Security goals Sample Clauses
The 'Security goals' clause defines the specific objectives and standards that parties must achieve to ensure the protection of information, systems, or assets. It typically outlines the required levels of confidentiality, integrity, and availability, and may specify compliance with certain security frameworks or regulations. By clearly stating these goals, the clause provides a benchmark for evaluating security measures and helps prevent misunderstandings about the expected level of protection, thereby reducing the risk of security breaches and disputes.
Security goals. Towards a SMI network an adequate se- curity suite essentially satisfies the following goals:
1) Mutual authentication and key establishment: In a SMI network, it is paramount security requirement that a NAN gateway must authenticate to a smart meter, since consumption data collected from smart meters will be utilized for many purposes e.g., billing, load balancing, etc. Similarly, a smart meter should authenticate the NAN gateway in order to protect from fake messages (e.g., control commands, etc.) from an attacker. Thus mutual authentication is highly required [32]. As soon as mutual authentication verified, a fresh session key agreement should be generated for the legal parties, so that subsequent communication could take place securely.
Security goals. The objective of the proposed scheme is the establishment of the session keys and the authentication of the users. The formalized goals of the scheme are as follows: G1: Sk possess at [1] H(XOR(H(Nz,Ny), H(Ui,Ny)),NtH(H(H(Ui,Ny),Nz),XOR(H(Nz,Ny), H(Uj,Ny))));
Security goals. The scheme is supposed to satisfy the following security goals.
Security goals. The following security goals can be identified for any GKA protocol.
1) Key Secrecy: The key can be computed only by the GKA participants.
2) Key Independence: Knowledge of any set of group keys does not lead to the knowledge of any other group key not in this set (see [9]).
Security goals. The stakeholder interests are related to a particular (business) goal or function which will be elaborated upon in each of the specific SEGRID use cases. Security goals are related to specific architectural assets (information, function, system and/or network) that are critical to achieve these goals or functions. By determining what security properties of these assets need to be preserved in order to ensure the stakeholders interests, the security goals can be defined. The property types are typically derived from the information security domain. A well-known and renowned set of standards for Information Security Management is the ISO/IEC 27000 series. The first standard ISO/IEC 27000:2014 [4] provides the set of definitions and terms. Information security is defined as: Information security – preservation of confidentiality, integrity and availability of information. Note: In addition, other properties, such as authenticity, accountability, non- repudiation, and reliability can also be involved. Here confidentiality, integrity and availability are defined as follows: The property availability is applicable to information as well as to a (information processing) function, process or system. In the context of smart grids, availability is often regarded as the most important property [5]. Ensuring availability of the power supply is indeed very important. The availability of information or of an information processing function is not necessarily more important than the integrity of the information to ensure the availability of power supply. A common debate on data integrity is whether it also means that the data is correct. Therefore, correctness integrity is sometimes included as an additional property. Moreover, the authenticity of the origin of information is also not included in the definition above. Data origin integrity or authenticity is commonly addressed as a separate property. For the definition of security goals of the SEGRID use cases we will use both data integrity & authenticity as aspects of integrity. The security goal shall make clear which of the two, or if both are meant. In the definition of information security above, accountability is mentioned as an additional property that is sometimes relevant. Within the context of smart grids we expect that accountability is relevant. ISO/IEC 27000:2014 does not contain a definition of this property. ISO 7498-2:1989 provides the following definition of accountability: A specific type of accountabi...