210
Element to protect Risk D/R/E/A/D rating Examples of Causes Mitigation and relevant Design Choices (for the latter see
Section 5.2.10)
Leaf device Loss or theft of a physical
device used for
authentication.M/L/H/L/L
enforce weak securityTwo-factor authentication, when applicable. This means that the gain of
the physical device would not be enough for an attacker to pretend being a
legitimate user and authenticate as such.
Cryptographic credentials should be themselves protected (PIN code,
passphrase)
DC S.1,3: authentication. Note that identification instead of authentication
should not be applied
Loss or theft of physical
device containing private
information.M/L/H/L/L
enforce medium
securityPhysical protection of stored credentials (e.g. security vault) – readability
of a device only upon fulfilment of certain conditions (e.g. known reader).Attacker changes the
association between a
Virtual Entity and the
corresponding Physical
Entity.M/L/M/H/L
enforce medium
securityWrong tag on a device. Secured discovery/ resolution/ lookup system.
A specific Design Choice for tamper-proof IDs is not provided for two
reasons. First, one could realise it on a hardware-level by using tamper-
proof hardware modules. Notice that hardware is out of scope for IoT-A
(device level is not part of the RA). The second reason is that tamper-
proof IDs can also be realised by a secure resolution system by means of
Authentication and Authorisation which is already part of the RA and thus
no Design Choice is needed..Compromising resolution
system.Attacker gains control of
an actuator.M/M/M/L/M
enforce medium
securityProper authorisation scheme as offered by the Authorisation Functional
Component (see Section 4.2.2.7).
End-to-end integrity protection, provided as part of protocol security.
DC S.5: prevent compromise through access restriction
DC A.16- 17 : reactive (autonomous) security in case of compromise
Attacker alters leaf-
device content so that a
user will eventually be
redirected to a maliciousM/M/H/M/L
enforce mediumNot specifically targeted. Addressable through a proper URI verification
system on user device.