Merge pull request #125271 from changeworld/patch-17

Fix typo

Author: Court72

articles/iot/iot-security-architecture.md

@@ -154,10 +154,10 @@ The following table shows example mitigations to these threats. The values in th
 
 | Component | Threat | Mitigation | Risk | Implementation |
 | --- | --- | --- | --- | --- |
-| Device |S |Assigning identity to the device and authenticating the device |Replacing device or part of the device with some other device. How do you know you're talking to the right device? |Authenticating the device, using Transport Layer Security (TLS) or IPSec. Infrastructure should support using preshared key (PSK) on those devices that can't handle full asymmetric cryptography. Use Microsoft Entra ID, [OAuth](https://www.rfc-editor.org/pdfrfc/rfc6755.txt.pdf). |
+| Device |S |Assigning identity to the device and authenticating the device |Replacing device or part of the device with some other device. How do you know you're talking to the right device? |Authenticating the device, using Transport Layer Security (TLS) or IPsec. Infrastructure should support using preshared key (PSK) on those devices that can't handle full asymmetric cryptography. Use Microsoft Entra ID, [OAuth](https://www.rfc-editor.org/pdfrfc/rfc6755.txt.pdf). |
 || TRID |Apply tamperproof mechanisms to the device, for example,  by making it hard to impossible to extract keys and other cryptographic material from the device. |The risk is if someone is tampering the device (physical interference). How are you sure that no one tampered with the device? |The most effective mitigation is a trusted platform module (TPM). A TPM stores keys but doesn't allow them to be read. However, the TPM itself can use the keys for cryptographic operations. Memory encryption of the device. Key management for the device. Signing the code. |
 || E |Having access control of the device. Authorization scheme. |If the device allows for individual actions to be performed based on commands from an outside source, or even compromised sensors, it allows the attack to perform operations not otherwise accessible. |Having authorization scheme for the device. |
-| Field Gateway |S |Authenticating the Field gateway to Cloud Gateway (such as cert based, PSK, or Claim based.) |If someone can spoof Field Gateway, then it can present itself as any device. |TLS RSA/PSK, IPSec, [RFC 4279](https://tools.ietf.org/html/rfc4279). All the same key storage and attestation concerns of devices in general – best case is use TPM. 6LowPAN extension for IPSec to support Wireless Sensor Networks (WSN). |
+| Field Gateway |S |Authenticating the Field gateway to Cloud Gateway (such as cert based, PSK, or Claim based.) |If someone can spoof Field Gateway, then it can present itself as any device. |TLS RSA/PSK, IPsec, [RFC 4279](https://tools.ietf.org/html/rfc4279). All the same key storage and attestation concerns of devices in general – best case is use TPM. 6LowPAN extension for IPsec to support Wireless Sensor Networks (WSN). |
 || TRID |Protect the Field Gateway against tampering (TPM) |Spoofing attacks that trick the cloud gateway thinking it's talking to field gateway could result in information disclosure and data tampering |Memory encryption, TPMs, authentication. |
 || E |Access control mechanism for Field Gateway | | |