  • Integrity: Protect data from being altered or tampered with.

  • Authentication: Verify the identities of communicating entities.

  • Authorization: Ensure that entities have permissions to perform actions.

  • Non-repudiation: Prevent entities from denying their actions.

The CRA demands to secure sensitive data, that includes:

  • Personal Data

  • Sensitive security parameter. Like: keys, signatures and credentials

What is personal data?

CRA demands that personal data will be treated according to the GDPR guidelines. Personal data refers to any information that relates to an identified or identifiable natural person, known as a data subject. An identifiable natural person is someone who can be identified, directly or
indirectly, by reference to an identifier.

Examples of personal data:

  1. Identifiers: such as a name, identification number, location data, or an online identifier (e.g., IP address, cookies).

  2. Physical characteristics: including photographs, biometric data like fingerprints or facial recognition features.

  3. Economic and financial data: salary details, bank account numbers, or transaction histories.

  4. Health data: including medical records or information about an individual's physical or mental health.

  5. Cultural or social identities: race, ethnicity, religion, political opinions, or sexual orientation.

It also includes special categories of personal data, which receive additional protections, such as data concerning health, genetic information, and religious beliefs. This regulation mandates specific handling, processing, and security requirements for entities managing such data.

 

Examples of personal data that might exist in IoT devices

Device
Personal Data
Smart Camera
Video footage, facial recognition data, location (where the camera is installed), and audio recordings.
Smart Locks
Access logs, user PIN codes, or biometric data such as fingerprints used for unlocking the device.
Voice Assistants (e.g., Alexa, Google Home)
Voice recordings, search queries, and user preferences or routines based on interactions.
Fitness Trackers
Health-related data such as heart rate, physical activity levels, sleep patterns, and location data (via GPS).
Smartwatches
Health data, messages, call logs, contact lists, location data, and biometric data (like pulse or blood oxygen levels).
Medical Monitoring Devices
Data from devices like insulin pumps, heart rate monitors, and sleep apnea machines might include real-time health information, medication records, and data related to physical conditions.
Important need-to-know

  • Minimization of data – process only data, personal or other, that are adequate, relevant and limited to what is necessary in relation to the intended purpose of a PDE;

  • Data portability – users must be provided with the option to securely and easily remove all data and settings and, where such data can be transferred to other products or systems in a secure manner.

Compliance and Standards

Compliance and standards for data protection and privacy are vital in ensuring that organizations adhere to regulations that safeguard personal and sensitive information.

Key Standards for Data Protection and Privacy

  1. GDPR (General Data Protection Regulation): The GDPR enforces strict rules on the processing, storage, and transfer of personal data within the EU, requiring organizations to implement measures like encryption and access controls to protect individual privacy.

  2. CPPA (California Consumer Privacy Act): The CCPA grants California residents the right to know how their personal data is collected and shared, giving them control over data access, deletion, and the ability to opt out of data sales.

  3. ISO/IEC 27001: This international standard for information security management systems (ISMS) includes a focus on protecting data through risk management and secure handling processes, though it does not specifically address privacy regulations.

  4. ISO/IEC 27701: Built on ISO/IEC 27001, this standard is dedicated to privacy information management, providing guidelines for handling personal data in compliance with global privacy laws like GDPR.

  5. ISO 27018: This international standard that provides guidelines for protecting personally identifiable information (PII) in public cloud computing environments. It establishes best practices for cloud service providers to ensure data privacy, security, and regulatory compliance, particularly in alignment with ISO/IEC 27001.

  6. NIST (National Institute of Standards and Technology): NIST provides guidelines for safeguarding data through risk management frameworks and privacy controls, such as in the NIST Privacy Framework and NIST 800-53, which emphasize protecting personally identifiable information (PII).

  7. ENISA (European Union Agency for Cybersecurity): ENISA develops cybersecurity strategies and guidelines, including for data protection, supporting GDPR compliance by offering best practices for securing personal data in digital systems.

