Industrial Internet Security Framework v 1.0 | Page 75

Security Framework

8: Protecting Endpoints

A common data integrity technique to detect alteration is the digital signature. The digital
signature uses a secret or a private key to generate cryptographic signatures that record what
the actual data was at the time of signing. This enables anyone to validate the integrity of the
signed data at any point in the future, but requires more runtime processing effort to implement
the cryptographic functions. Ideally, the signing key is kept in protected storage such as an HRoT,
and the signing operation is performed in a TEE such as a TPM.
Applying digital signatures provides stronger integrity than hashing. In addition, since any party
can validate the data, common security operations, such as software and firmware updates, can
validate the integrity of the update prior to applying it. Also, configuration files and log files on
the endpoint can be verified to ensure their integrity at any point in the future.

8.9

ENDPOINT MONITORING AND ANALYSIS

Monitoring mechanisms should also be protected. Endpoint monitoring concerns itself with
detection of possible tampering with or compromise of devices, which would result in incorrect
reporting of events. Monitoring of the endpoint security status may be performed internally on
the endpoint or may be performed externally to the endpoint. Monitoring of least-capable edge
devices will most likely be executed from another endpoint in the operational domain.

8.10 ENDPOINT CONFIGURATION AND MANAGEMENT
The endpoint must provide secure and controlled changes to the endpoint components, though
in some rare cases no security is desired. All updates and changes should be signed, their payload
encrypted and actions logged for subsequent auditing and recovery of the endpoint. These
services should be provided non-intrusively to the operational functionality and have a separate
logical connectivity to system-level configuration management and control.

8.11 CRYPTOGRAPHY TECHNIQUES FOR ENDPOINT PROTECTION
Cryptography is the discipline that embodies principles, means, and mechanisms for the
transformation of data in order to hide its information content, prevent its undetected
modification and prevent its unauthorized use. Cryptography is used to perform a number of
security operations at the endpoint. Providing an in-depth description of cryptographic
techniques and algorithms is out of scope of this document. The following information clarifies
some concepts and is included for completeness.
Endpoints must always use standard cryptographic algorithms. These algorithms should be
implemented utilizing safe-coding practices, and whenever possible, with libraries that are
updated and maintained regularly. Creating cryptographic algorithms without a public evaluation
should be avoided.
In addition, keys must be random, not predictable, and of sufficient length to preclude brute
force or exhaustive searches of the available key space. Two classes of random-number
generators (RNG) are commonly used: deterministic and non-deterministic. Deterministic RNG
(also called Pseudorandom Number Generators) use a secret starting value, called a seed, to
initialize the generation algorithm, while non-deterministic RNG depend on some unpredictable
IIC:PUB:G4:V1.0:PB:20160926

- 75 -