Detailed attack pattern
Draft
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Last updated
High
Typical severity
Per MITRE
Low
Likelihood of attack
Per MITRE
1
Related weaknesses
CWEs this targets
Detailed
Abstraction
MITRE classification
Overview
CAPEC-485 (Signature Spoofing by Key Recreation) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- An authoritative signer is using a weak method of random number generation or weak signing software that causes key leakage or permits key inference.
- An authoritative signer is using a signature algorithm with a direct weakness or with poorly chosen parameters that enable the key to be recovered using signatures from that signer.
Skills required
- High skill: Cryptanalysis of signature generation algorithm
- High skill: Reverse engineering and cryptanalysis of signature generation algorithm implementation and random number generation
- High skill: Ability to create malformed data blobs and know how to present them directly or indirectly to a victim.
How to mitigate it
Defenses that reduce the risk of CAPEC-485.
- Ensure cryptographic elements have been sufficiently tested for weaknesses.