  8. CRA (Cyber Resilience Act): The CRA requires IoT device manufacturers to embed data protection measures throughout the product lifecycle, addressing vulnerabilities that could lead to unauthorized data access or breaches, aligning with GDPR principles on privacy.

Impact of the CRA on Data Protection and Privacy

The Cyber Resilience Act (CRA) emphasizes data protection as essential to safeguarding personal information and ensuring trust in digital products. It mandates manufacturers to implement security measures that protect against data breaches and cyberattacks, reducing risks like ransomware and identity theft. Protecting data is also critical for the resilience of critical infrastructure, where breaches could have severe consequences. The CRA aligns with GDPR and imposes legal obligations on manufacturers to secure data, with penalties for non-compliance.

Education and Awareness

GDPR demands that organizations will educate employees on Data Protection and Privacy principles. The goal is to ensure employees understand their responsibilities regarding data protection and privacy under the GDPR. It includes all employees that deal with data from developers to analysts sales team, etc. The CRA is aligned with GDPR. Here is an outline for Data Protection and Privacy training, following by list of available online courses.

Outline for GDPR Training

  1. Introduction to GDPR

    • Overview of GDPR: Explain the purpose and importance of GDPR in the context of data protection and privacy.

    • Key Definitions: Clarify key terms such as personal data, data processing, data subject, and data controller.

  2. Principles of GDPR

    • Lawfulness, Fairness, and Transparency: Discuss how personal data must be processed lawfully and transparently.

    • Purpose Limitation: Explain the need for collecting data for specific, legitimate purposes.

    • Data Minimization: Emphasize the importance of limiting data collection to what is necessary.

    • Accuracy: Highlight the need for accurate data and the obligation to keep it up to date.

    • Storage Limitation: Discuss retention policies and the requirement to delete data when it is no longer needed.

    • Integrity and Confidentiality: Explain the security measures that must be in place to protect personal data.

  3. Rights of Data Subjects

    • Right to Access: Explain how individuals can request access to their personal data.

    • Right to Rectification: Discuss how individuals can request corrections to their data.

    • Right to Erasure (Right to be Forgotten): Clarify under what circumstances data can be deleted.

    • Right to Restrict Processing: Discuss when individuals can request restrictions on data processing.

    • Right to Data Portability: Explain the ability of individuals to obtain and reuse their data.

    • Right to Object: Discuss the right to object to data processing for specific purposes.

  4. Roles and Responsibilities

    • Data Controllers and Processors: Define the roles within the organization and their responsibilities under GDPR.

    • Data Protection Officer (DPO): Outline the DPO's role and how employees can interact with them for GDPR-related queries.

  5. Data Breach Management

    • Understanding Data Breaches: Define what constitutes a data breach and its implications.

    • Reporting Procedures: Outline the internal process for reporting data breaches.

    • Response Plan: Explain the steps the organization will take in the event of a data breach, including notifying authorities and affected individuals.

  6. Data Protection by Design and by Default

    • Implementing Privacy Measures: Discuss the concept of incorporating data protection into the development process of new technologies and services.

    • Default Settings: Explain how default settings should prioritize user privacy.

  7. Training and Awareness

    • Ongoing Training Programs: Emphasize the importance of continuous learning and staying informed about GDPR compliance.

    • Resources and Support: Provide resources (e.g., links to GDPR materials, internal documents) for further learning.

  8. Case Studies and Scenarios

    • Real-life Examples: Present case studies of GDPR violations and their consequences.

    • Interactive Scenarios: Engage employees with hypothetical situations to discuss how they would respond in line with GDPR principles.

