Background
Terminals are a compination of hardware and software. Terminal's main responsibility is to - collect data (with it's sensors) - process and transmit collected data to data server over the Internet.
The terminal has Internet access either via WLAN or GPRS. Terminal are running embedded Linux.
Things to consider, security perspective
- Transmission of collected data over the air to data server.
- Remote software updates over the air (is controlled by the data server),
- Local software updates
- Identification and authentication of terminal and server
- What else should be considered in this type of system?
My question is divided in 3 parts.
- Firstly, what kind of issues should be thought about when thinking about security with this kind of system.
- Secondly, what ciphers, key exchange mechanism and security techniques could be applied in different parts of the answer of the first question.
- And lastly, is there any good books/resources available covering this matter. Specifically targeting this type of application area or similar with practical advice on solutions.
I know my questions are little bit out there. I'm familiar with different ciphers (symmetric and asymmetric), but have found particularly difficult to find any pratical guidance in implementing security in real world systems. I hope this questions hits some traffic. I'm sure there are many of us out there facing similar challenges.
I can provide more details, just point me out where more information is required.