FIDO Device MITRE EMB3D and ADF Mapping

Device includes a microprocessor (MITRE EM3ED PID-11)

Cryptographic Algorithm Implementation

• Keys: Cryptographic Algorithm Implementation | Cryptographic Algorithm Implementation | Cryptographic Operation
• Description: Cryptographic algorithm implementation emits exploitable information to the side-channel

• Attack Vectors and Threats:

  • Electromagnetic Side-Channel (MITRE EM3ED TID-102)

    • Electromagnetic Side Channel Attack on Secure Element

  • Timing Side-Channel (MITRE EM3ED TID-330)

    • Timing Attack on Key Handles

    • ECC Key Extraction via Timing Attack

  • Unverified Certificate Authentication Bypass (MITRE EM3ED TID-316)

    • Authentication Bypass Exploiting BLE Misconfiguration

Controller Implementation

• Keys: Controller Implementation | Controller Implementation | CPU Implementation | CPU | MCU | Microprocessor | SoC | Microcontroller | Secure Element
• Description: Controller/CPU Implementation missbehaviour can disclose sensitive data

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Master Key Extraction via Fault Injection Attack

    • EMFI Attack against USB STACK

  • Firmware Execution

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Firmware Manipulation via Debug Interface due to I2C Protocol Vulnerability

  • Power Consumption Analysis Side Channel (MITRE EM3ED TID-101)

  • Electromagnetic Analysis Side Channel (MITRE EM3ED TID-102)

  • Microarchitectural Side Channels (MITRE EM3ED TID-103)

  • Hardware Fault Injection – Control Flow Modification (MITRE EM3ED TID-105)

Device includes a hardware access port (e.g., UART, JTAG) (MITRE EM3ED PID-15)

Debug Interface

• Keys: Debug Interface
• Description: Debug Interface provides acces to internal units

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Master Key Extraction via Fault Injection Attack

  • Timing Side-Channel (MITRE EM3ED TID-330)

    • ECC Key Extraction via Timing Attack

  • Firmware Execution

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Firmware Manipulation via Debug Interface due to I2C Protocol Vulnerability

  • Firmware/Data Extraction via Hardware Interface (MITRE EM3ED TID-115)

  • Latent Privileged Access Port (MITRE EM3ED TID-116)

  • Latent Hardware Debug Port Allows Memory/Code Manipulation (MITRE EM3ED TID-119)

ADF-Only Surfaces (No MITRE EM3ED PID)

FW

• Keys: FW | Firmware
• Description: Firmware missbehaviour

• Attack Vectors and Threats:

  • Firmware Execution

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

    • Firmware Downgrade Attack

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Firmware Manipulation via Debug Interface due to I2C Protocol Vulnerability

SoloKey

• Keys: SoloKey | SoloKey
• Description: Solo

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Master Key Extraction via Fault Injection Attack

    • EMFI Attack against USB STACK

  • Timing Side-Channel (MITRE EM3ED TID-330)

    • ECC Key Extraction via Timing Attack

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Downgrade Attack

USB Stack

• Keys: USB Stack | USB
• Description: USB Stack

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • EMFI Attack against USB STACK

Device includes peripheral chips and integrated data buses (MITRE EM3ED PID-13)

Bus Interface

• Keys: Bus Interface
• Description: Bus interface

• Attack Vectors and Threats:

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Firmware Manipulation via Debug Interface due to I2C Protocol Vulnerability

  • Unverified Peripheral Firmware Loaded (MITRE EM3ED TID-113)

  • Peripheral Data Bus Interception (MITRE EM3ED TID-114)

Device includes Memory/Storage (external to CPU) (MITRE EM3ED PID-12)

Memory

• Keys: Memory | Non-Volatile Memory
• Description: Device includes memory/storage external to CPU

• Attack Vectors and Threats:

  • Firmware Execution

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

private key

• Keys: private key | Private Key | Key Handle
• Description: private key

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Master Key Extraction via Fault Injection Attack

  • Timing Side-Channel (MITRE EM3ED TID-330)

    • Timing Attack on Key Handles

    • ECC Key Extraction via Timing Attack

Device includes interactive applications, services, or user interfaces (MITRE EM3ED PID-33)

Interactive Device

• Keys: Interactive Device | Interactivity
• Description: Device includes interactive applications, services, or user interfaces

• Attack Vectors and Threats:

  • Weak Cryptographic Protocol (MITRE EM3ED TID-411)

    • OpenSSH Trivial Authentication Attack

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Authentication Bypass by Incorrect Access Control in WebAuthN

  • Unverified Certificate Authentication Bypass (MITRE EM3ED TID-316)

    • Authentication Bypass Exploiting BLE Misconfiguration

EM3ED-only: Device includes unauthenticated services (MITRE EM3ED PID-331)

• Attack Vectors and Threats:

  • Remotely Accessible Unauthenticated Services (MITRE EM3ED TID-310)

Device includes authenticated services (MITRE EM3ED PID-332)

Authenticated Services

• Keys: Authenticated Services | Authenticated | Authentication | Auth Metadata
• Description: Device includes authenticated services

