Octave provides end-to-end security that covers Octave edge devices, Octave's core infrastructure, and communications with external systems via Octave's Cloud REST APIs.
Key Security Features
Octave provides the following security features out of the box:
Zero-touch security provisioning:
- Factory-loaded secret keys (secure storage)
- SIM or integrated eSIM
- SIM and hardware mutual pairing
Secure boot and Secure firmware upgrade
Zero touch use of LWM2M + DTLS 1.2 Edge-to-Cloud protocol
Automated and Unlimited Key Rotations Over the air for Edge-to-Cloud Authentication
Cellular Network Authentication and Ciphering (3GPP Sim)
Private APN (cellular Access Point Name; Octave Devices do not have internet access)
Cloud-to-cloud Connectors Using Device Keys (Azure)
High level security diagram
Securing Octave Edge Devices
There are a number of steps required to prepare Octave edge devices for secure deployment. This includes securing the physical interfaces, root account, access to extended AT commands, and other aspects.
For Octave devices below version 3.4, we recommend you to follow the guidelines provided here
Octave 3.4 brings a number of key security feature enhancements:
- Signed firmware and Secure boot
- Device Access Control feature
Signed firmware and Secure boot
With a goal to always providing the best level of security without extra costs nor complex configurations on the customer side, Octave firmware 3.4.0 and above is fully signed, allowing the Octave Edge devices' Secure Boot to ensure the whole firmware stack is fully secure.
Octave devices which are shipped from the factory with version 3.4 and above will be secure by default, thus only accepting signed Octave firmware (3.4 and above).
Octave 3.4 signed firmware will install on non-secure hardware, although we strongly recommend customers to transition to 3.4 and enable the Secure Boot of their existing hardware which goes to production.
Device Access Control
With Device Access Control, you can control device SSH access via Octave's Resources and Blueprints.
Full documentation is here
Securing Cloud Access
Access to Octave is tightly controlled by Administrators who create and manage groups of users. These groups define what their members can access through a series of read/write settings which cover both the Octave Dashboard and Octave's Cloud REST APIs (discussed below).
For additional information see Managing User Groups and Permissions.
Octave's Cloud REST APIs allows you to programmatically invoke Octave's functionality. Octave provides API security by requiring each request header to include a master token and user name which are assigned to each user when the account is created.
You can find your master token and user name as described in Copying Your User Name and Master Token.
Updated 12 months ago