ASSESSMENT OF ESP32 MICROCONTROLLER COMPLIANCE WITH INTERNATIONAL STANDARDS OF CYBER SECURITY FOR INTERNET OF THINGS
DOI:
https://doi.org/10.34185/1991-7848.itmm.2024.01.070Keywords:
Internet of Things, automation, cyber security, microcontroller, computer-integrated technologiesAbstract
The protection of the ESP32 microcontroller from cyber threats is studied by analyzing the compliance of the platform (microcontroller, OS, API, manufacturer support) with the requirements of international cybersecurity standards. In particular, the following topics are covered: means to manage reports of vulnerabilities, keeping software updated, securely storing sensitive security parameters, secure communication, and protecting personal data. Generally, it is concluded that the ESP32 microcontroller meets the cybersecurity standards of the Internet of Things. The only one exception that was found is the ESP32 manufacturer does not publish its vulnerability disclosure policy. Thus cybersecurity level of ESP32 platform should be considered as a quite high to produce a regular, household IoT system.
References
ETSI EN 303 645 V2.1.1 «Cyber Security for Consumer Internet of Things: Baseline Requirements». Sophia Antipolis, Fr: ETSI, 2020. 34p
NATIONAL VULNERABILITY DATABASE. [Електронний ресурс]/Сайт NIST, URL: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Ah%3Aespressif%3Aesp32%3A-%3A*%3A*%3A*%3A*%3A*%3A*%3A*
