A possible adversarial goal is the credentials discovery, useful to have a hidden and stable access to the resource. Keys can be gathered corrupting a weak security protocol used in a communication or compromising the key management facility or its communications.
ID | Name | Description | |
T2042 | Adversary in the Middle | Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique. | |
.001 | Lower Orbit Satellites, or Drones | An attacker can take advantage of a drone or any satellite located between the target and the ground station to sniff the communication link. | |
T2043 | Brute Force | Adversaries may use brute force techniques to issue Telecommands and identify the used key(s). | |
.001 | TC Brute Forcing | An attacker can use brute force to gain access to a TC channel, to force encryption or to guess the valid commands. | |
T2044 | Communication Link Sniffing | Adversaries may sniff the communication link to attempt to capture information about an environment, including authentication material passed over the network. | |
.001 | RF sniffing | An attacker can sniff the radio frequency channels to capture potential authentication material. | |
T2015 | Retrieve TT&C master/session keys | The attacker gains knowledge of a Session or Master Key. In general, there isn’t immediate way to uncover this corruption, until it is used to modify the system’s behaviour. In case of a suspicious key corruption, the key replacement shall be executed as soon as possible. | |
.001 | Compromise of Key Management Facility | An attacker can gain control of the credential-management system and can issue credentials. This is a high risk for CCSDS systems using credentials, with the need to invalidate existing credentials and reissue all credentials. | |
.002 | Cryptographic Key Corruption | The attacker can gain knowledge of a Session or Master Key corrupting the cryptographic algorithm. | |
.003 | Interception of Key Management Communication | The attacker can intercept messages that are being transmitted as part of the Key Management Services with the intention either to obtain knowledge of a specific key or to interfere with the Key Management Service. |