Azure IoT Edge 的安全标准Security standards for Azure IoT Edge

Azure IoT Edge 可以解决将数据和分析结果转移到智能边缘所带来的风险。Azure IoT Edge addresses the risks that are inherent when moving your data and analytics to the intelligent edge. IoT Edge 安全标准可以平衡不同部署方案的灵活性,同时提供所有 Azure 服务预期会提供的保护。The IoT Edge security standards balance flexibility for different deployment scenarios with the protection that you expect from all Azure services.

IoT Edge 在不同的硬件品牌和型号上运行,支持多种操作系统,并且适用于各种部署方案。IoT Edge runs on various makes and models of hardware, supports several operating systems, and applies to diverse deployment scenarios. IoT Edge 并不是针对特定场景提供具体的解决方案,而是一个基于专为缩放设计的可靠原则的可扩展安全框架。Rather than offering concrete solutions for specific scenarios, IoT Edge is an extensible security framework based on well-grounded principles that are designed for scale. 部署方案的风险取决于许多因素,包括:The risk of a deployment scenario depends on many factors, including:

  • 解决方案所有权Solution ownership
  • 部署地域Deployment geography
  • 数据敏感性Data sensitivity
  • 隐私Privacy
  • 垂直应用程序Application vertical
  • 法规要求Regulatory requirements

本文提供 IoT Edge 安全框架的概述。This article provides an overview of the IoT Edge security framework. 有关详细信息,请参阅保护智能边缘For more information, see Securing the intelligent edge.

标准Standards

标准使审查和实施更简单,两者是安全性的标志。Standards promote ease of scrutiny and ease of implementation, both of which are hallmarks of security. 安全解决方案应有助于通过评估中的审查,从而建立信任,并且不应成为部署的障碍。A security solution should lend itself to scrutiny under evaluation to build trust and shouldn't be a hurdle to deployment. 确保 Azure IoT Edge 安全的框架设计源自经过时间考验和行业认可的安全协议,以便利用熟悉的功能并重复使用。The design of the framework to secure Azure IoT Edge is based on time-tested and industry proven security protocols for familiarity and reuse.

AuthenticationAuthentication

部署 IoT 解决方案时,你需要知道的是:只能让受信任的执行组件、设备和模块访问你的解决方案。When you deploy an IoT solution, you need to know that only trusted actors, devices, and modules have access to your solution. 基于证书的身份验证是 Azure IoT Edge 平台身份验证的主要机制。Certificate-based authentication is the primary mechanism for authentication for the Azure IoT Edge platform. 此机制源于 Internet 工程任务组 (IETF) 用于管理公钥基础结构 (PKiX) 的一套标准。This mechanism is derived from a set of standards governing Public Key Infrastructure (PKiX) by the Internet Engineering Task Force (IETF).

与 Azure IoT Edge 设备交互的所有设备、模块和执行组件都应具有唯一的证书标识。All devices, modules, and actors that interact with the Azure IoT Edge device should have unique certificate identities. 无论交互是物理交互还是通过网络连接,本指南都适用。This guidance applies whether the interactions are physical or through a network connection. 不是每个方案或组件都可适用于基于证书的身份验证,因为安全框架的扩展性提供了安全的备用方法。Not every scenario or component may lend itself to certificate-based authentication, so the extensibility of the security framework offers secure alternatives.

有关详细信息,请参阅 Azure IoT Edge 证书使用For more information, see Azure IoT Edge certificate usage.

授权Authorization

最低特权原则指出,系统的用户和组件应该只有权访问其执行角色所要访问的最少量资源和数据。The principle of least privilege says that users and components of a system should have access only to the minimum set of resources and data needed to perform their roles. 设备、模块和执行组件应该只能在架构方面允许时,访问其权限范围内的资源和数据。Devices, modules, and actors should access only the resources and data within their permission scope, and only when it is architecturally allowable. 一些权限可以使用足够的特权进行配置,而其他权限在体系结构上强制执行。Some permissions are configurable with sufficient privileges and others are architecturally enforced. 例如,某些模块在获得授权后可以连接到 Azure IoT 中心。For example, some modules may be authorized to connect to Azure IoT Hub. 但是,没有理由能说明为什么一个 IoT Edge 设备中的模块应访问另一个 IoT Edge 设备中的相同模块。However, there is no reason why a module in one IoT Edge device should access the twin of a module in another IoT Edge device.

