In this new world of shared communications infrastructure, we have ushered in an age of vulnerability, requiring organizations that manage critical infrastructure to secure a whole new set of technology boundaries. As analysts have widely noted, these networks are increasingly susceptible to attack with potentially catastrophic consequences.

Prior methods of critical infrastructure security rely on authentication methods that are strong in theory but fall short in practice. Password sharing, lost or stolen smart cards and "man in the middle" attacks are just a few reasons for these weaknesses.

Today's networks require a highly secure and all-encompassing approach focused on identifying the "trusted devices", such as PCs, field controls, etc., that are permitted to access a network, while blacklisting the rest. With a device-centric authentication system, the risks related to login and password theft are mitigated, leaving only the device itself able to provide proof of identity.

Three Necessities: Exclusivity, Resilience, and Integrity

Physical Device Recognition (PDR) offers the ideal approach by using three characteristics essential to genuine security for technology assets: exclusivity, resilience and integrity. PDR uniquely identifies devices and maintains their identity over time using a device "fingerprint". PDR also includes built-in resilience and integrity measures that eliminate false positive and false negative errors while protecting fingerprints from tampering, forgery and reverse-engineering.
Exclusivity: PDR begins by analyzing the components of a device, depending on the type of device being fingerprinted and which components are present. Each component has a number of different attributes or values used in a fingerprint, including serialization, temporality, measurement, and cardinality variable. From among thousands of potential combinations, these variables are assembled into a unique fingerprint for the host device.
Resilience: PDR is resilient when confronted with changes to the physical devices they identify. When a component of an approved network PC were changed, it can still be matched to the device fingerprint without error, so that a 100 percent identical match would not be required between the original component configuration and those resident on the device when access is being requested.

Integrity: Techniques including obfuscation, encryption and hashing work together to provide integrity to the physical device fingerprint created. Any attempt to copy, tamper with or reverse-engineer a device fingerprint renders the fingerprint invalid.

Combining resilience, security, and exclusivity allows highly unique identification of a device that persists over time. Industry experts agree, no single security product or methodology can solve all critical infrastructure security problems. However, PDR and its device-centric approach deliver an innovative and practical authentication approach to reducing vulnerabilities and protecting critical infrastructure from today's evolving cyber-attacks.

You do not have flash or javascript support.

Average (0 votes)

Reply