Industrial Internet Security Framework v 1.0 | Page 70
Security Framework
8.6
8: Protecting Endpoints
ENDPOINT ACCESS CONTROL
Endpoint access control depends on two related concepts: authentication and authorization.
Authentication is the provision of assurance that a claimed characteristic of an entity is correct.
Authorization is the granting of rights, including granting access based on access rights.
Authorization depends on verification of the mapping of identity of the entity compared to the
rights and privileges on services and resources. Therefore, authorization is dependent upon
authentication.
An entity comes in two forms: human and non-person entity (NPE). Both types of entities must
provide credentials to assert their identity. 1 Credentials may be used for various purposes:
authentication, identification and authorization. The secret parts of the credential required for
authentication for both humans and NPE must be protected.
8.6.1 ENDPOINT AUTHENTICATION
The process of establishing trust through endpoint authentication, or identity assertion of the
remote endpoint, has several steps. First, an attestation must be made that the credentials are
of the proper level of strength, and that they are in the possession of the appropriate entity.
Then, the actual value of data in the credential is evaluated for correctness. Finally, validity of the
credential must be tested to ensure that the credential is not suspended, revoked or expired.
All successful authentication attempts do not result in the same level of trust in the identity of
the remote endpoint. There are different levels of entity identity assurance based on what type
of credential is applied to that authentication, how the credential is stored, and what actual
authentication technique is implemented.
Strong cryptographic credentials are recommended for most endpoints. In addition, credentials
should be stored in the strongest storage available, ideally in trusted hardware.
Mutual authentication is preferred over one-way authentication implementations wherever
possible to prevent impersonation of the unauthenticated endpoint. Multi-factor authentication
is recommended where possible for critical endpoints.
Application of more secure protocols that establish confidence in the remote endpoint identity
wherever possible is recommended. Furthermore, implementation of proper authentication
schemes that demonstrate possession and/or ownership of a credential while limiting exposure
of the credential material should be part of the process for creating connections between
endpoints. For example, implementing mutual authentication via Kerberos [MIT-Kerb] prior to
establishing a Transport Layer Security (TLS) [IETF-RFC5246] tunnel is a common technique that
avoids transmitting passwords over the network.
As part of the communication authentication process, the level of trust in the credential should
be evaluated. Verification of the strength of the cryptographic algorithm used, capabilities of the
1
See [ISO-29115]
IIC:PUB:G4:V1.0:PB:20160926
- 70 -