OWASP TASC Framework Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

TASC Framework Project
Things Authentication and Secure Communications (for Resource Constrained Systems)

Makers, professionally or as hobbyists, are creating "Internet of Things" (IoT) devices using low power systems such as Arduino. Security is often an afterthought or not considered at all. This project will make it easy to secure communications between devices.

This project will put a communications protocol and medium agnostic encryption and authentication layer onto resource constrained devices such as the Arduino.

The use of this framework will require no specialist security knowledge.

Description
The TASC Framework (Things Authentication and Secure Communications) provides a lightweight abstracted security framework and supporting libraries to provide authentication and secure communications on resource constrained systems. For example developers creating "Internet of Things" (IoT) devices using low power systems such as Arduino who are not security experts.

Licensing
The libraries and source code / examples associated with this project are licenced under Apache 2.0 Licence in order to encourage the broadest possible use in embedded systems where dynamic linking may not be practical.

The documentation and guidelines are licenced under Creative Commons Attribution ShareAlike 3.0 Licence.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is OWASP TASC Framework Project?
Low powered devices such as those found in IoT developments will often be placed on people's home networks or within range of other's wireless communications devices. This leaves them vulnerable to compromises - particularly with regards to integrity and confidentiality.

The OWASP TASC Framework looks to address these issues in a way that makes no assumptions about the mechanism of the transmission of the data or commands - whether it be visible light, infra-red, 433MHz, 1-wire, serial, I2C, Bluetooth, WiFi etc. This is done by providing the capability to secure the payload and allowing the device developer the freedom to choose the communication medium.

Using an AES library such as: http://forum.arduino.cc/index.php?topic=88890.0 symmetric key encryption of the message payloads to ensure the authentication, integrity, and confidentiality of messages.

The framework consists of a coordinator, a key manager, and one or more pairing mechanisms.

Presentation
Not yet...but watch this space...

Project Leader

 * Andy Boura

Related Projects
Please let us know of any relevant related projects.

Openhub

 * OWASP Project Openhub


 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download
Nothing yet but we should have some deliverables ready soon.

News and Events

 * [23 July 2015] First version of the project wiki page up!

Classifications

 * }

=FAQs=

How can I participate in your project?
All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key. Please see the getting involved tab.

If I am not a programmer can I participate in your project?
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. See the getting involved tab for some of the ways you might be able to contribute.

What platforms are supported by the framework?
The framework itself is platform agnostic and can be readily ported to any platform. Initially the Arduino platform will be targeted as a reference implementation due to it's broad adoption, starting point for budding developers, and strong community.

= Acknowledgements =

Contributors
The OWASP Security Principles project is developed by a worldwide team of volunteers.

The first contributors to the project were:


 * Andy Boura
 * Pete Ikusz
 * Malcolm Boura
 * YOUR NAME BELONGS HERE

= Road Map and Getting Involved =

The key milestones are:

 * 1) Use cases
 * 2) Requirements
 * 3) API and data structures
 * 4) Documented lightweight security framework and API
 * 5) Reference implementation for Arduino platform
 * 6) Client libraries and ports to other platforms

The key deliverables are

 * 1) Formal documentation
 * 2) Arduino reference implementation and documentation
 * 3) Additional platform ports for both clients and servers

Here is an outline of the modules that will be specified in the documentation and delivered in the reference Arduino implementation: https://www.lucidchart.com/publicSegments/view/55c3535d-b0f0-4faf-88ea-14a00a005c31/image.png

Getting Involved
Involvement in the development and promotion of the OWASP TASC Framework Project is actively encouraged! You do not have to be a security expert in order to contribute.

Some of the ways you can help:
 * Core framework developer
 * Framework functional testing
 * Framework penetration testing
 * Helping alpha and beta testing the framework on different hardware:
 * Sharing example code
 * Creating "How to" articles and videos
 * Providing feedback
 * Project administration support.
 * Publicity and awareness / advocacy

=Minimum Viable Product= This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern. Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap. And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.

The Code Project Template must specify the minimum set of tabs a project should have, provide some an example layout on each tab, provide instructional text on how a project leader should modify the tab, and give some example text that illustrates how to create an actual project.

It would also be ideal if the sample text was translated into different languages.

=Project About=

This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager. Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project