其他授权方案包括证书签名权限和基于角色的访问控制 (RBAC)。Other authorization schemes include certificate signing rights and role-based access control (RBAC).

证明Attestation

证明可确保软件位元的完整性,这对于检测和防范恶意软件来说很重要。Attestation ensures the integrity of software bits, which is important for detecting and preventing malware. Azure IoT Edge 安全框架将证明分为以下三个主要类别:The Azure IoT Edge security framework classifies attestation under three main categories:

  • 静态证明Static attestation
  • 运行时证明Runtime attestation
  • 软件证明Software attestation

静态证明Static attestation

静态证明在启动时验证设备上所有软件的完整性,包括操作系统、所有运行时和配置信息。Static attestation verifies the integrity of all software on a device during power-up, including the operating system, all runtimes, and configuration information. 由于静态证明发生在启动期间,因此通常把它称为安全启动。Because static attestation occurs during power-up, it's often referred to as secure boot. IoT Edge 设备的安全框架扩展到制造商,并结合安全硬件的功能来确保静态证明过程。The security framework for IoT Edge devices extends to manufacturers and incorporates secure hardware capabilities that assure static attestation processes. 这些过程包括安全启动和安全固件升级。These processes include secure boot and secure firmware upgrade. 与芯片供应商的密切协作减少了多余的固件层,从而尽量减小受攻击面。Working in close collaboration with silicon vendors eliminates superfluous firmware layers, so minimizes the threat surface.

运行时证明Runtime attestation

一旦系统完成安全启动过程,设计良好的系统会检测恶意软件的注入企图,并采取适当的对策。Once a system has completed a secure boot process, well-designed systems should detect attempts to inject malware and take proper countermeasures. 恶意软件攻击可能利用系统的端口和接口。Malware attacks may target the system's ports and interfaces. 如果恶意行动者获取了设备的物理访问权限,他们可能会篡改设备本身,或者使用旁道攻击来获取访问权限。If malicious actors have physical access to a device, they may tamper with the device itself or use side-channel attacks to gain access. 此类恶意内容(不管是恶意软件还是未经授权的配置更改)不能通过静态证明机制进行检测,因为它是在完成启动过程之后注入的。Such malcontent, whether malware or unauthorized configuration changes, can't be detected by static attestation because it is injected after the boot process. 设备硬件提供或强制实施的对策有助于抵御这种威胁。Countermeasures offered or enforced by the device’s hardware help to ward off such threats. IoT Edge 的安全框架显式调用对抗运行时威胁的扩展。The security framework for IoT Edge explicitly calls for extensions that combat runtime threats.

软件证明Software attestation

包括智能边缘系统在内的所有健康系统需要修补程序和升级。All healthy systems, including intelligent edge systems, need patches and upgrades. 安全性对更新进程非常重要,否则这些进程就可能成为潜在的威胁载体。Security is important for update processes, otherwise they can be potential threat vectors. IoT Edge 的安全框架要求通过已测量且已签名的包进行更新,以确保包的完整性并对包的源进行身份验证。The security framework for IoT Edge calls for updates through measured and signed packages to assure the integrity of and authenticate the source of the packages. 此标准适用于所有操作系统和应用程序软件。This standard applies to all operating systems and application software bits.

