Spelling suggestions: "subject:"threat modelling"" "subject:"athreat modelling""
1 |
Analysis of low-level implementations of cryptographic protocolsGkaniatsou, Andriana Evgenia January 2018 (has links)
This thesis examines the vulnerabilities due to low-level implementation deficiencies of otherwise secure communication protocols in smart-cards. Smart-cards are considered to be one of the most secure, tamper-resistant, and trusted devices for implementing confidential operations, such as authentication, key management, encryption and decryption for financial, communication, security and data management purposes. The self-containment of smart-cards makes them resistant to attacks as they do not depend on potentially vulnerable external resources. As such, smart-cards are often incorporated in formally-verified protocols that require strong security of the cryptographic computations. Such a setting consists of a smart-card which is responsible for the execution of sensitive operations, and an Application Programming Interface (API) which implements a particular protocol. For the smart-card to execute any kind of operation there exists a confidential low-level communication with the API, responsible for carrying out the protocol specifications and requests. This communication is kept secret on purpose by some vendors, under the assumption that hiding implementation details enhances the system’s security. The work presented in this thesis analyses such low-level protocol implementations in smart-cards, especially those whose implementation details are deliberately kept secret. In particular, the thesis consists of a thorough analysis of the implementation of PKCS#11 and Bitcoin smart-cards with respect to the low-level communication layer. Our hypothesis is that by focusing on reverse-engineering the low-level implementation of the communication protocols in a disciplined and generic way, one can discover new vulnerabilities and open new attack vectors that are not possible when looking at the highest levels of implementation, thereby compromising the security guarantees of the smart-cards. We present REPROVE, a system that automatically reverse-engineers the low-level communication of PKCS#11 smart-cards, deduces the card’s functionalities and translates PKCS#11 cryptographic functions into communication steps. REPROVE deals with both standard-conforming and proprietary implementations, and does not require access to the card. We use REPROVE to reverse-engineer seven commercially available smart-cards. Moreover, we conduct a security analysis of the obtained models and expose a set of vulnerabilities which would have otherwise been unknown. To the best of our knowledge, REPROVE is the first system to address proprietary implementations and the only system that maps cryptographic functions to communication steps and on-card operations. To that end, we showcase REPROVE’s usefulness to a security ecosystem by integrating it with an existing tool to extract meaningful state-machines of the card’s implementations. To conduct a security analysis of the results we obtained, we define a threat model that addresses low-level PKCS#11 implementations. Our analysis indicates a series of implementation errors that leave the cards vulnerable to attacks. To that end, we showcase how the discovered vulnerabilities can be exploited by presenting practical attacks. The results we obtained from the PKCS#11 smart-card analysis showed that proprietary implementations commonly hide erroneous behaviours. To test the assumption that the same practice is also adopted by other protocols, we further examine the low-level implementation of the only available smart-card based Bitcoin wallets, LEDGER. We extract the different protocols that the LEDGER wallets implement and conduct a through analysis. Our results indicate a set of vulnerabilities that expose the wallets as well as the processed transactions to multiple threats. To that end, we present how we successfully mounted attacks on the LEDGER wallets that lead to the loss of the wallet’s ownership and consequently loss of the funds. We address the lack of well-defined security properties that Bitcoin wallets should conform to by introducing a general threat model. We further use that threat model to propose a lightweight fix that can be adopted by other, not necessarily smart-card-based, wallets.
|
2 |
Bezpečnost při vývoji softwaru / Security during the application developmentLapáček, Vladimír January 2010 (has links)
The topic of the thesis is issue of security during the application development. The main emphasis is being placed on web applications. The goal is to define a framework for managing the life cycle of applications to meet the security minimum. The objectives of the work are achieved by study of available resources and their subsequent analysis. The target audiences are software developers interested in learning more about how to create secure applications. The work describes the areas that are crucial for security of applications. Work contains security standards which we can use for defining security requirements of applications. Furthermore, there are mentioned the most serious security vulnerabilities and ways how to avoid them. It describes issue of security testing as an important tool for verifying security. The main part of work is the chapter dealing with the way how to include the issue of security throughout the application life cycle.
|
3 |
Threat modelling of historical attacks with CySeMoL / Hotmodellering av historiska attacker med CySeMoLSvensson, Carl January 2015 (has links)
This report investigates the modelling power of the Cyber Security Modelling Language, CySeMoL by looking at three documented cyber attacks and attempting to model the respective systems in which they occurred. By doing this, strengths and weaknesses of the model are investigated and proposals for improvements to the CySeMoL model are explored. / Denna rapport undersöker modellingsförmågan hos Cyber Security Modelling Language, CySeMoL genom att titta på tre dokumenterade IT-angrepp och försöka modellera systemen som respektive attack skedde i. Genom att göra detta undersöks styrkor och svagheter i modellen och förslag på förbättringar till modellen utforskas.
