Credential Access

A possible adversarial goal is the credentials discovery, useful to have a hidden and stable access to the resource. Keys can be gathered corrupting a weak security protocol used in a communication or compromising the key management facility or its communications.

ID: TA0006
Created: 25 August 2022
Last Modified: 14 April 2023

Techniques

Techniques: 4
ID Name Description
T2042 Adversary in the Middle Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique.
.001 Lower Orbit Satellites, or Drones An attacker can take advantage of a drone or any satellite located between the target and the ground station to sniff the communication link.
T2043 Brute Force Adversaries may use brute force techniques to issue Telecommands and identify the used key(s).
.001 TC Brute Forcing An attacker can use brute force to gain access to a TC channel, to force encryption or to guess the valid commands.
T2044 Communication Link Sniffing Adversaries may sniff the communication link to attempt to capture information about an environment, including authentication material passed over the network.
.001 RF sniffing An attacker can sniff the radio frequency channels to capture potential authentication material.
T2015 Retrieve TT&C master/session keys The attacker gains knowledge of a Session or Master Key. In general, there isn’t immediate way to uncover this corruption, until it is used to modify the system’s behaviour. In case of a suspicious key corruption, the key replacement shall be executed as soon as possible.
.001 Compromise of Key Management Facility An attacker can gain control of the credential-management system and can issue credentials. This is a high risk for CCSDS systems using credentials, with the need to invalidate existing credentials and reissue all credentials.
.002 Cryptographic Key Corruption The attacker can gain knowledge of a Session or Master Key corrupting the cryptographic algorithm.
.003 Interception of Key Management Communication The attacker can intercept messages that are being transmitted as part of the Key Management Services with the intention either to obtain knowledge of a specific key or to interfere with the Key Management Service.