213
Element to protect Risk D/R/E/A/D rating Examples of Causes Mitigation and relevant Design Choices (for the latter see
Section 5.2.10)
Backend account hacked M/M/L/H/M
enforce medium
securityNot specifically targeted. Addressable through security management and
credentials management policies.Massive disclosure of
collected dataH/M/L/H/L
enforce medium
securityNot specifically targeted. Addressable through security management
(databases).Backend service
becoming unavailableL/M/M/H/L
enforce medium
securityDoS detection / reaction scheme.
DC A.16- 17 : autonomous securityAttacker impersonates
infrastructure services,
compromising IoT
functionalities and/or
other dependent
infrastructure services.H/M/L/H/M
enforce medium
securityPrevention of impersonation techniques through proper use of
authentication / authorisation procedures (enforced by the respective
Authentication and Authorisation Functional Components (see Section
4.2.2.7)).
DC S.1,3: authentication
Attacker poisons
infrastructure databases
(records corruption /
addition) or alters
outgoing information.H/H/L/H/M
enforce strong securityProper authorisation scheme provided by the Authorisation Functional
Component (see Section 4.2.2.7) mitigates this attack. Enforcement of a
trust model (Trust and Reputation Functional Component (see Section
4.2.2.7)) protects against blind acceptation of erroneous data.
DC S.5: service access control. Although this does not allow identifying
corrupted data, it may help identifying and excluding the attacker.
Disclosure of private
services (existence &
description)L/H/H/M/M
enforce medium
securityMasking the belonging of multiple services to a single entity (unlinkability).
This can be achieved by reliance on pseudonyms provided by the Identity
Management Functional Component (see Section 4.2.2.7).
DC P.1: mitigation through the use of temporary identifiers
Disclosure of access L/H/H/M/M Security management of infrastructure prevents global disclosure of
access policies from the decision point to an unauthorised external