|
4 |
Containment Strategy Formalism in a Probabilistic Threat Modelling Framework / Formalisering av inneslutningstrategier i ett ramverk för probabilistisk hotmodelleringFahlander, Per January 2021 (has links)
Background - Foreseeing, mitigating and preventing cyber-attacks is more important than ever before. Advances in the field of probabilistic threat modelling can help organisations understand their own resilience profile against cyber-attacks. Previous research has proposed MAL, a meta language for capturing the attack logic of a considered domain and running attack simulations in a depicted model of the defender’s system. While this modality is already somewhat established, less is known about how to proactively model containment protocols for when an incident already has occurred. Purpose - By proposing a formalism for how to describe and reason about containment in a MAL-based system-specific model, this study aims to bridge the divide between probabilistic threat modelling and the containment phase in the incident response life-cycle. The main issues are how to formalise containment as well as how to reason about selecting the most beneficial strategy for a considered model. Method - The study firstly sets out to identify practical instances of incident containment in the literature. Then, some of these incidents and respective containment items will be encoded with a novel methodology. A containment strategy selection algorithm will be proposed that guides containment decisions by working with the encoded constructs and a system-specific model. Finally, the encoded items will be verified and the algorithm validated through example scenarios. Result & Analysis - The verification tests showed that all implementations of encoded constructs yielded results according to expectation. Validity tests also indicated that the algorithm endorsed the correct solution to a significant extent. The null hypothesis, being that the number of correctly predicted containment strategies could be explained strictly by coincidence, was namely rejected by two validity tests with respective p-values of 8:2. 10-12 and 2:9 . 10-17, both < 0:05. Conclusion - The study demonstrates a viable methodology for describing and reasoning about containment of incidents in a MAL-based framework. This was indicated by verification and validity testing that confirmed the correctness of the incident and containment action implementations as well as that the propensity for the algorithm to favour containment strategies that align with human reasoning. / Bakgrund - Att förutse, mildra och förebygga cyberattacker är viktigare än någonsin tidigare. Framsteg inom området kring probabilistisk hotmodellering kan hjälpa organisationer att förstå sin egen motståndskraft mot cyber-attacker. Tidigare forskning har introducerat MAL, ett metaspråk för att fånga attacklogik inom en betraktad domän och köra attack simuleringar i en avbildad model av försvararens system. Medan denna modalitet redan är hyfsat etablerad är det mindre känt hur man aktivt kan modellera inneslutningsprotokoll för tillfällen då en incident redan har inträffat. Syfte - Genom att introducera en formalism för att beskriva och resonera om inneslutningsåtgärder givet en MAL-baserade system-specifika modell hoppas den här studien sammanlänka probabilistisk hotmodellering med inneslutningsfasen inom livscykeln för incidenthantering. Studien arbetar med hur man kan formalisera inneslutningsåtgärder samt hur man kan resonera för att välja den mest fördelaktiga strategin givet en modell. Metod - Studien syftar först till att identifiera praktiska exempel på inneslutning av incidenter i litteraturen. Därefter formaliseras några av dessa exempel på incidenter och inneslutningsåtgärder med en ny metod. En algoritm för att välja bland dessa inneslutningsåtgärder kommer också att introduceras. Slutligen kommer de formaliserade incidenterna och inneslutningsåtgärderna att verifieras samt algoritmen att valideras. Resultat & Analys - Verifieringstesterna visade att alla implementationer gav upphov till resultat som stämde med förväntningarna. Giltighetstester visade också att algoritmen i betydande grad valde rätt lösning. Nollhypotesen, d.v.s. att antalet korrekt förutsagda inneslutningsstrategier kunde förklaras strikt av slumpen, avvisades av två giltighetstester med respektive p-värden på 8; 2 . 10-12 och 2; 9 . 10-17, båda < 0; 05. Slutsats - Studien demonstrerar en realistisk metod för att beskriva och resonera kring inneslutning av incidenter i ett MAL-baserat ramverk. Verifikationstesterna bekräftade att implementationerna av incidenter och inneslutningsåtgärder var korrekta. Giltighetstesterna visade även att algoritmen valde inneslutningsstrategier som stämmer överens med mänskligt omdöme i en signifikant utsträckning.
