Threat Se.Auth.SePDsFF.0

URI: Se.Auth.SePDsFF.0

Package: IoT

< prev | next >

Description: Loss of authenticity at sensor Sensor: if the onboard data received from a sensor by any client is altered by an attacker, it is modelled as a loss of authenticity at the sensor.

Threat Type: Secondary Threat

Matching Pattern:

Se.Auth.SePDsFF.0
MP-SePDsFF

Finds a Sensor with its onboard process and data, plus all flows of this data from the process (i.e., out of the sensor), at least one of which must be involved in the pattern.

Se.Auth.SePDsFF.0
DF.Auth.HDCDF.0

Cached flow of data Data from FlowsFrom to FlowsTo altered on Host: if the flow of Data from FlowsFrom to FlowsTo is cached on Host, and an attacker is able to tamper with the cache, the data flow will be affected. This is a secondary threat whereby changes to the cache propagate to the data flow - the attack will be what caused the cache to lose authenticity.
Se.Auth.SePDsFF.0
DF.Auth.HPDSDADF.0

Service Process serves an unauthentic stored copy of data Data to FlowsTo: if the locally stored copy of Data on Host served by Process is unauthentic, so will the flow of Data served to FlowsTo.
Se.Auth.SePDsFF.0
DF.Auth.HuWEDF.3

Phishing attack fools Human into loading malicious URL to WebBrowser: user Human viewing email in their mail client MUA clicks on a malicious link, sending it to their web browser WebBrowser.
Se.Auth.SePDsFF.0
DF.Auth.HuWESDF.3

Phishing attack fools Human feeding malicious URL to WebBrowser: user Human viewing email via webmail service MUA clicks on a malicious link, sending it to their web browser WebBrowser.
Se.Auth.SePDsFF.0
DF.Auth.HuWSMSDF.3

Smishing attack fools Human feeding malicious URL to WebBrowser: user Human clicks on a malicious link in a text message on their phone Host, sending it to their web browser WebBrowser.
Se.Auth.SePDsFF.0
DF.Auth.DScSePDmFF.3

Malicious control of Sensor alters generation of sensed output Data: if an attacker can tamper with the stored control inputs to sensor Sensor, they may be able to alter measurement of the environment by Sensor so as to deceive recipients of the data.
Se.Auth.SePDsFF.0
DF.Auth.ACDF-VFS-i.3.6

Encrypted flow of data Data to FlowsTo altered by compromised service Service: if an attacker can compromise service Service, they can access its cryptographic key and alter data Data flowing between Service and FlowsTo.
Se.Auth.SePDsFF.0
DF.Auth.ACDFVFS-i.3.6

Encrypted flow of data Data to FlowsTo altered by compromised service Service: if an attacker can compromise service Service, they can access its cryptographic key and alter data Data flowing between Service and FlowsTo.
Se.Auth.SePDsFF.0
DF.Auth.ACDF-VSC-i.3.1

Flow of data Data from FlowsFrom to FlowsTo altered by compromised service Service: if an attacker can compromise service Service, they can they can inject fake data via messages to Client.
Se.Auth.SePDsFF.0
DF.Auth.AC-iDF-VCS.3.2

Compromised or impersonated client Client injects fake content into the flow of data Data from FlowsFrom to FlowsTo between Client and Service: if an attacker can compromise or impersonate client Client, they can inject fake data in messages to Service.
Se.Auth.SePDsFF.0
DF.Auth.AC-iDFVFC.3.6

Compromised client Client injects fake content into the encrypted flow of Data to/via Service: if an attacker can compromise client Client, they can access its cryptographic key and alter data Data flowing between Client and FlowsTo.
Se.Auth.SePDsFF.0
DF.Auth.AC-iDF-VFC.3.6

Compromised client Client injects fake content into the encrypted flow of Data to/via Service: if an attacker can compromise client Client, they can access its cryptographic key and alter data Data flowing between Client and FlowsTo.
Se.Auth.SePDsFF.0
DF.Auth.AC-iDF-VSC.3.2

Imposter posing as Service injects false content into the flow of data Data from FlowsFrom to FlowsTo between Service and Client: if an attacker can impersonate service Service, they can inject false data in messages to Client.
Se.Auth.SePDsFF.0
DF.Auth.CCCSDF-VCCS-i.3

Flow of data from/via Process forged by compromised client Client via confused deputy Service: if client Client does not send data Data to its service Service, it is still possible to inject false content into the data flow via service Service using a confused deputy attack. The attack itself is responsible for the upstream loss of DeputyUserTW (see threat causes).
Se.Auth.SePDsFF.0
DF.Auth.CCCSPDF-VCCS-i.3

Flow of data from/via Process forged by compromised client Client via confused deputy Proxy: if client Client is compromised or impersonated, and does not send data Data via its service Proxy, it is still possible to get the data indirectly using a confused deputy attack via Proxy and Service. The attack itself is responsible for the upstream loss of DeputyUserTW (see threat causes), in this case propagated by at least one reverse proxy.
Se.Auth.SePDsFF.0
DF.Auth.AC-iDFVFC.2.6

Client Client on stolen host CHost injects fake content into the encrypted flow of Data via Service: if an attacker has possession of host CHost and can access client Client, they can access its cryptographic key and inject malicious content into the flow of Data from Client to FlowsTo.
Se.Auth.SePDsFF.0
DF.Auth.AC-iDF-VFC.2.6

Client Client on stolen host CHost injects fake content into the encrypted flow of Data via Service: if an attacker has possession of host CHost and can access client Client, they can access its cryptographic key and inject malicious content into the flow of Data from Client to FlowsTo.

        (empty)

        (empty)

        (empty)