 

Resources:

Online Courses and Resources

  1. Cybersecurity Essentials (Linux Foundation): This course covers foundational cybersecurity concepts, including protecting data during online activities and recognizing cyber threats. It's suited for individuals working with Linux systems and IoT devices. Linux Foundation - Cybersecurity Essentials

  2. Linux Security Fundamentals (Coursera): This course emphasizes Linux-specific security measures, including file system security, intrusion detection, and vulnerability management, all essential for maintaining data protection in IoT environments.
    Coursera - Linux Security Fundamentals

  3. Practical IoT Security and Penetration Testing for Beginners (Udemy): This beginner-friendly course teaches security fundamentals for IoT devices, including firmware analysis, backdoor detection, and vulnerabilities like Modbus exploits.
    Udemy - Practical IoT Security

  4. Linux Security & Hardening, The Practical Security Guide (Udemy): Focuses on hardening Linux systems, an essential skill for protecting IoT devices and data against attacks. It covers security audits, configurations, and compliance with industry standards.
    Udemy - Linux Security & Hardening

  5. IoT Security Certified Expert (IoTAC): A certification-based course that explores advanced topics in IoT security, including encryption, secure communication, and device hardening, specifically for IoT developers.
    IoTAC - IoT Security Certified Expert

Tools and Technologies

To implement Data protection and privacy capabilities for Linux-based software, you can use various tools and technologies that you can integrate into your product. Most of the tools and technologies offer ways to implement cryptography and encryption. It is highly recommended to use both software components and hardware components to achieve the best security. However, even when you cannot implement HW-based cryptography, you can still enhance your product with software only technologies.

How to ensure data is always secure?

Data must be secured when it resides on the device (Data at rest) and when it is transmitted via communication channels (Data in transit).

Data at Rest: Encrypt personal data stored on the device using strong encryption standards (e.g., AES-256). This ensures that even if an attacker gains physical access to the device, they cannot easily extract sensitive data without decryption keys.

Data in Transit: Use Transport Layer Security (TLS) or equivalent protocols to encrypt data transmitted between the device and any external systems (e.g., cloud services or mobile apps). This protects data from being intercepted during communication.

Data at Rest

Use a Hardware Security Module (HSM)

  • What It Does: An HSM is a dedicated hardware device designed to securely generate, store, and manage cryptographic keys. It provides tamper resistance and strictly controls access to sensitive keys.

  • Benefits:

    • Strong physical security.

    • Protection against unauthorized access, even by privileged users.

    • Cryptographic operations (encryption/decryption) can be performed inside the HSM, so the keys never leave the secure environment.

  • When to Use: For high-assurance environments or systems where encryption keys and security parameters must be protected from even privileged insiders. Consider implement it for big OT systems.

Use a Trusted Platform Module (TPM)

  • What It Does: A TPM is a specialized chip on a device that provides hardware-based security functions, such as storing cryptographic keys, securing boot processes, and ensuring platform integrity.

  • Benefits:

    • Protection of cryptographic keys from tampering or theft.

    • Secure storage of sensitive parameters within hardware.

    • Provides measured boot and ensures that only trusted software is loaded.

  • When to Use: In environments where you want to protect cryptographic keys on devices like embedded IoT devices.

Use Secure Key Storage in Modern CPUs (ARM TrustZone, Intel SGX)

  • What It Does: Many modern processors offer secure enclave or trusted execution environments (TEE) like ARM TrustZone or Intel SGX. These create isolated execution environments that securely manage sensitive data and keys.

  • Benefits:

    • Provides hardware-level isolation.

    • Sensitive parameters are only accessible to code running inside the enclave.

    • Even if the main operating system is compromised, the keys remain protected.

  • When to Use: Ideal for protecting sensitive parameters in embedded devices or edge devices where HSMs are not feasible, such as IoT or mobile environments.

Use Encrypted Storage (Disk/File-Level Encryption)

  • What It Does: Encrypting storage ensures that even if an attacker gains physical access to the storage device (hard drive, SSD, etc.), they cannot read the contents without the correct decryption key.

  • Solutions:

    • LUKS (Linux Unified Key Setup) for disk encryption on Linux systems. LUKS provides full disk encryption to secure data at rest on Linux-based systems.LUKS Documentation

    • BitLocker on Windows systems.

    • Apple FileVault on macOS systems.

  • Implementation:

    • Use strong encryption algorithms like .AES-256

    • Ensure that the encryption keys are securely managed and not hardcoded into the software.

