Security Framework
8: Protecting Endpoints
Environmental Protection’( PE) 1 provide information on methods for physical protection, access control and monitoring.
Some endpoints, such as smart meters and environmental sensors, must reside outside physical perimeter security. Physical enclosures may provide tamper evidence that exposes modification events as well as indicating the severity of tampering. Such enclosures can deter unauthorized casual tampering and protect system components from adverse weather conditions and other hazards that may cause unexpected failures. The enclosures should provide stable operating conditions by delivering controlled power source, stable temperature, protection from dust and other environment substances that could adversely affect the endpoints determinism. Physical access to endpoints that provide ports for peripherals, such as USB, should be controlled to prevent unauthorized attachment of peripherals.
Depending on the threat model, the endpoint should implement tamper-resistant hardware components or other secure storage to prevent key extraction. The level of protection from hardware attacks by a device can be accredited using certifications 2. Endpoints may have physical tamper protection features built-in that are capable of detecting and reporting any change to the physical hardware including its sub-components. Essential endpoint parts may be tagged with unique identification numbers preventing their use outside the configured context. Hardware protection mechanisms should be able to detect the substitution of any component with less capable or malicious replacements.
In highly controlled and regulated environment, the physical security status of the endpoint should be monitored and controlled automatically as part of the endpoint monitoring and configuration management functions. This kind of physical security should be able to detect and report any unauthorized access or modifications to the physical configuration or integration of the hardware. These endpoints could expose an interface allowing higher-level system physical security services to monitor or receive notifications pertaining to the security status of the endpoint easily.
8.4 ESTABLISH ROOTS OF TRUST
The roots of trust( RoT), or trust roots, consisting of hardware, software, people and organizational processes, establish confidence in the system. An endpoint without a correctly implemented RoT will lack the ability to establish confidence that it will behave as intended.
The root of trust on a device determines the level of confidence in the authenticity of the credentials belonging to that particular device. The root of trust should be able to generate, manage and store at least one identity.
The strength of the RoT determines the level of trust attainable by the device. The level of security provided by the RoT depends on how it is implemented. The RoT should be simple and well protected against compromise to ensure its integrity. Ideally the RoT should be implemented
1
See [ NIST-800-53 ]
2
See [ FIPS-140-2 ] IIC: PUB: G4: V1.0: PB: 20160926- 67-