Threat I.Auth.HRSGSoS.3

URI: I.Auth.HRSGSoS.3

Description: Spoofing radio network LogicalSubnet at location Space of access point Gateway: at attacker with access to the location Space of radio networking device Gateway can physically spoof network LogicalSubnet by introducing their own radio network to impersonate the real one.

Threat Type: Primary Threat

Matching Pattern:

MP-HRSGSoS

Finds a host connecting to a radio subnet that is not an abstract hotspot, a gateway host located in a space that is providing the radio subnet, and optionally a service that controls access to the radio subnet.

(empty)

NetworkSpoofing at Role_Interface

CSG-IgnorePhysicalThreatsFromWorld	Indicates that threats from as well as to the space *Space* can be ignored, i.e. that the risk model intentionally does not consider physical attacks from *Space. This is only permitted if Space* is the inferred global public space (the World) used when no locations are asserted in the model. This control strategy is a way to specify that physical security is out of scope for devices with no explicitly specified location(s), i.e. that they are considered physically secure.
CSG-NetworkAuthN-PSK	To prevent network spoofing, a gateway *Gateway* providing the network and the supplicant device *Host* can use a pre-shared key that can be verified by *Host*.
CSG-NetworkAuthN-X509	To prevent network spoofing, a gateway *Gateway* providing the network can use an X509 (or otherwise trusted) key pair, verified by the supplicant device *Host*.

Threat I.Auth.HRSGSoS.3

MP-HRSGSoS

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (3)