Company LOGO User Authentication Threat Modelling from User and Social Perspective “Defending the Weakest Link: Intrusion.

Slides:

Advertisements

Similar presentations

Intelligence Step 5 - Capacity Analysis Capacity Analysis Without capacity, the most innovative and brilliant interventions will not be implemented, wont.

Advertisements

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.

A responsibility based model EDG CA Managers Meeting June 13, 2003.

Recommendations on the future of online GyroScope & Databse implementation.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Attacking Session Management Juliette Lessing

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

The Study of Security and Privacy in Mobile Applications Name: Liang Wei

1 Security Risk Analysis of Computer Networks: Techniques and Challenges Anoop Singhal Computer Security Division National Institute of Standards and Technology.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Term 2, 2011 Week 3. CONTENTS The physical design of a network Network diagrams People who develop and support networks Developing a network Supporting.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.

“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

What is Social Engineering. Pretexting Pretexting is the act of creating and using an invented scenario called the Pretext to persuade a target to release.

Robust Defenses for Cross-Site Request Forgery CS6V Presented by Saravana M Subramanian.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

CS CS 5150 Software Engineering Lecture 18 Security.

Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Topic 5: Basic Security.

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

Kerberos Guilin Wang School of Computer Science 03 Dec

Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Fall 2006CS 395: Computer Security1 Key Management.

Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.

1 On 3GPP2 Femto Security Anand Palanigounder Qualcomm Inc. Notice: Contributors grant a free, irrevocable license to 3GPP2 and its Organization.

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.

Chapter 4 Access Control. Access Control Principles RFC 4949 defines computer security as: “Measures that implement and assure security services in a.

SAP NetWeaver Business Intelligence SAP Netweaver Business Warehouse (SAP NetWeaver BW) the name of the Business Intelligence,

DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c

CSCE 548 Student Presentation By Manasa Suthram

Manuel Brugnoli, Elisa Heymann UAB

Identity Management (IdM)

Cryptography and Network Security

Cyber Security Awareness Workshop

Unit 1.6 Systems security Lesson 2

Computer Security Distributed System Security

Information Protection

Cybersecurity and Cyberhygiene

Spear Phishing Awareness

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Information Protection

Presentation transcript:

Company LOGO User Authentication Threat Modelling from User and Social Perspective “Defending the Weakest Link: Intrusion via Social Engineering” EPSRC Grant EP/D051819/1 All Hands Meeting Edinburgh 2008 Xun Dong （）, John A. Clark and Jeremy L. Jacob University of York

Company LOGO Motivation: Attacking Trend Shift Grid users may become the focus of attack: –The technical barrier to hack the systems has been increased significantly; protection for users is less well developed. –Valuable information such as authentication credentials sought by attackers are possessed by users as well. –Many system designs do not help the general user to achieve security goals. Existing threat modelling techniques do not deal with users (though general purpose e.g. Microsoft’s TM, and various domain specific threat modelling techniques and models have been developed) The complexity of identifying user side vulnerabilities is significant, however, there is no method designers can rely on.

Company LOGO Simple Attack Taxonomy Passive attacks: They do not require active victim involvement, often achieving their goal by analysing information available to attackers (e.g. that from public databases or websites, or even rubbish bin contents). Many are launched by insiders or people who have close relationships with the victims. Active attacks: They exploit the user’s difficulty in authenticating External Entities (EEs), requesting the user’s authentication credentials whilst posing as trustworthy parties. Typical examples are phishing and pharming attacks.

Company LOGO Overview Threat Modelling Passive Attacks Identify AC Properties Check the Exposure Level Identify the Dependency Relationships Active Attacks Identify the Lifecycle of AC Identify the Impersonating Targets Entry Points Analysis

Company LOGO Dependency Relationships The authentication systems may be designed and implemented independently, but the choices of the user authentication credentials may connect different systems into complex and unpredictable networks. Examples: Access to an secondary account is used to recover/reset the password. Institutional photo ID such as student card is accepted as authentication credentials to prove one’s identity.

Company LOGO Dependency Relationships Compromise of the security of the current authentication system: –The security of the current system is equal to the security of the weakest system reachable in the graph. –Obtaining authentication credentials to the weakest system propagates access back up the chain.

Company LOGO Dependency Relationships Identify its existence by the properties of user authentication credentials: –users have access to; –assigned by third parties; Represent them in graph: –Three Components in the graph Node : represents a system Directed Edges: an edge from Node ‘A’ to Node ‘B’ means Node ‘A’ depends on Node ‘B’. Special symbol ‘R’ : Represent random systems, and edge towards R from Node ‘A’ means the system which A is depends on is unpredictable. –The start node of the graph is the system being designed.

Company LOGO Impersonating Targets May be wider than the system being considered: the entities that the user has shared authentication credentials with; the entities that are entitled to request users’ authentication credentials or initiate user-to-EE authentication; and the entities that exist in the authentication dependency graph.

Company LOGO Lifecycle of Authentication Credentials

Company LOGO Attack Entry Points Active attacks can only obtain user’s authentication credentials when they are exchanged. By using the lifecycle analysts can identify in which states and in which transitions this occurs: 1.Synchronisation State; 2.Operation State; 3.State transition from operation to assignment; 4.State transition from operation to synchronisation; 5.State transition from suspension to assignment; 6.State transition from suspension to operation.

Company LOGO Entry Points Analysis Reliability and Sufficiency of Authentication Information: The successful EE-to-user authentication users must have reliable and sufficient authentication credentials. Knowledge: Users need both technical and contextual knowledge to decide whether to release the credentials requested by an external entity. Assumptions: The security of EE-to-user authentication depends on the strength of the assumption on users can perform certain required actions correctly and consistently.

Company LOGO Communication Channels (CC) Active attacks need to engage user victims on a communication channel, and the trust, expectation and perception constructed in communications could reduce users’ ability to authenticate the EE in the following authentication session. Analysts should identify and analyse the vulnerabilities within the CC with the same method as used in analysis for the attack entry points.

Company LOGO Conclusion User–side threat modelling is as important as system–side threat modelling, but it is much less well studied. Our method is an initial effort towards developing a threat modelling method that can be used by system designers with moderate security knowledge. Your suggestions are appreciated. An extended version will be delivered at ICICS 2008: Birmingham October 2008

Company LOGO Questions & Answers If you have a system that would like us to study, we are very happy to hear from you! Defending the Weakest Link Intrusion via Social Engineering EPSRC Grant EP/D051819/1