ORSHIN Attack Defense Framework
Physical Threat Catalog
Attack Vector and Threat
Primary MITRE EMB3D TID
Risk Value
Power Side-Channel
MITRE EM3ED TID-101
n/a
Secret-dependent operations lead to secret extraction through measuring power consumption
MITRE EM3ED TID-101
n/a
Key-dependent exponentiation leads to single-trace key extraction through measuring power consumption
MITRE EM3ED TID-101
n/a
Key-dependent multiplication leads to key extraction through measuring power consumption
MITRE EM3ED TID-101
n/a
Correlation between power consumption and key material in an unprotected cryptographic implementation leads to key extraction
MITRE EM3ED TID-101
n/a
Second order correlation between power consumption and key material in a first-order protected cryptographic implementation leads to key extraction
MITRE EM3ED TID-101
n/a
Nth order correlation between power consumption and key material in an (n-1)-order protected cryptographic implementation leads to key extraction
MITRE EM3ED TID-101
n/a
Misaligned traces can be aligned using alignment techniques
MITRE EM3ED TID-101
n/a
Electromagnetic Side-Channel
MITRE EM3ED TID-102
n/a
Key-dependent exponentiation leads to single-trace key extraction through measuring electromagnetic emanations
MITRE EM3ED TID-102
n/a
Key-dependent multiplication leads to key extraction through measuring electromagnetic emanations
MITRE EM3ED TID-102
n/a
Correlation between electromagnetic emanations and key material in an unprotected cryptographic implementation leads to key extraction
MITRE EM3ED TID-102
n/a
Second order correlation between electromagnetic emanations and key material in a first-order protected cryptographic implementation leads to key extraction
MITRE EM3ED TID-102
n/a
Nth order correlation between electromagnetic emanations and key material in an (n-1)-order protected cryptographic implementation leads to key extraction
MITRE EM3ED TID-102
n/a
Function mapping from EM
MITRE EM3ED TID-102
n/a
FA
MITRE EM3ED TID-105
n/a
Voltage Glitching causes fault leading to key extraction using differential fault analysis
MITRE EM3ED TID-105
n/a
Clock glitching causes fault leading to key extraction using differential fault analysis
MITRE EM3ED TID-105
n/a
Laser fault injection causes fault leading to key extraction using differential fault analysis
MITRE EM3ED TID-105
n/a
Electromagnetic fault injection causes fault leading to key extraction using differential fault analysis
MITRE EM3ED TID-105
n/a
SEM
MITRE EM3ED TID-102
n/a
Function mapping from photo-emission
MITRE EM3ED TID-102
n/a
FA
MITRE EM3ED TID-105
n/a
Voltage glitching leads to instruction skip
MITRE EM3ED TID-105
n/a
Clock glitching leads to instruction skip
MITRE EM3ED TID-105
n/a
Laser fault injection leads to instruction skip
MITRE EM3ED TID-105
n/a
Electromagnetic fault injection leads to instruction skip
MITRE EM3ED TID-105
n/a
Differential fault analysis
MITRE EM3ED TID-105
n/a
Enabling debug interface via fault injection
MITRE EM3ED TID-105
n/a
Bus transaction injection
MITRE EM3ED TID-105
n/a
FIB
MITRE EM3ED TID-105
n/a
FIB modification
MITRE EM3ED TID-105
n/a
FIB
MITRE EM3ED TID-105
n/a
Shield Bypass
MITRE EM3ED TID-105
n/a
Speculative Execution
MITRE EM3ED TID-103
n/a
The CPU can execute instructions transiently (being reverted before their results are committed to the architectural state), sometimes operating on secret operands they were not supposed to access. Traces of these executions can leak the secret values.
