Industrial Internet Security Framework v 1.0 | Page 68
Security Framework
8: Protecting Endpoints
in hardware, referred to as a hardware root of trust (HRoT). A HRoT is a stronger security control
than a software- or firmware-based RoT. Hardware technologies such as TPM and HSM, discussed
in section 8.2.2, provide efficient platforms for implementing RoT.
For many systems, the RoT is provided by the Unified Extended Firmware Interface (UEFI), which
replaces the BIOS. It measures the integrity of the firmware stored in flash memory, ensuring it
cannot be modified without authorization (having the proper keys), thus forming the RoT.
There are different types of roots of trust as explained in Trusted Computing Group TPM
Specification 1.
The attestation process is the issuance of a statement based on a decision that fulfillment of
specified requirements has been demonstrated. The trust root must be attestable, meaning it
has a mechanism to share its integrity and the level of security it is providing to other trusted
systems securely.2
8.5
ENDPOINT IDENTITY
Endpoint identity is a building block that enables a broad range of security controls that depend
on proper handling of identity. For example, identity is the basis for trust in asset management,
authentication, authorization, and remote maintenance.
An entity is an item with a recognizably distinct existence. For example, a device is an entity. But
some devices comprise multiple endpoints, each of which is an entity, and each endpoint
comprises multiple components, each of which is also an entity. Identity is an inherent property
of an entity that distinguishes it from all other entities. An identity must exist in a namespace to
allow it to be referred to without ambiguity. A credential is evidence that supports a claim of
identity. An example of an identity is an entity identifier that is unique within a particular
namespace; the credential would be the key.
An endpoint may have a single identity, or multiple identities, used for different applications.
Credentials are used to verify the identity of the endpoint. There are several levels of trust that
may apply to an endpoint, depending on the threat model of the particular IIoT system. Each
level of trust determines the minimum security capabilities of the credentials, including
credential uniqueness, credential storage, and credential usage (e.g. for authentication,
authorization etc.). Digital certificates, RFID, passwords, biometrics and QR codes are all
examples of credentials, but vary greatly in their level of trust.
One common example of a credential is a cryptographic certificate (e.g., X.509 digital certificate),
which is a cryptographically signed structure that binds public keys to an identifier for the entity
(i.e., a distinguished name). Certificates may be generated and signed by a certificate authority
(CA), for better level of trust, but can be self-signed for localized self-assertion of trust
requirements.
1
2
See [TCG-Spec]
See [TCG-TPM-Spec]
IIC:PUB:G4:V1.0:PB:20160926
- 68 -