MID-044: Strong Cryptographic Algorithms and Protocols
Mitigation Tier: Foundational
Description
Device implementors should use cryptographic libraries that have been validated and rigorously tested against different cryptographic attacks. “Rolling your own crypto”, meaning creating and using homemade cryptographic algorithms, has been shown to be riskier than using heavily tested and validated libraries due to the tendency of individuals or small teams not being able to match the validation process and cryptographic rigor supplied by dedicated teams of experts.
Choosing a strong cryptographic algorithm or primitive is not always sufficient, there are often many pitfalls in using it safely and correctly. Network communications, user authentication handshakes, data protection, and other protocols are implemented using cryptographic algorithms and operations to protect information and achieve other desired security guarantees. Devices should implement protocols that are widely used, well tested, verified for security assurances, and utilize strong cryptographic algorithms. Examples of these are WPA3 and TLS.
Note: Chosen protocols should incorporate anti-metadata analysis features such as packet length standardization, packet frequency standardization, header length standardization, etc. Overall, packet metadata shouldn’t be able to be used to derive the contents of encrypted messages. This is only needed where confidentiality exists and is important to device security [3] [4] [5].
Note: Many leading cryptographic algorithms are publicly available for use and inspection, meaning that device implementors can verify for themselves that the algorithms are safe to use and compatible with their devices.
Note: Choosing a high-quality implementation of the desired cryptographic tools is very important to ensure that they will operate as intended and that cryptographic security guarantees cannot be undermined by implementation flaws. See MID-027 - Validated Cryptographic Library for more information. In addition to library choice, other related architecture considerations must be made. These can include secure key storage (MID-028 - Hardware-backed Key Storage) and secure key generation (MID-047 - Sufficient Entropy for Keys), to name a few.
Note: Encryption may introduce operational difficulties and constraints. Review all processes and functional requirements when encrypting traffic in transit.
IEC 62443 4-2 Mappings
CR 4.3 - Use of cryptography
CR 1.14 - Strength of symmetric key-based authentication
CR 1.9 - Strength of public key-based authentication
References
[1] S. Morrow. “The Dangers of “Rolling Your Own” Encryption.” infosecinstitute.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.infosecinstitute.com/resources/cryptography/the-dangers-of-rolling-your-own-encryption/
[2] NIST. “Cryptographic Module Validation Program.” nist.gov. Accessed: Aug. 28, 2024. [Online.] Available: https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search?SearchMode=Basic&CertificateStatus=Active&ValidationYear=0
[3] C. Tezcan. “On Hiding Message Length in Symmetric-key Cryptography.” forgottenlance.com. Accessed: Aug. 28, 2024. [Online.] Available: https://cihangir.forgottenlance.com/papers/length_hiding_lasec.pdf
[4] Alyami M, Alghamdi A, Alkhowaiter MA, Zou C, Solihin Y. Random Segmentation: New Traffic Obfuscation against Packet-Size-Based Side-Channel Attacks. Electronics. 2023; 12(18):3816. https://doi.org/10.3390/electronics12183816
[5] S. Xiong, A. D. Sarwate and N. B. Mandayam, “Defending Against Packet-Size Side-Channel Attacks in Iot Networks,” 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Calgary, AB, Canada, 2018, pp. 2027-2031, doi: 10.1109/ICASSP.2018.8461330.
[6] J. van Woudenberg. “Top 10 Secure Boot mistakes.” Presented at hardware.io Hardware Security Conference and Training, Santa Clara, CA, USA, 2019. [Online]. Available: https://hardwear.io/usa-2019/presentations/Top-10-Secure-Boot-Mistakes-v1.1-hardwear-io-usa-2019-jasper-van-woudenberg.pdf