208
Element to protect Risk D/R/E/A/D rating Examples of Causes Mitigation and relevant Design Choices (for the latter see
Section 5.2.10)
User is involved in
transactions with a
malicious peer.L/H/H/M/L
enforce strong securityRedirection to malicious
content. The redirection
may be caused by data
tempering on
communication channel or
leaf node compromising
(e.g. content of a tag is
altered).Trustworthy discovery / resolution / lookup system. Trustworthiness of the
entire system is enabled through its security Functional Components
(especially Authentication and Trust and Reputation (see Section 4.2.2.7),
as well as its global resilience to intrusions (security by design).
Resolution security
DC S.1: authentication over encrypted channel
Attacker gains knowledge
of user configuration.M/M/M/L/H
enforce medium
securityUser's private information
leakage through user's
characterisation as
requiring certain data (and
thus performing
accordingly discovery,
lookup, resolution of the
corresponding services).Enforcement of a robust pseudonymity scheme ensuring both anonymity
and unlinkability of two successive data units; provided by the Identity
Management Functional Component (see Section 4.2.2.7).
DC S.10: encryption schemes, with a specific relevance of onion-routing-
like encryption (best scheme with respect to anonymity support)
DC P.1: temporary identity, more easily changed for unlinkability, hence
privacy
User's private information
leakage through user's
characterisation as
providing certain data.
Traceability (this path,
hence this user).Attacker gains knowledge
of user's location.L/H/M/L/H
enforce weak securityUser's location can be hidden through reliance on pseudonyms provided
by the Identity Management Functional Component (see Section 4.2.2.7).
DC P.1: temporary identity, more easily changed for unlinkability, hence
privacy
Communication
channelAlteration of the sent
invocation of a service.L/L/M/L/L
enforce weak securityEnd-to-end integrity protection of service-access signalling (data integrity
protection is provided as part of protocol security).