Mitigation-page

MID-036: Cryptographic Nonces

Mitigation Tier: Foundational

Description

A nonce is a piece of data, typically a number, that is created uniquely per message to ensure that messages cannot be replayed. When a device receives a message, it checks the nonce to make sure that the nonce is still valid, and if it is, it will accept the message. If the nonce is no longer valid, the device will know that the same message was sent to them multiple times, potentially indicating a replay attack, and will reject the message.

The first nonce in a communication is oftentimes sent in the first message by the device that is initiating the communication. The nonce will then undergo some operation that both the sender and receiver know. Subsequently, in every message the device will receive a transmission with a nonce, perform the operation, and send the new nonce in the next message. This results in a situation where every message has a unique nonce and the sender and receiver can know what the next nonce will be in advance, but the adversary cannot derive it as they do not know the operation or initial nonce.

Nonces can sometimes be implemented alongside MID-037 - Network Timestamps to give devices time windows and unique message identifiers to work with. If the device is not using a timestamp, it will have to ensure that the nonce is it using is sufficiently large or random so that it cannot be guessed. If it can be guessed, it may be possible for threat actors to send malicious messages with valid nonces. For example, if a device uses a counter as the initial nonce and adding one as its operation, it may be possible for a threat actor to guess the next number in sequence. A random-number generator with a hashing function on the other hand would produce results that are much harder to guess.

IEC 62443 4-2 Mappings

  • CR 4.3 - Use of cryptography 

  • CR 3.1 – Communication integrity (1) Communication authentication

References

[1] E. Barker. “NIST 800-89 - Recommendation for Obtaining Assurances for Digital Signature Applications.” nist.gov. Accessed: Aug. 28, 2024. [Online.] Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-89.pdf

[2] okta. “What is a Cryptographic Nonce? Definition and Meaning.” okta.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.okta.com/identity-101/nonce/