User Authentication Threat Modelling from User and Social Perspective - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

User Authentication Threat Modelling from User and Social Perspective

Description:

Grid users may become the focus of attack: ... TM, and various domain specific threat modelling techniques and models have been ... Node : represents a system ... – PowerPoint PPT presentation

Number of Views:109
Avg rating:3.0/5.0
Slides: 15
Provided by: xund7
Category:

less

Transcript and Presenter's Notes

Title: User Authentication Threat Modelling from User and Social Perspective


1
User Authentication Threat Modelling from User
and Social PerspectiveDefending the Weakest
Link Intrusion via Social Engineering EPSRC
Grant EP/D051819/1All Hands Meeting Edinburgh
2008
  • Xun Dong(xundong_at_cs.york.ac.uk), John A. Clark
    and Jeremy L. Jacob
  • University of York

2
Motivation Attacking Trend Shift
  • Grid users may become the focus of attack
  • The technical barrier to hack the systems has
    been increased significantly protection for
    users is less well developed.
  • Valuable information such as authentication
    credentials sought by attackers are possessed by
    users as well.
  • Many system designs do not help the general user
    to achieve security goals.
  • Existing threat modelling techniques do not deal
    with users (though general purpose e.g.
    Microsofts TM, and various domain specific
    threat modelling techniques and models have been
    developed)
  • The complexity of identifying user side
    vulnerabilities is significant, however, there is
    no method designers can rely on.

3
Simple Attack Taxonomy
  • Passive attacks
  • They do not require active victim involvement,
    often
  • achieving their goal by analysing information
    available to
  • attackers (e.g. that from public databases or
    websites, or
  • even rubbish bin contents). Many are launched by
  • insiders or people who have close relationships
    with the
  • victims.
  • Active attacks
  • They exploit the users difficulty in
    authenticating External Entities (EEs),
    requesting the users authentication credentials
    whilst posing as trustworthy parties. Typical
    examples are phishing and pharming attacks.

4
Overview
5
Dependency Relationships
  • The authentication systems may be designed and
    implemented independently, but the choices of the
    user authentication credentials may connect
    different systems into complex and unpredictable
    networks.
  • Examples Access to an secondary email account is
    used to recover/reset the password.
  • Institutional photo ID such as student card
    is accepted as authentication credentials to
    prove ones identity.

6
Dependency Relationships
  • Compromise of the security of the current
  • authentication system
  • The security of the current system is equal to
    the security of the weakest system reachable in
    the graph.
  • Obtaining authentication credentials to the
    weakest system propagates access back up the
    chain.

7
Dependency Relationships
  • Identify its existence by the properties of user
    authentication
  • credentials
  • users have access to
  • assigned by third parties
  • Represent them in graph
  • Three Components in the graph
  • Node represents a system
  • Directed Edges an edge from Node A to Node B
    means Node A depends on Node B.
  • Special symbol R Represent random systems,
    and edge towards R from Node A means the system
    which A is depends on is unpredictable.
  • The start node of the graph is the system being
    designed.

8
Impersonating Targets
  • May be wider than the system being considered
  • the entities that the user has shared
    authentication credentials with
  • the entities that are entitled to request users
    authentication credentials or initiate user-to-EE
    authentication
  • and the entities that exist in the authentication
    dependency graph.

9
Lifecycle of Authentication Credentials
10
Attack Entry Points
  • Active attacks can only obtain users
    authentication
  • credentials when they are exchanged. By using the
    lifecycle
  • analysts can identify in which states and in
    which transitions
  • this occurs
  • Synchronisation State
  • Operation State
  • State transition from operation to assignment
  • State transition from operation to
    synchronisation
  • State transition from suspension to assignment
  • State transition from suspension to operation.

11
Entry Points Analysis
  • Reliability and Sufficiency of Authentication
    Information The successful EE-to-user
    authentication users must have reliable and
    sufficient authentication credentials.
  • Knowledge Users need both technical and
    contextual knowledge to decide whether to release
    the credentials requested by an external entity.
  • Assumptions The security of EE-to-user
    authentication depends on the strength of the
    assumption on users can perform certain required
    actions correctly and consistently.

12
Communication Channels (CC)
  • Active attacks need to engage user victims on a
  • communication channel, and the trust,
    expectation
  • and perception constructed in communications
  • could reduce users ability to authenticate the
    EE
  • in the following authentication session.
  • Analysts should identify and analyse the
  • vulnerabilities within the CC with the same
    method
  • as used in analysis for the attack entry points.

13
Conclusion
  • Userside threat modelling is as important as
    systemside threat modelling, but it is much less
    well studied.
  • Our method is an initial effort towards
    developing a threat modelling method that can be
    used by system designers with moderate security
    knowledge.
  • Your suggestions are appreciated.

An extended version will be delivered at ICICS
2008 Birmingham 20-22 October 2008
14
  • Questions Answers
  • If you have a system that would like us to study,
    we are very happy to hear from you!

Defending the Weakest LinkIntrusion via Social
Engineering EPSRC Grant EP/D051819/1
Write a Comment
User Comments (0)
About PowerShow.com