Industrial Internet Security Framework v 1.0 | Page 139

Security Framework Annex C: Security Capabilities and Techniques Tables Annex C SECURITY CAPABILITIES AND TECHNIQUES TABLES This annex lists some security techniques and processes, their mapping to important security objectives, and their high-level requirements. With the ever-changing attack landscape, new techniques and processes are devised every day. This list cannot be comprehensive. Cryptographic Technique Symmetric key cryptography MACs Symmetric encryption Example Objective Example Requirements Message Secure standardized and authentication; Securely generated, up-to-date MAC algorithm Message integrity distributed and maintained, shared Secure standardized and secret key up-to-date encryption Confidentiality algorithm Authorship; Digital signatures Integrity; Non-repudiation Asymmetric key cryptography Asymmetric encryption Confidentiality Shared secret establishment Forward secrecy Hash function Message/data integrity Random number generator Random key and other data Public-key infrastructure Standard-based securely generated, distributed and maintained, public and private keys; Standardized and up-to-date signature schemes Standardized and up-to-date asymmetric encryption algorithm Standardized and up-to-date shared secret establishment algorithm Standardized and up-to-date hashing algorithm Proper random seed Standardized and up-to-date random generator Table C-1: Cryptographic Techniques, their Objectives and Requirements Table C-1 identifies fundamental cryptographic building blocks in wide use in IT systems. For example, digital signatures are a type of asymmetric key cryptography designed to ensure authorship, integrity, and non-repudiation of data. Correct implementation of digital signatures, however, depends on existence of a public-key infrastructure (PKI), standard-based securely generated, distributed, and maintained key pairs, and standardized and up-to-date signature schemes. IIC:PUB:G4:V1.0:PB:20160926 - 139 -