Industrial Internet Security Framework v 1.0

Security Framework 8.6 8: Protecting Endpoints ENDPOINT ACCESS CONTROL Endpoint access control depends on two related concepts: authentication and authorization. Authentication is the provision of assurance that a claimed characteristic of an entity is correct. Authorization is the granting of rights, including granting access based on access rights. Authorization depends on verification of the mapping of identity of the entity compared to the rights and privileges on services and resources. Therefore, authorization is dependent upon authentication. An entity comes in two forms: human and non-person entity (NPE). Both types of entities must provide credentials to assert their identity. 1 Credentials may be used for various purposes: authentication, identification and authorization. The secret parts of the credential required for authentication for both humans and NPE must be protected. 8.6.1 ENDPOINT AUTHENTICATION The process of establishing trust through endpoint authentication, or identity assertion of the remote endpoint, has several steps. First, an attestation must be made that the credentials are of the proper level of strength, and that they are in the possession of the appropriate entity. Then, the actual value of data in the credential is evaluated for correctness. Finally, validity of the credential must be tested to ensure that the credential is not suspended, revoked or expired. All successful authentication attempts do not result in the same level of trust in the identity of the remote endpoint. There are different levels of entity identity assurance based on what type of credential is applied to that authentication, how the credential is stored, and what actual authentication technique is implemented. Strong cryptographic credentials are recommended for most endpoints. In addition, credentials should be stored in the strongest storage available, ideally in trusted hardware. Mutual authentication is preferred over one-way authentication implementations wherever possible to prevent impersonation of the unauthenticated endpoint. Multi-factor authentication is recommended where possible for critical endpoints. Application of more secure protocols that establish confidence in the remote endpoint identity wherever possible is recommended. Furthermore, implementation of proper authentication schemes that demonstrate possession and/or ownership of a credential while limiting exposure of the credential material should be part of the process for creating connections between endpoints. For example, implementing mutual authentication via Kerberos [MIT-Kerb] prior to establishing a Transport Layer Security (TLS) [IETF-RFC5246] tunnel is a common technique that avoids transmitting passwords over the network. As part of the communication authentication process, the level of trust in the credential should be evaluated. Verification of the strength of the cryptographic algorithm used, capabilities of the 1 See [ISO-29115] IIC:PUB:G4:V1.0:PB:20160926 - 70 -

Industrial Internet Security Framework v 1.0 | Page 70