IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.81 Unauthorised use of a cryptomodule
If a third person succeeds in using a cryptomodule without authorisation, this
can lead to various types of damage. Examples of such damage include:
- While using the cryptomodule without authorisation, a perpetrator may
manage to read secret codes, alter the codes or even manipulate vital
security parameters. This would mean that the cryptographic process no
longer offers sufficient security.
- While using the cryptomodule without authorisation, the perpetrator may
manipulate the cryptomodule in such a way that it appears to be working
correctly at first sight but is actually in an insecure state.
- The perpetrator may use the cryptomodule in the form of a masquerade. If
the perpetrator signs or encodes data while using the cryptomodule without
authorisation, this is interpreted by the recipient of the data as if it had been
done by the authorised user.
Example:
It is possible to use a cryptomodule without authorisation if users briefly leave
their workplace while the cryptomodule is able to operate and not protected
against unauthorised access. This is the case, for instance, if a signature chip
card or encoding chip card is left in the computer. In this way, anyone who
happens to go by can sign E-mails in the name of the usual user or encode
files stored in the IT system in such a way that the user can no longer use
them.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000