MID-034: Authenticate Network Messages
Mitigation Tier: Foundational
Description
Authenticating network traffic makes it more difficult for threat actors to leverage unauthenticated network data sent by or to the device. A lack of message authentication can result in the device accepting and remaining unaware of messages spoofed or modified by an attacker with network access to the device. By authenticating network traffic, threat actors cannot send any data that will be accepted unless they also compromise the corresponding authentication credentials.
Network authentication can be implemented via several technical means, including message authentication codes (MACs), authenticated encryption (AE), and digital certificates/signatures that are used to protect all or part of the network packet or protocol message. These schemes allow the device receiving the network traffic to perform cryptographic checks of the data to ensure that it originated from a trusted source and has not been modified in-transit. Only then will it parse the message and process data within.
Note: Authentication should be paired with MID-035 - Encrypt Network Traffic to prevent eavesdropping.
Limitations: Malicious actors may be able to circumvent authentication protections through various means. When implementing session authentication, best practices should be followed to prevent authentication attacks (replay, spoofed users, default accounts, etc.)
IEC 62443 4-2 Mappings
- CR 3.1 – Communication integrity (1) Communication authentication
References
[1] okta. “Authentication Protocols 101: Definition, Types, and When to Use.” okta.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.okta.com/identity-101/authentication-protocols/
[2] nile. “Secure Network Authentication Methods, Types, and Protocols.” nilesecure.com. Accessed: Aug. 28, 2024. [Online.] Available: https://nilesecure.com/network-security/secure-network-authentication-methods-types-and-protocols
[3] Cloudflare. “What is TLS (Transport Layer Security)?.” cloudflare.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/