207
Element to protect Risk D/R/E/A/D rating Examples of Causes Mitigation and relevant Design Choices (for the latter see
Section 5.2.10)
Physical person Attack alters data so that
wrong data is supplied to
a critical monitoring
system.H/L/M/L/L
enforce strong securityData-integrity protection provided as part of protocol security.
DC S.16: cryptographic protocols
DC S.19: integrity protection obtained from authentication enforcement at
link layer
Human users might use
unattended electronic
devices leaving no digital
trace.L/L/H/L/L
enforce weak securityAddressable through proper (local / remote) user authentication scheme
which is a feature of the Authentication Functional Component (see
Section 4.2.2.7).
DC S.1,3: ensure proper logging of authentication operations, e.g. through
the use of a AAA (authentication, authorisation, and accounting) or a AAA-
like system
A service critical for
user's safety is disabled.H/M/M/L/L
enforce strong securityCritical services have to be protected through redundancy of their key
elements. Malicious actions are prevented through dedicated access-
control policies (security management). Communication medium between
user and critical service has to be made robust against DoS attacks at all
OSI layers.
DC S.5: restrained service access
DC A.16- 17 : autonomous security
User's privacy User's identity is spoofed. L/H/H/L/M
enforce strong securityCredential theft Robust user-authentication procedure preventing man-in-the-middle
attacks, with proper credentials management policy provided by
Authentication Functional Component (see Section 4.2.2.7).
DC S.1: authentication over encrypted channel
DC S.10: avoid common crypto credentials; avoid reliance on symmetric
crypto.Credential brute-forcing
Registration procedure that
is vulnerable to man-in-the-
middle attack