Retrieve TT&C master/session keys

Sub-techniques (3)

ID	Name
T2015.001	Compromise of Key Management Facility
T2015.002	Cryptographic Key Corruption
T2015.003	Interception of Key Management Communication

The attacker gains knowledge of a Session or Master Key. In general, there isn't immediate way to uncover this corruption, until it is used to modify the system's behaviour. In case of a suspicious key corruption, the key replacement shall be executed as soon as possible. ^[1] ^[2]

Standard/references: ^[1] ^[2]

ID: T2015

Sub-techniques: T2015.001, T2015.002, T2015.003

ⓘ

Tactic: Credential Access

ⓘ

Platforms: Ground Segment, Space-link communication

Version: 2.0

Created: 25 August 2022

Last Modified: 22 April 2023

Mitigations

ID	Mitigation	Description
M2074	Protect/isolate Key Mangement Facility
M2073	Revoke keys and replace with new ones (including master keys, if needed)

References

CCSDS. (2019, July). RECOMMENDED STANDARD FOR AUTHENTICATION SECURITY CREDENTIALS, CCSDS 357.0-B-1. Retrieved September 29, 2022.

CCSDS. (2022, February). DRAFT CCSDS RECOMMENDED PRACTICE FOR SYMMETRIC KEY MANAGEMENT, CCSDS 354.0-R-2. Retrieved September 29, 2022.