2.2 Test Firmware Data-in-Transit Security

2.2 – Test Firmware Data-in-Transit Security

Requirement Description

Verify that the firmware and applications on the DUT protect data in transit using transport layer security mechanisms, such as TLS/SSL, SSH, or other secure communication protocols, to prevent interception, tampering, or unauthorized access.

DUT Confirmation Details

  • OEM Statement: (Insert vendor confirmation of data-in-transit protection mechanisms enabled in the firmware and applications.)

  • Observed State: (Insert tester’s findings during validation.)

DUT Software Details

  • Firmware/Software Version: ___________________

  • Build Date: ___________________

  • Application Stack (if applicable): ___________________

Hash Checksum Verification for DUT’s Software Image

  • Algorithm Used: SHA-256 (or other approved hashing algorithm)

  • Expected Hash: ___________________

  • Calculated Hash: ___________________

  • Result: Pass / Fail

DUT Configuration

(Insert configurations related to secure communication settings, TLS versions supported, port numbers, key/certificate locations, etc.) Example:

show system ssl-status
openssl s_client -connect <ip>:<port>

Pre-Conditions

The vendor shall provide:

  1. Technical specifications and documentation for firmware and applications describing supported and enabled transport layer security mechanisms.

  2. Configuration details related to TLS versions, key/certificate deployment, and supported encryption algorithms.

  3. Declaration of secure protocols used (e.g., HTTPS, SFTP, TLSv1.2/1.3, SSH).

Test Plan

Total Number of Test Cases: 5

Planned Test Cases:

  1. BIS-2.2.1 – Verification of TLS/SSH support and configuration.

  2. BIS-2.2.2 – Verification of cipher suite strength and secure protocol versions.

  3. BIS-2.2.3 – Verification of certificate validity and key management.

  4. BIS-2.2.4 – Attempt to access services over insecure protocols (e.g., HTTP, Telnet).

  5. BIS-2.2.5 – Sniff and analyze traffic to confirm encryption of sensitive data in transit.

Test-bed Diagram with Interfaces and IPs

(Attach a network diagram showing DUT, testing machine, sniffing/proxy tools like Wireshark, MITM proxy, TLS test tools, and any remote interfaces used for connectivity validation.)

PreviousTest 1NextTEST 1-5

Last updated

Was this helpful?