Develop/Obtain Capabilities: Digital Certificates

Other sub-techniques of Develop/Obtain Capabilities (9)

ID	Name
T2007.002	Code Signing Certificates
T2007.003	Digital Certificates
T2007.004	DSSS or Frequency hopping sequence
T2007.005	Malicious supply chain capabilities
T2007.006	Software vulnerabilities
T2007.008	Space Protocol Vulnerabilities
T2007.009	Tools for attacking space systems
T2007.010	TC/TM request forging
T2007.011	Cryptographic Keys

CCSDS recommends two forms of credentials: X.509 certificates and protected simple authentication. There are risks for CCSDS systems utilizing credentials if an attacker gains control of the credential-management system and can issue credentials. If a compromised credential management process results, then there is a need to invalidate existing credentials and reissue all credentials. The authenticity of an X.509 certificate is dependent upon the digital signature of the CA attesting to the credential. If the digital signature algorithm used by the CA is of insufficient cryptographic strength, a credential may be spoofed. ^[1]

Standard/references: ^[2]

ID: T2007.003

Sub-technique of: T2007

ⓘ

Tactic: Resource Development

ⓘ

Platforms: Space Segment

Version: 2.0

Created: 25 August 2022

Last Modified: 05 February 2025

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References

The MITRE Corporation. (2015-2022). MITRE ATT&CK® Retrieved September 27, 2022.

CCSDS. (2019, July). RECOMMENDED STANDARD FOR AUTHENTICATION SECURITY CREDENTIALS, CCSDS 357.0-B-1. Retrieved September 29, 2022.