Industrial Internet Security Framework v 1.0 | Page 80

Security Framework 8: Protecting Endpoints 8.12.4 PHYSICAL ISOLATION Physical isolation moves the security to a completely separate device. A separate device such as a gateway provides the security. This is discussed in section 8.2.3. 8.13 RESOURCE-CONSTRAINED DEVICE CONSIDERATIONS Resource-constrained devices have the same security requirements as more powerful devices, including run-time protection, boot-time protection, communication authentication, configuration management and contribution to larger analytics systems. Resource-constrained devices must be able to perform crypto operations. Newer devices are capable of performing crypto operations using hardware accelerators, co-processors, and embedded accelerators. These are often integrated through system on chip (SoC) designs, where a single integrated circuit integrates not only the CPU, but also the network controller and other features. Field programmable gate arrays, which may also have a CPU co-processor, are another popular SoC solution for accelerating crypto operations since the algorithms can be updated in the future. All of these techniques greatly increase device performance and battery life. It is now possible to build endpoints that combine embedded acceleration with new algorithms to provide the best compromise between upgradability, performance and security. Device manufacturers now implement embedded cryptographic capabilities into cryptoaccelerators that occupy only a small portion of the real estate on a single chip, through SoC designs. Some of these crypto-accelerators are built to hardware security module standards. Although such chips and algorithms make it easier to build security into new devices, many manufacturers are saddled with decades-old devices that do not have such capabilities. For these systems, either the manufacturer must update the firmware to support new software supporting efficient software crypto operations and protocols, such as ID-based encryption 1, or they must be implemented in gateway devices. Unfortunately, many industrial protocols do not yet support adequate authentication, but insecure protocols can be tunneled over Transport Layer Security (TLS) and other lower-layer protocols to provide needed security properties such as authentication. Alternatively, individual commands, messages and datagrams are sometimes authenticated at a higher data object layer without trusting, and without needing to trust, the underlying protocol. If the device is able to perform state-of-the-art cryptographic operations, then it can verify the integrity, authenticity, pedigree and authorization of specific firmware to run. Furthermore, it can authenticate connection requests. 1 See [Fuji-MAT] IIC:PUB:G4:V1.0:PB:20160926 - 80 -