Industrial Internet Security Framework v 1.0 | Page 80
Security Framework
8: Protecting Endpoints
8.12.4 PHYSICAL ISOLATION
Physical isolation moves the security to a completely separate device. A separate device such as
a gateway provides the security. This is discussed in section 8.2.3.
8.13 RESOURCE-CONSTRAINED DEVICE CONSIDERATIONS
Resource-constrained devices have the same security requirements as more powerful devices,
including run-time protection, boot-time protection, communication authentication,
configuration management and contribution to larger analytics systems.
Resource-constrained devices must be able to perform crypto operations. Newer devices are
capable of performing crypto operations using hardware accelerators, co-processors, and
embedded accelerators. These are often integrated through system on chip (SoC) designs, where
a single integrated circuit integrates not only the CPU, but also the network controller and other
features. Field programmable gate arrays, which may also have a CPU co-processor, are another
popular SoC solution for accelerating crypto operations since the algorithms can be updated in
the future. All of these techniques greatly increase device performance and battery life. It is now
possible to build endpoints that combine embedded acceleration with new algorithms to provide
the best compromise between upgradability, performance and security.
Device manufacturers now implement embedded cryptographic capabilities into cryptoaccelerators that occupy only a small portion of the real estate on a single chip, through SoC
designs. Some of these crypto-accelerators are built to hardware security module standards.
Although such chips and algorithms make it easier to build security into new devices, many
manufacturers are saddled with decades-old devices that do not have such capabilities. For these
systems, either the manufacturer must update the firmware to support new software supporting
efficient software crypto operations and protocols, such as ID-based encryption 1, or they must
be implemented in gateway devices.
Unfortunately, many industrial protocols do not yet support adequate authentication, but
insecure protocols can be tunneled over Transport Layer Security (TLS) and other lower-layer
protocols to provide needed security properties such as authentication. Alternatively, individual
commands, messages and datagrams are sometimes authenticated at a higher data object layer
without trusting, and without needing to trust, the underlying protocol.
If the device is able to perform state-of-the-art cryptographic operations, then it can verify the
integrity, authenticity, pedigree and authorization of specific firmware to run. Furthermore, it
can authenticate connection requests.
1
See [Fuji-MAT]
IIC:PUB:G4:V1.0:PB:20160926
- 80 -