MITRE EM3ED TID-103
n/a
Transient execution that results from mispredicted conditional branches can cause persistent changes in the microarchitecture, which can be used to intentionally leak secrets from a victim process using a covert channel
MITRE EM3ED TID-103
5.6
Transient execution that results from mispredicted indirect branches can cause persistent changes in the microarchitecture, which can be used to intentionally leak secrets from a victim process using a covert channel
MITRE EM3ED TID-103
5.6
Transient execution that results from mispredicted return instructions can cause persistent changes in the microarchitecture, which can be used to intentionally leak secrets from a victim process using a covert channel
MITRE EM3ED TID-103
5.6
Transient execution that results from mispredicted store-to-load dependencies can cause persistent changes in the microarchitecture, which can be used to intentionally leak secrets from a victim process using a covert channel
MITRE EM3ED TID-103
5.6
Power Consumption Analysis Side Channel
MITRE EM3ED TID-101
n/a
Electromagnetic Analysis Side Channel
MITRE EM3ED TID-102
n/a
Microarchitectural Side Channels
MITRE EM3ED TID-103
n/a
Hardware Fault Injection – Control Flow Modification
MITRE EM3ED TID-105
n/a
FA
MITRE EM3ED TID-105
n/a
LCE Instruction flow modification (through micro-probing)
MITRE EM3ED TID-105
n/a
FIB
MITRE EM3ED TID-105
n/a
Prevent Flash Operation
MITRE EM3ED TID-105
n/a
ROM Extraction
MITRE EM3ED TID-108
n/a
ROM analytical dump with scrambled data (Retrieving ROM content from pictures)
MITRE EM3ED TID-108
n/a
UV erase of Protection bits
MITRE EM3ED TID-108
n/a
SEM
MITRE EM3ED TID-102
n/a
ROM optical dump (Retrieving ROM content from pictures)
MITRE EM3ED TID-102
n/a
FIB
MITRE EM3ED TID-105
n/a
Fuse modification
MITRE EM3ED TID-105
n/a
ROM Extraction
MITRE EM3ED TID-108
n/a
Fuse reading after their copy to a dedicated RAM
MITRE EM3ED TID-108
n/a
Fuse optical readout
MITRE EM3ED TID-108
n/a
Data Bus Interception
MITRE EM3ED TID-106
n/a
Unauthorized Direct Memory Access (DMA)
MITRE EM3ED TID-107
n/a
ROM/NVRAM Data Extraction or Modification
MITRE EM3ED TID-108
n/a
RAM Chip Contents Readout
MITRE EM3ED TID-109
n/a
Hardware Fault Injection – Data Manipulation
MITRE EM3ED TID-110
n/a
Unverified Peripheral Firmware Loaded
MITRE EM3ED TID-113
n/a
Peripheral Data Bus Interception
MITRE EM3ED TID-114
n/a
Untrusted External Storage
MITRE EM3ED TID-111
n/a
Weak Peripheral Port Electrical Damage Protection
MITRE EM3ED TID-118
n/a
FIB
MITRE EM3ED TID-105
n/a
JTAG reactivation
MITRE EM3ED TID-105
n/a
Privileged Access Port
MITRE EM3ED TID-116
n/a
Use test pads to gain privileges
MITRE EM3ED TID-116
n/a
Firmware/Data Extraction via Hardware Interface
MITRE EM3ED TID-115
n/a
Latent Privileged Access Port
MITRE EM3ED TID-116
n/a
Latent Hardware Debug Port Allows Memory/Code Manipulation
MITRE EM3ED TID-119
n/a
Inadequate Bootloader Protection and Verification
MITRE EM3ED TID-201
n/a
Excessive Access via Software Diagnostic Features
MITRE EM3ED TID-224
n/a
Exploitable System Network Stack Component
MITRE EM3ED TID-202
n/a
Operating System Susceptible to Rootkit
MITRE EM3ED TID-218
n/a
Device Vulnerabilities Unpatchable
MITRE EM3ED TID-210
n/a
Device Allows Unauthenticated Firmware Installation
MITRE EM3ED TID-211
n/a
Secrets Extracted from Device Root of Trust
MITRE EM3ED TID-214
n/a
Cryptographic Timing Side-Channel
MITRE EM3ED TID-330
n/a
FW/SW Update Integrity Shared Secrets Extraction
MITRE EM3ED TID-212
n/a
Faulty FW/SW Update Integrity Verification
MITRE EM3ED TID-213
n/a
Unencrypted SW/FW Updates
MITRE EM3ED TID-215
n/a
Firmware Update Rollbacks Allowed
MITRE EM3ED TID-216
n/a
Remotely Initiated Updates Can Cause DoS
MITRE EM3ED TID-217
n/a
Logs can be manipulated on the device
MITRE EM3ED TID-225
n/a
Device leaks security information in logs
MITRE EM3ED TID-226
n/a
Applications Binaries Modified
MITRE EM3ED TID-301
n/a