  • When to Use: For general-purpose systems or devices where all data on disk must be protected, and full-disk encryption is practical

Use File Encryption for Configuration Files

  • What It Does: Sensitive parameters, such as API keys or passwords in configuration files, can be encrypted and only decrypted when needed by the application.

  • Implementation:

    • Use OpenSSL or GPG for encrypting configuration files with a strong symmetric key algorithm (e.g., AES-256).

    • Ensure the key is stored securely (e.g., in a TPM, HSM, or secure vault).

    • Encryption tools:

      • eCryptfs: A cryptographic filesystem that encrypts files at the directory level. ​eCryptfs Project

      • dm-crypt: A kernel-level disk encryption tool used in combination with LUKS for securing data at rest. dm-crypt Documentation

  • Benefits:

    • Protects sensitive parameters from unauthorized file access.

    • Reduces the risk of key exposure.

  • When to Use: For applications that require sensitive parameters stored in plain-text configuration files, but where encrypting those files is feasible.

Secret Key Derivation (Password-Based Key Derivation)

  • What It Does: When storing sensitive data like passwords, avoid storing the raw value directly. Instead, store derived keys using secure algorithms like PBKDF2, bcrypt, or Argon2.

  • Benefits:

    • Protects against brute-force attacks.

    • Reduces the likelihood of hash cracking.

  • When to Use: For storing user passwords or other sensitive parameters that require authentication.

Secure Boot

  • What It Does: Secure Boot ensures that a device only runs trusted and verified code during the boot process, protecting the storage of sensitive parameters from being accessed by compromised firmware or OS-level malware.

  • Benefits:

    • Prevents unauthorized modifications to the system.

    • Ensures the integrity of sensitive data.

  • When to Use: In IoT devices, embedded systems, and any environment where secure boot mechanisms can prevent unauthorized access to sensitive parameters at boot time.

Secure Firmware Updates

  • What It Does: Secure Firmware updates ensure that a device only accept trusted firmware update in a secure channel, protecting the device from getting malicious firmware or unauthorized modified software.

  • Benefits:

    • Physical updates:

      • Authenticate and sign on firmwares that are being installed by removable device.

      • Validate the firmware on the device in OS level.

    • Over-the-Air (OTA) Updates:

      • Authenticate and encrypt firmware updates.

      • Validate the integrity and authenticity of updates before installation.

    • Rollback Protection:

      • Prevent reverting to older, potentially vulnerable firmware versions.

  • When to Use: In any process of updating the firmware, automatic updates by the application, or manual update by the user.

Key Implementation Guidelines:

  1. Encryption is Key: Always encrypt sensitive security parameters both at rest and in transit using strong cryptographic algorithms like AES-

    256 for encryption and TLS for network communication.

  2. Never Hardcode Secrets: Avoid hardcoding sensitive parameters (e.g., passwords, API keys) in the source code. Use secure vaults, environment variables, or secure enclave methods for secret injection. Use code scanners or binary scanners that can find secrets in your code.

  3. Enable Key Rotation and Expiry: Secrets and cryptographic keys should have limited lifespans and should be rotated periodically to minimize risks from key compromise. Enforce expiry for local passwords and rotate keys.

  4. Audit and Monitoring: Implement logging and auditing for any access to sensitive security parameters. Ensure that any anomalous access is flagged and investigated.

  5. Backup Security: Ensure that backups of sensitive security parameters are also encrypted, and access to those backups is tightly controlled.

  • By combining these approaches, you can securely store sensitive security parameters, ensuring they are protected from unauthorized access and exposure, while maintaining flexibility in how the secrets are managed and accessed across different en vironments.

Data in Transit

You need to implement measures to encrypt the data that the device carries out and to verify that all communication channels are encrypted. It is very common to manage IoT devices through Cloud Web portal or Mobile application. In this guide we will describe secure implementation to
communication channel between the device and the Cloud or Mobile application.

Protect Against Common Threats

  1. Man-in-the-Middle (MITM) Attacks

    • Use encrypted channel and certificate pinning to prevent unauthorized interception.