• Attack Vectors and Threats:

  • Timing Side-Channel (MITRE EM3ED TID-330)

    • Timing Attack on Key Handles

  • Weak Cryptographic Protocol (MITRE EM3ED TID-411)

    • OpenSSH Trivial Authentication Attack

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Authentication Bypass by Incorrect Access Control in WebAuthN

  • Unverified Certificate Authentication Bypass (MITRE EM3ED TID-316)

    • Authentication Bypass Exploiting BLE Misconfiguration

  • Default Credentials (MITRE EM3ED TID-311)

  • Credential Change Mechanism Can Be Abused (MITRE EM3ED TID-312)

  • Unauthenticated Session Changes Credential (MITRE EM3ED TID-313)

  • Hardcoded Credentials (MITRE EM3ED TID-328)

Device includes cryptographic mechanism to authenticate users and sessions (MITRE EM3ED PID-3322)

Authenticated Sessions

• Keys: Authenticated Sessions | Secure Session
• Description: Device includes cryptographic mechanism to authenticate users and sessions

• Attack Vectors and Threats:

  • Weak Cryptographic Protocol (MITRE EM3ED TID-411)

    • OpenSSH Trivial Authentication Attack

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Authentication Bypass by Incorrect Access Control in WebAuthN

    • Firmware Manipulation via Debug Interface due to I2C Protocol Vulnerability

  • Unverified Certificate Authentication Bypass (MITRE EM3ED TID-316)

    • Authentication Bypass Exploiting BLE Misconfiguration

  • Incorrect Certificate Verification Allows Authentication Bypass (MITRE EM3ED TID-316)

  • Predictable Cryptographic Key (MITRE EM3ED TID-317)

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

  • Cryptographic Timing Side-Channel (MITRE EM3ED TID-330)

  • Weak/Insecure Cryptographic Protocol (MITRE EM3ED TID-411)

Device includes cryptographic functions for sensitive data, such as encryption or authentication (MITRE EM3ED PID-4113)

Crypto-secured Communication

• Keys: Crypto-secured Communication | Network Cryptography | Secure Channel
• Description: Device includes cryptographic functions for sensitive data, such as encryption or authentication

• Attack Vectors and Threats:

  • Weak Cryptographic Protocol (MITRE EM3ED TID-411)

    • MiTM between Client and Authenticator

    • MiTM between RP and Client

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Authentication Bypass by Incorrect Access Control in WebAuthN

    • Possible Exploitable Crash by Register Stack-Buffer Overflow in WebAuthN

  • Authentication Bypass By Message Replay (MITRE EM3ED TID-221)

  • Incorrect Certificate Verification Allows Authentication Bypass (MITRE EM3ED TID-316)

  • Predictable Cryptographic Key (MITRE EM3ED TID-317)

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

  • Cryptographic Protocol Side Channel (MITRE EM3ED TID-410)

  • Weak/Insecure Cryptographic Protocol (MITRE EM3ED TID-411)

Device includes support for firmware/software updates (MITRE EM3ED PID-27)

FW-SW Upgrade

• Keys: FW-SW Upgrade | FW Upgrade
• Description: Device includes support for firmware/software updates

• Attack Vectors and Threats:

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Downgrade Attack

ADF-Only Surfaces (No MITRE EM3ED PID)

FW

• Keys: FW | Firmware
• Description: Firmware missbehaviour

• Attack Vectors and Threats:

  • Firmware Execution

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

    • Firmware Downgrade Attack

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Firmware Manipulation via Debug Interface due to I2C Protocol Vulnerability

SoloKey

• Keys: SoloKey | SoloKey
• Description: Solo

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Master Key Extraction via Fault Injection Attack

    • EMFI Attack against USB STACK

  • Timing Side-Channel (MITRE EM3ED TID-330)

    • ECC Key Extraction via Timing Attack

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Downgrade Attack

USB Stack

• Keys: USB Stack | USB
• Description: USB Stack

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • EMFI Attack against USB STACK

ADF-Only Surfaces (No MITRE EM3ED PID)

FW

• Keys: FW | Firmware
• Description: Firmware missbehaviour

• Attack Vectors and Threats:

  • Firmware Execution

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Manipulation via Debug Interface due to Flash Memory Read-Out Protection Vulnerabilities

    • Firmware Downgrade Attack

  • Insecure Cryptographic Implementation (MITRE EM3ED TID-318)

    • Firmware Manipulation via Debug Interface due to I2C Protocol Vulnerability

SoloKey

• Keys: SoloKey | SoloKey
• Description: Solo

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • Master Key Extraction via Fault Injection Attack

    • EMFI Attack against USB STACK

  • Timing Side-Channel (MITRE EM3ED TID-330)

    • ECC Key Extraction via Timing Attack

  • Firmware Rollback (MITRE EM3ED TID-216)

    • Firmware Downgrade Attack

USB Stack

• Keys: USB Stack | USB
• Description: USB Stack

• Attack Vectors and Threats:

  • FA (MITRE EM3ED TID-105)

    • EMFI Attack against USB STACK