Industrial Internet Security Framework v 1.0 | Page 115
Security Framework
11: Security Configuration and Management
and the identity and integrity of the component should be verified at the end of the enrollment
phase prior to the credential management phase. It is difficult to attest to the trust of hardware
components purely in software; hardware support is strongly recommended.
The credential management phase is where provisioning to the owner/operator organizational
environment is implemented. This process includes generation of credentials, or enablement of
credential generation capabilities on endpoints. An audit trail tracking the provisioning of the
identity material into the entity and the manner of storage and other security implementation
properties should be retained. The integrity of relevant entities such as devices and endpoints,
and their data-in-motion, and data-at-rest, should be verified to ensure that the credential
management phase is correct.
The entity authentication phase is where the actual authentication and authorization process
occurs during the day-to-day operation of the device and endpoint entities. An audit trail tracking
the authentication and authorization attempts and results is retained for an organization-defined
period of time based on policy.
11.7.1 ENROLLMENT PHASE
The enrollment phase provides the basis for establishing trust in an entity. There must be a
mechanism to ensure that it is the correct entity, either manually or automatically, prior to
issuing credentials. In order to scale, an automated approach is recommended.
There are three steps to the enrollment phase: initiation, entity verification and registration.
Initiation declares the desire to bring the entity under management and give it identity and
credentials. Verification involves proving that the entity is the one for which the identity is to be
created and issued. Registration (see Figure 11-6) means the entity is ready to have credentials
created and delivered, or to have the entity generate the credentials itself. Always validate that
the identity that was registered was the one bound to the credential that was generated for the
entity.
The enrollment initiation step requires that there be some way to track the entity through the
enrollment phase until owner/operator credentials are issued. The entity should have a
manufacturer identifier, ideally an endorsement key and certificate, that is assigned and
managed by the manufacturer and embedded during the manufacturing process. The
manufacturer identifier allows the component builder to validate the entity and establish trust
in its authenticity and integrity.
Entity verification extends the enrollment process to assert that the entity to receive the
credential is eligible and has the manufacturer identifier for tracking through the enrollment
phase. This approach encourages component builders and system builders to expose APIs on the
endpoint entity to access the various identifiers and the services to validate them.
During the registration step, the entity, now verified by the component builder or system builder,
is present in the organization’s asset tracking system and is available for provisioning. To enable
the secure enrollment process, the manufacturer should expose a service to associate the device
with the new owner, enable the entity to make contact and verify itself upon initial power-on,
IIC:PUB:G4:V1.0:PB:20160926
- 115 -