What must be protected
Security cannot be limited to a certain target or asset. It is difficult to protect data if the code binary is exposed.
Both the attacks and the protection mechanisms often do not make difference. However it is still useful to
summarize the assets and risks.
The table below presents a non-exhaustive list of assets targeted by attackers.
Table 3. Assets to be protected
Target Assets Risks
Data
Sensor data (such as healthcare data or log of positions)
User data (such as ID, PIN, password or accounts)
Transactions logs
Cryptographic keys
Unauthorized sale of personal data
Usurpation
Spying
Blackmail
Control of device (bootloader,
malicious application)
Device correct functionality
Device/user identity
Denial of service
Attacks on service providers
Fraudulent access to service (cloud)
User code
Device hardware architecture/design
Software patent/architecture
Technology patents
Device counterfeit
Software counterfeit
Software modification
Access to secure areas
Vulnerability, threat, and attack
Protection mechanisms have to deal with different threats. The objective is to remove vulnerabilities that could be
exploited in an attack. An overview of main attack types are presented in Section 3 Attack types, from the basic
ones to the most advanced ones.
The following specific wording is used around security:
• asset: what needs to be protected
• threat: what the device/user need to be protected against
• vulnerability: weakness or gap in a protection mechanism
In summary, an attack is the realization of a threat that exploits a system vulnerability in order to access an asset.
AN5156
Security purpose
AN5156 - Rev 8
page 6/56
To Next Page
Loading...
Need help?
General