硬件信任根Hardware root of trust

对于许多智能边缘设备(尤其是潜在恶意行动者可以进行物理访问的设备)来说,硬件安全措施是进行安全保护的最后一道防线。For many intelligent edge devices, especially devices that can be physically accessed by potential malicious actors, hardware security is the last defense for protection. 防篡改硬件对于这种部署而言至关重要。Tamper resistant hardware is crucial for such deployments. Azure IoT Edge 鼓励安全芯片硬件提供商协作,提供不同类型的硬件信任根,以适应各种风险状况和部署方案。Azure IoT Edge encourages secure silicon hardware vendors to offer different flavors of hardware root of trust to accommodate various risk profiles and deployment scenarios. 硬件信任可能来源于一般安全协议标准,例如受信任的平台模块 (ISO/IEC 11889) 和受信任的计算组的设备身份合成引擎 (DICE)。Hardware trust may come from common security protocol standards like Trusted Platform Module (ISO/IEC 11889) and Trusted Computing Group’s Device Identifier Composition Engine (DICE). TrustZones 和软件防护扩展 (SGX) 等安全飞地技术也提供硬件信任。Secure enclave technologies like TrustZones and Software Guard Extensions (SGX) also provide hardware trust.

认证Certification

为了帮助客户在采购用于其部署的 Azure IoT Edge 设备时作出明智的决定,IoT Edge 框架需包括认证要求。To help customers make informed decisions when procuring Azure IoT Edge devices for their deployment, the IoT Edge framework includes certification requirements. 这些要求的基础是关于安全声明的认证和关于安全实现的认证。Foundational to these requirements are certifications pertaining to security claims and certifications pertaining to validation of the security implementation. 例如,安全声明认证意味着 IoT Edge 设备使用可以抵御启动攻击的安全硬件。For example, a security claim certification means that the IoT Edge device uses secure hardware known to resist boot attacks. 验证认证意味着已正确实现安全硬件,可以在设备中实现此价值。A validation certification means that the secure hardware was properly implemented to offer this value in the device. 为了符合简单性原则,该框架会尽量减轻认证负担。In keeping with the principle of simplicity, the framework tries to keep the burden of certification minimal.

扩展性Extensibility

随着 IoT 技术推动不同类型的业务转型,安全性应当同步发展以应对新出现的方案。With IoT technology driving different types of business transformations, security should evolve in parallel to address emerging scenarios. Azure IoT Edge 安全框架有着坚实的基础,在此之上扩展到不同的维度,包括:The Azure IoT Edge security framework starts with a solid foundation on which it builds in extensibility into different dimensions to include:

  • 第一方安全服务,如 Azure IoT 中心的设备预配服务。First party security services like the Device Provisioning Service for Azure IoT Hub.
  • 第三方服务,如通过丰富的合作伙伴网络,针对不同垂直应用程序(如工业或医疗)或技术焦点(如网状网络或硅硬件证明服务中的安全监视)的托管安全服务。Third-party services like managed security services for different application verticals (like industrial or healthcare) or technology focus (like security monitoring in mesh networks, or silicon hardware attestation services) through a rich network of partners.
  • 旧系统,用于包括使用备用安全策略的更新,比如使用安全技术而不是证书进行身份验证和身份管理。Legacy systems to include retrofitting with alternate security strategies, like using secure technology other than certificates for authentication and identity management.
  • 安全硬件,用于吸收新的安全硬件技术以及芯片合作伙伴的贡献。Secure hardware for adoption of emerging secure hardware technologies and silicon partner contributions.

最后,若要保护智能边缘,开放社区中的成员必须在确保 IoT 安全这一共同利益的驱动下一起努力。In the end, securing the intelligent edge requires collaborative contributions from an open community driven by the common interest in securing IoT. 这些贡献可能采用的形式是安全的技术或服务。These contributions might be in the form of secure technologies or services. Azure IoT Edge 安全框架提供可最大范围扩展的坚实基础,在智能边缘中提供与 Azure 云中相同级别的信任和完整性。The Azure IoT Edge security framework offers a solid foundation for security that is extensible for the maximum coverage to offer the same level of trust and integrity in the intelligent edge as with Azure cloud.

后续步骤Next steps

阅读有关 Azure IoT Edge 正在保护智能边缘的详细信息。Read more about how Azure IoT Edge is Securing the intelligent edge.