212
Element to protect Risk D/R/E/A/D rating Examples of Causes Mitigation and relevant Design Choices (for the latter see
Section 5.2.10)
dealing with this threat (identification of compromised devices).
DC S.10: end-to-end encryption
DC A.16- 17 : autonomous security
Intermediary devices
behave maliciously and
clients are not able to
report the fact.M/M/L/M/H
enforce weak securityRemote monitoring of intermediary devices.
Depending on the malicious action performed by intermediary devices,
client nodes may mitigate it by applying end-to-end security schemes (Key
Exchange and Management Functional Component + protocol security).
DC A.16- 17 : autonomous security
Information re-routing by
intermediary device.M/H/M/M/M
enforce medium
securityEnd-to-end security scheme put in place by the Key Exchange and
Management Functional Component (see Section 4.2.2.7), and enforced
by the relevant protocol security function.
DC S.10: end-to-end encryption
Assisting intermediary
devices are no longer
usable.L/M/H/H/L
enforce medium
security- Exhaustion attacks
- Various specific attacks
against the involved
assistance mechanisms
(e.g. no packet forwarding
toward a routing service,
replacing a received key
fragment with garbage
against a collaborative
keying service...)
Denial-of-service detection / reaction scheme.
DC A.16- 17 : autonomous securityBackend services Administrator-role
usurpationH/M/L/H/L
enforce medium
securityAdministrator credentials
disclosed / hacked / brute-
forcedNot specifically targeted. Addressable through security management and
credentials management policies.