Industrial Internet Security Framework v 1.0 | Page 139
Security Framework
Annex C: Security Capabilities and Techniques Tables
Annex C SECURITY CAPABILITIES AND TECHNIQUES TABLES
This annex lists some security techniques and processes, their mapping to important security
objectives, and their high-level requirements. With the ever-changing attack landscape, new
techniques and processes are devised every day. This list cannot be comprehensive.
Cryptographic Technique
Symmetric key
cryptography
MACs
Symmetric
encryption
Example Objective
Example Requirements
Message
Secure standardized and
authentication;
Securely generated, up-to-date MAC algorithm
Message integrity distributed and
maintained, shared Secure standardized and
secret key
up-to-date encryption
Confidentiality
algorithm
Authorship;
Digital signatures Integrity;
Non-repudiation
Asymmetric key
cryptography
Asymmetric
encryption
Confidentiality
Shared secret
establishment
Forward secrecy
Hash function
Message/data
integrity
Random number generator
Random key and
other data
Public-key
infrastructure
Standard-based
securely generated, distributed
and maintained,
public and private keys;
Standardized and up-to-date
signature schemes
Standardized and
up-to-date asymmetric
encryption algorithm
Standardized and
up-to-date shared secret
establishment algorithm
Standardized and
up-to-date hashing algorithm
Proper random seed
Standardized and
up-to-date random generator
Table C-1: Cryptographic Techniques, their Objectives and Requirements
Table C-1 identifies fundamental cryptographic building blocks in wide use in IT systems. For
example, digital signatures are a type of asymmetric key cryptography designed to ensure
authorship, integrity, and non-repudiation of data. Correct implementation of digital signatures,
however, depends on existence of a public-key infrastructure (PKI), standard-based securely
generated, distributed, and maintained key pairs, and standardized and up-to-date signature
schemes.
IIC:PUB:G4:V1.0:PB:20160926
- 139 -