Table 15.
Enhanced generics representing security objectives.
| Prefix, mnemonic | Description |
|---|---|
| Security objectives concerning mainly the TOE | |
| OAVB.Reliability | The sensor must provide reliable service. Applying fault tolerance methods and techniques. |
| OAVB.ResUnderControl | Control resource [Dparam]. |
| OINT.TamperResistance | The TOE guarantees its own physical/logical integrity. The means of detecting physical tampering must be provided (e.g., seals, tampering detection, special reinforced cases, intrinsically safe solutions). |
| OINT.Processing | The sensor must ensure that the processing of input to derive output data [Dparam] is accurate. |
| OINT.PowAnalResist | Solutions resistant to the simple/differential power analysis attacks (SPA/DPA) are implemented. |
| OINT.DataVerification | Verify that the data [Dparam] are valid. |
| OINT.AntiMalware | Specialized anti-malware software. |
| OIDA.ControlID | Using the properly managed unique identifiers of sensors [Dparam]. |
| OIDA.Authentication | The sensor must authenticate connected entities. |
| OACC.Access | The sensor must control access of connected entities. |
| OCON.DataEncrypt | Encrypt the data [Dparam]. |
| OCON.SecDataProt | When a node is turned off, no security material (such as a shared secret or a static public/private key) [Dparam] should have to be stored permanently in the non-volatile memory of the node (a pre-configured shared secret obviously does not satisfy this requirement). |
| OADT.Audit | The sensor must audit attempts to undermine its security and should trace them to the associated entities. |
| OSMN.SecManAdmin | The TOE will provide facilities to enable an authorized administrator [Sparam] to effectively manage the TOE and its security functions, and will ensure that only authorized administrators are able to access such functionality. |
| Security objectives concerning mainly the TOE operational environment | |
| OAVB.SensorSysMain | The data [Dparam] sampled by the sensor-based acquisition/monitoring system [Dparam] checked by control authorities must be available and reflect fully and accurately the system objectives. |
| OAVB.RedundNodes | Apply redundant sensor nodes, allowing to lose nodes without any impact on the network (or network application) behavior as a whole. |
| OAVB.DataFreshness | Ensure that the message received [Dparam] is the message sent by the authorized source [Sparam] but not a replayed message sent by the intruder [Sparam]. |
| OINT.MajorityVoting | Apply the majority voting scheme to determine the validity of an alarm raised by neighboring nodes based on their own measurement. |
| OINT.IdentCapVsNodeCap | Testing limited resource (radio communication capability). Assuming that a device can access only one radio channel at a time and checking that each identity has no less capability than a physical node (all identities have channels assigned and must send messages through them simultaneously; the system detects the attack when it receives no message in its channel). |
| OCON.CryptoScheme | Applying the cryptographic scheme (key management, operations) with respect to the existing communication resources. |
| OCON.CryptoBoundary | Setup the cryptographic boundary inside the TOE from where security sensitive data [Dparam] shall not leak. The boundary encompasses the TOE parts where security sensitive data are generated, stored, updated and used. |
| ODEX.MultipleCommPaths | Use redundant communication paths, specialized countermeasures (e.g., against blackholes, misdirection, wormholes), and controlling of the routing information. |
| ODEX.CommQuality | Avoidance of interference, blocked communication spaces, using specialized measures against jamming, collision and flooding. |
| OEIT.SecPerimVsTrRangeCtrl | The physically controlled security perimeter, where nodes are placed, should be defined with respect to the range of wireless transmission. |
| OEIT.IdentPositionVsNodePosition | Assuming that no identities are at the same position, checking the identity position versus the node position claiming this identity. Sensor measurements are credible when they can be associated with their physical locations. |
| OSMN.RegularInpections | The sensor must be periodically inspected and calibrated (if necessary). |
| OSMN.SecDatManag | Periodic changes to security data [Dparam] managed by [Sparam]. |
| OSMN.NetAdmin | Network administration and security policy procedures implementation. |
| OSMN.UserAwarn | User awareness, proper operation regulations and procedures. |
| OSMN.PatientSecurity | The monitored patient is within the access-restricted area and the medical personnel or household members take care of her/him. |
| OSMN.HIPAA | The medical system should comply with the Health Insurance Portability and Accountability Act (HIPAA). |
| Security objectives concerning the site processes | |
| OSMN.SiteProcess | Site processes encompassing the development-, manufacturing- and maintenance activities in the life cycle are properly defined, implemented and managed. |