  2. Replay Attacks

    • Implement nonce values or timestamps to ensure each message is unique and cannot be reused maliciously.

  3. Denial of Service (DoS)

    • Incorporate rate limiting and anomaly detection to mitigate DoS attacks.

  4. Physical Security

    • Protect hardware interfaces to prevent physical tampering or unauthorized access.

Choose Secure Communication Protocols

TLS/DTLS for Encrypted Channels

  • TLS Use TLS 1.2 or above for secure HTTPS communication between devices and web portals.

    • mTLS (Mutual TLS): Implement mutual authentication by requiring both the server and device to validate certificates.

    • DTLS: For real-time communication over UDP (e.g., CoAP), use Datagram TLS (DTLS) to secure low-latency data transfers.

    • OpenSSL:
      A robust library for implementing encryption and secure communication protocols like SSL/TLS.
      OpenSSL Project

MQTTS for Lightweight Messaging

  • MQTTS: When using MQTT, secure the connection by implementing TLS, which becomes MQTTS (MQTT over TLS).

  • CoAP with DTLS: For constrained environments using the CoAP protocol, secure it using DTLS.

ASCON for Lightweight Encryption

ASCON is a family of lightweight authenticated encryption and hashing algorithms designed for resource-constrained environments, such as IoT devices. It was selected as the primary choice for lightweight cryptography by NIST due to its strong security properties and efficiency on low-power devices.

  • Use Case: Employ ASCON for encrypting payloads in low-power IoT devices where performance and memory are limited.

  • Advantages: Low memory footprint, fast encryption, energy efficiency, and security against modern threats.

  • Integration: Use ASCON to secure data at the application layer, even when using lower-layer protocols like MQTT, CoAP, or BLE.

  • Step-by-step guide to implement ASCON: ASCON - Lightweight encryption for IoT device - step by step guide

OpenSSH: OpenSSH provides encrypted channels for secure remote administration.
OpenSSH Official Site

WireGuard: A modern VPN solution offering secure, encrypted communication between IoT devices and networks.
WireGuard Project

Bluetooth Communication with Nearby Devices

It is common to use Bluetooth communication with IoT devices, Bluetooth

  1. BLE Secure Connections

    • Use Bluetooth Low Energy (BLE) in Secure Connections mode to implement Elliptic Curve Diffie-Hellman (ECDH) for secure key exchange during pairing.

  2. Authenticated Pairing

    • Pairing Methods: Use Passkey Entry, Numeric Comparison, or Out-of-Band (OOB) methods for strong authentication. Avoid Just Works pairing, which lacks authentication.

  3. BLE Encryption

    • AES-128: Ensure all Bluetooth communications are encrypted using BLE’s AES-128 encryption.

    • ASCON: For added security, use ASCON to further encrypt sensitive application-layer data over Bluetooth, protecting it from eavesdropping even if the BLE connection is compromised.

Implement Strong Authentication and Authorization

  1. Device Authentication

    • Unique Device Identity

      • Assign each device a unique identifier.

      • Use X.509 certificates for device authentication.

    • Certificate Management

      • Implement a Public Key Infrastructure (PKI) for issuing and managing device certificates.

      • Consider using certificate pinning on the device to prevent man-in-the-middle (MITM) attacks.

  2. User Authentication

    • Mobile/Web Portal

      • Implement robust authentication mechanisms (e.g., OAuth 2.0, JWT).

      • Use multi-factor authentication (MFA) for added security.

  3. Role-Based Access Control (RBAC)

    • Define roles and permissions to ensure that entities can only perform authorized actions.

Message Integrity

  • Use cryptographic hash functions (e.g., SHA-256) and digital signatures to ensure data integrity.

Secure Key Management

  1. Key Generation: Generate cryptographic keys using secure random number generators.

  2. Key Storage: Store keys in secure storage areas, such as secure enclaves or hardware-backed keystores.

  3. Key Rotation: Implement regular key rotation policies to minimize the impact of compromised keys.

  4. Key Revocation: Maintain a mechanism to revoke compromised or outdated keys, possibly using Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP).

bottom of page