@@ -338,7 +338,7 @@ Figure 4.3 gives a high-level overview of a generic and illustrative PKI archite
**Figure 4.3-1: PKI diagram**
## 4.4 Operationnal Environment
## 4.4 Operational Environment
The enterprise should have a production system for issuing certificates and should have a separate test system for checking configuration changes and software updates before they are deployed.
@@ -1023,13 +1023,13 @@ The considered threats for the C-ITS PKI are illustrated in the following figure
| T.RegistrationTampering | A Remote attacker may exploit interactions between the manufacturer and the EA in order to modify or deny an ITS-S registration. | Canonical ID Canonical Public Key ITS-S Profile |
| Local attacker and Rogue Users |
| T.PrivateKeys | A Local attacker or Rogue user disclose or tamper to the PKI secrets i.e. Data encryption key or CA private keys. | Data encryption key CA private keys |
| T.Logs_Tampering | A Local attacker or Rogue user tries to modify the TOE’s Log File in order to hide its activities. | PKI Data |
| T.Logs_Discolsure | A Local attacker or Rogue user tries to gain access to the TOE’s Log File in order to gain sensitive information on the TOE’s security status and functions as well as other C-ITS stations. | PKI Data |
| T.Configuration_Tampering | A Local attacker or Rogue user tries to modify the TOE’s Certificate Policy configuration data and therefore compromise the integrity of the TOE’s applications or communication security. | Certificate Policy configuration data |
| T.Stored_Certificates_Tampering | A Local attacker or Rogue user tries to modify stored CA Certificates Enrolment Credential (EC) Authorization Ticket (AT) TLM certificate content and therefore compromise the confidentiality or integrity of the TOE’s communications. | CA Certificates Enrolment Credential (EC) Authorization Ticket (AT) TLM certificate |
| T.Logs_Tampering | A Local attacker or Rogue user tries to modify the PKI’s Log File in order to hide its activities. | PKI Data |
| T.Logs_Discolsure | A Local attacker or Rogue user tries to gain access to the PKI’s Log File in order to gain sensitive information on the PKI’s security status and functions as well as other C-ITS stations. | PKI Data |
| T.Configuration_Tampering | A Local attacker or Rogue user tries to modify the PKI’s Certificate Policy configuration data and therefore compromise the integrity of the PKI’s applications or communication security. | Certificate Policy configuration data |
| T.Stored_Certificates_Tampering | A Local attacker or Rogue user tries to modify stored CA Certificates Enrolment Credential (EC) Authorization Ticket (AT) TLM certificate content and therefore compromise the confidentiality or integrity of the PKI’s communications. | CA Certificates Enrolment Credential (EC) Authorization Ticket (AT) TLM certificate |
| All attackers |
| T.Adminstrators_Impersonation | An attacker (Remote attacker Local attacker or Rogue user) may gain access to PKI information by impersonating an authorized user or via privilege escalation of the PKI and thus disclose or manipulate PKI assets. | Canonical Public Key CA Certificates Enrolment Credential (EC) Authorization Ticket (AT) TLM certificate Canonical ID Tag HMAC key Certificate Policy configuration CRL CTL ITS-S Profile ECTL. |
| T.Software_Tampering | A Local or Remote attacker tries to modify the TOE’s software and therefore compromise the integrity of the TOE’s applications. | Software |
| T.Software_Tampering | A Local or Remote attacker tries to modify the PKI’s software and therefore compromise the integrity of the PKI’s applications. | Software |
