Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

edgesentry-audit

“Trust and verification for edge infrastructure.”

Why

In recent years, labor shortages have become a serious challenge in infrastructure operations. Labor-intensive industries such as construction are increasingly adopting IoT devices for remote inspections.

At the same time, if device spoofing, device takeover, or inspection data tampering occurs, trust in the entire system is fundamentally undermined. This makes continuous verification of both device authenticity and data integrity essential.

Vision and Principles

EdgeSentry-Audit is an early-stage learning project — we are building this to deepen our understanding of IoT security techniques hands-on. The license is commercially compatible (MIT/Apache 2.0), but the implementation is just getting started and is not yet production-ready. Following the governance model of successful “in-process” systems like DuckDB, we keep the core intellectual property open and vendor-neutral, so it can grow into a public good over time.

Our goal is to serve as the Common Trust Layer for vendors in public infrastructure, maritime (MPA), and smart buildings (BCA), helping them meet the highest regulatory standards — including Singapore’s CLS Level 3/4, iM8, and Japan’s Unified Government Standards.

We believe the infrastructure of trust should not be owned by a single private entity:

  • Open for All: A vendor-agnostic reference implementation that lowers the barrier for companies to achieve regulatory compliance.
  • Cross-Industry Learning: Engineers collaborate across corporate boundaries to master the complexities of global IoT security standards.
  • Sustainable Growth: The core remains a community-driven reference implementation; commercial services (advanced analytics, automated compliance reporting) are built on top of this stable foundation.

See the Roadmap for the phased compliance plan.

Initial Scope

For public-infrastructure IoT deployments, Singapore’s Cybersecurity Labelling Scheme (CLS) Level 3 and Level 4 introduce hardware-level security requirements. EdgeSentry-Audit is designed to support these requirements through hardware extensions — hardware security itself is implemented on the hardware side, with this library providing the software integration layer. The initial scope covers tamper prevention and tamper-evident audit records, with hardware-level extension points built in from the start.

How

Modeled after the “Simple, Portable, Fast” philosophy, EdgeSentry-Audit implements three pillars of trust in Rust, designed for high-performance embedding:

  1. Identity — Ed25519 digital signatures to guarantee the authenticity of both devices and data. Built with C/C++ FFI at its heart, allowing legacy industrial systems and robotics platforms to adopt secure identity without a full rewrite.

  2. Integrity — BLAKE3 hash chains to ensure data immutability. Provides a verifiable cryptographic record that can be validated locally or in the cloud, ensuring forensic readiness even in offline scenarios.

  3. Resilience — Store-and-forward offline buffering (OfflineBuffer with InMemoryBufferStore and SQLite via buffer-sqlite feature) is delivered in Phase 1, satisfying CLS-09. Intelligent data summarization for narrow-bandwidth environments (Phase 2 (planned)) will add priority queuing for limited links. See Roadmap.

edgesentry-audit is the crate name. The Rust library is imported as edgesentry_audit (underscores). It includes all audit record types, hashing, signature verification, chain verification, ingestion-time verification, deduplication, sequence validation, persistence workflow, and the CLI.

License

This project is licensed under either of:

At your option.