threat

Investigating Privacy Threats in Smart Homes

/ bugejajoseph / Leave a comment

On Tuesday, I gave a presentation at PerCom 2020. This was the first time, the conference was held completely online (due to the global pandemic of COVID-19), and speakers were asked to deliver their presentations remotely over Zoom.

In my case, I gave two live presentations in the Work In Progress (WiP) session being chaired by Diane Cook.  During this time, I discussed how smart connected homes can be formally modeled so that privacy threats can be systematically identified and analyzed.  Take a look at my short teaser clip below.

In case you are interested in the accompanying poster for my presentation, you can access it either from my Presentations menu tab or otherwise by clicking here.  Also, I have uploaded the slides for the video which you can access here.

As always, please feel free to contact me in case you want to know more about this paper, and about security and privacy in general. Finally, I want to remind and encourage you to submit to PerCom or its workshops. You can get some high-quality feedback on your work that can help you improve it and more.

Using STRIDE to Uncover Threats in an Information System

/ bugejajoseph / Leave a comment

As part of my threat modelling lecture, on 4th February, I covered the basics of STRIDE. STRIDE is a mnemonic – Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege. Microsoft’s STRIDE is a well-known and mature technique used by security professionals to elicit information security threats of real-world systems.

STRIDE

STRIDE is a model for identifying computer security threats.

The properties of STRIDE are as follows:

  • Spoofing Identity: Spoofing threats allow an attacker to pose as some other process or somebody else. Example, a user can pretend to be Steve Jobs, or a server can pretend to be Amazon.com, or even code posing as msvcrt.dll. This is a threat to authentication.
  • Tampering: Tampering threats involve unauthorised modification of data or code. The resource being manipulated could be both in storage or being transmitted. This is a threat to integrity.
  • Repudiation: An attacker makes a repudiation threat by denying to have performed an action that other parties can neither confirm nor contradict. Example, a user may claim that he has not received the goods that he purchased while in fact he did receive them. Naturally, this violates the repudiation property of a system.
  • Information Disclosure: Information disclosure threats involve the exposure of information, typically of a sensitive or personal nature, to individuals who are not supposed to have access to it. Examples of this threat type include a user’s ability to read a file, e.g., payroll information sent to HR, that he was not granted read access to. This is a threat to confidentiality.
  • Denial of Service: Denial-of-service (DoS) attacks deny or degrade service to valid users. Typically, this makes a Web server or a device (e.g., battery-operated device) temporarily unavailable or unusable, but it can also be of a permanent nature (e.g., if attacking an ICS or SCADA system). This is a threat to availability.
  • Elevation of Privilege: Elevation-of-privilege (EoP) threats often occur when a user gains increased capability. For instance, a non-privileged user  taking advantage of a coding flaw to gain administrator or root capabilities. This threat type violates the authorisation goal of a system.

STRIDE provides a very effective way for identifying threats but before it can be used effectively one needs to be familiar with system modelling techniques. This is needed to provide a working model of the system being analysed. Here, Data Flow Diagrams (DFDs) come to the rescue. DFDs provide a visual notation of a system enabling an analyst to depict processes, storage, data flows, external entities, and as well trust boundaries. Once you get the system model right, it is relatively easy to identify threats with STRIDE.

Feel free to contact me for more insights on this or related topics.

Information Assets: An Essential Ingredient of Threat Modelling

/ bugejajoseph

Threat models are a way of looking at risks in order to identify the most likely threats to your organisation’s security. The first step in the threat modelling process is concerned with gaining an understanding of the application and how it interacts with external entities. This involves creating use-cases to understand how the application is used, identifying entry points to see where a potential attacker could interact with the application, identifying assets, and more. In this post, we focus on identifying information assets.

Assets are essentially threat targets, i.e. they are the reason threats will exist. Assets can be both physical assets and abstract assets. For example, an asset of an application might be a list of clients and their personal information; this is a physical asset. An abstract asset might be the reputation of an organisation. Hereunder, we identify some key informational assets that your organisation or information system might have or process:

  • Credit card data: yours, or (if you sell stuff) a customer’s.
  • Banking data: account numbers, routing numbers, e-banking usernames and passwords.
  • Personally identifying information: Social Security number, date of birth, income data, W-2s, passport numbers, drivers’ license or national ID numbers.
  • Intellectual property: like source code or software documentation.
  • Sensitive personal or business information and communications: e-mails and texts that could be used to embarrass, blackmail, or imprison you.
  • Politically sensitive information or activities that could get you in trouble with your employer, the government, law enforcement, or other interested parties.
  • Travel plans that could be used to target you or others for fraud or other forms of attack.
  • Other business or personal data that are financially or emotionally essential (family digital photos, for example).
  • Your identity itself, if you are trying to stay anonymous online for your protection.

When it comes to protecting the assets pieces of information that could be used to expose your assets are just as essential. Personal biographical and background data might be used for social engineering against you, your friends, or a service provider. Keys, passwords, and PIN codes should also be considered as valuable as the things that they provide access to.

Other operational information about your activities that could be exploited should also be considered, including the name of your bank or other financial services provider. For instance, a spear-phishing attack on the Pentagon used a fake e-mail from USAA, a bank and insurance company that serves many members of the military and their families.