TR-S-2 — BGP hijacking routes ETSI TSL traffic to attacker
Component: Trust Evaluation. Mitigations: SafeHTTPClient enforces TLS 1.2+ with hardened cipher suites; X.509 chain validation. Action: Consider certificate pinning for known TSL endpoints
| Property | Value |
|---|---|
| Section | Spoofing |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-TRANS-01 | TLS 1.2+ Minimum with Configurable Version |
| SID-CRYPTO-03 | AES-256-GCM Encrypted Keystore |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md