Invalid Curve Attack

Description

Invalid Curve Attack

Risk Assesment: 6.8

CWE

347

325

CVE

5383

Attack Surfaces

Controller Implementation (MITRE EMB3D PID-11)

BLE (MITRE EMB3D PID-4111)

Security Manager Protocol (MITRE EMB3D PID-4113)

Pairing

MagicPairing

Key agreement

Attack Vectors

Invalid ECC point (MITRE EMB3D TID-318)

Defenses

Public key validation, Verify public key satisfies the curve equation