|
5 |
Evaluation of security threats in microservice architectures / Evaluering av säkerhetshot i mikrotjänst arkitekturerLindblom, William January 2022 (has links)
The microservice architecture is a popular architectural pattern in the industry to implement large systems as they can reduce the code bases of each service and increase the maintainability for each of the individual services by dividing the application into smaller components based on business logic. The services can be implemented in different programming languages and communicates over a network. As a consequence, it might lead to a greater attack surface for an adversary of the system. In order to ease the implementation of microservice architectures, a set of design patterns exists. Two patterns addressing the security of the architecture are the API Gateway pattern and the sidecar pattern. More research is needed in order to identify the security threats microservice architecture encounters and how the design pattern handles those. This master thesis uses threat modeling with attack graphs along with attack simulations in order to investigate the threats in microservice architectures and how they compare between the design patterns. To construct the attack graphs and perform the attack simulations SecuriCAD along with CoreLang was used on a microservice architecture with each of the design patterns. The report concludes that the sidecar pattern is faced with less risk than the API Gateway pattern overall and presents a set of suggestions regarding how the security can be improved in microservice architectures. / Mikrotjänstarkitekturer har blivit ett populärt arkitekturmönster inom industrin för att implementera större system eftersom det kan reducera kodbaserna och underlätta underhållningen av varje enskild tjänst genom av att dela upp applikationen i mindre komponenter baserat på varje tjänsts domänlogik. Dessa tjänster kan vara implementerade i olika programmeringsspråk och kommunicerar med varandra över ett nätverk. Som följd skulle dock detta kunna leda till en större attackyta för en angripare av systemet. För att underlätta implementationen av mikrotjänster finns en mängd designmönster, två designmönster som hanterar säkerheten av mikrotjänstarkiterurer är API Gateway mönstret och sidecar mönstret. Mer forskning skulle dock behövas för att ta reda på vilka hot som mikrotjänstarkitekturer ställs inför samt hur väl de två design mönstren bemöter dessa. Den här masteruppsatsen använder hotmodellering med attack grafer samt attack simuleringar för att undersöka vilka hot som finns i mikrotjänstarkitekturer och hur dessa skiljer sig åt mellan de två design mönstren. För att framställa attack graferna och genomföra attack simuleringarna användes programmet SecuriCAD tillsammans med CoreLang på en mikrotjänstarkitektur med vardera design mönster. Rapporten kommer fram till att sidecarmönstrer har lägre risk i jämförelse med API Gateway mönstret överlag och presenterar en mängd förslag angående hur säkerheten kan förbättras i mikrotjänstarkitekturer.
|
6 |
Utvärdering av penetrationstestningriktat mot nätverk / An evaluation of penetration testing aimed toward computer networksRios, Mauricio, Strandberg, Martin January 2022 (has links)
I och med samhällets ökande digitalisering stiger behoven för att kunna fastställa att säkerheten hos datornätverk ligger på en adekvat nivå. När det gäller informations- säkerhet fastnar fokus lätt på enskilda enheter men idag består i regel de flesta orga- nisationer av större datanätverk där information finns åtkomlig på ett flertal sätt. Denna rapport försöker utröna huruvida det går att kvantifierbart påvisa effektivite- ten hos de säkerhetsåtgärder som nätverkstekniker implementerar i syfte att höja säkerheten i en organisations datornätverk. För att mäta säkerhetsförbättringar kombineras en penetrationstestningsstandard med en hotmodelleringsmetod som sedan appliceras på ett nätverk i en laborations- miljö. I ett första skede appliceras dessa på ett sårbart nätverk för att ge en insikt om det ursprungliga säkerhetsläget. Därefter implementeras ett urval av skyddsåtgärder på det sårbara datornätverket vilka baserat på vilka säkerhetsbrister som har upp- täckts. I ett nästa steg appliceras både penetrationstester och hotmodellering återi- gen på samma sätt som tidigare och därefter jämförs resultaten från före och efter att sårbarheterna har åtgärdats. När resultaten jämförs påvisas de säkerhetshöjande åtgärdernas effekt. Tack vare kombinationen av både penetrationstester och hotmodellering tydliggörs även re- sultaten både bredare och mer djupgående än vad användandet av enbart en av me- toderna hade visat på. Dessa resultat visar att metoden med applikation av kombinerade penetrationstester och hotmodelleringar, både före och efter att säkerhetsluckor har åtgärdats, kan an-vändas som ett kvalitetsintyg för säkerhetsarbeten riktade mot datornätverk. / Following the increasing digitalization of society there is a growing need to ensure that the security of computer networks is at an adequate level. When it comes to net- work security, focus tend to fall on individual devices, but nowadays most organiza- tions consist of large computer networks where information is accessible in several different ways. This thesis attempts to determine whether it is possible to ensure the effectiveness of the security measures implemented by network engineers to improve an organisation’s security stance. In order to measure security, a combination of a penetration testing standard and threat modelling is applied to a network in a laboratory environment. First, these are applied to a vulnerable network. Then, a selection of protection measures are imple- mented on the vulnerable network based on the results from the methodology. In a next step, both penetration testing and threat modelling are reapplied. The com- bined results, before and after the vulnerabilities have been addressed, can then be compared to each other. When comparing the results, the impact of the security improving measures becomes clear. Due to the use of both penetration testing and threat modelling the results are further clarified compared to what the use of only one of the methods would have shown. These results shows that the method of combining penetration testing with threat modelling in two stages, both before and after security measures have been imple- mented, can be used as a quality certificate for security work directed at computernetworks.
|
7 |
Using Semantic Data for Penetration Testing : A Study on Utilizing Knowledge Graphs for Offensive Cybersecurity / Användning av Semantisk Teknologi för Sårbarhetstestning : En Studie för att Applicera Kunskapsgrafer för Offensiv CybersäkerhetWei, Björn January 2022 (has links)
Cybersecurity is an expanding and prominent field in the IT industry. As the amount of vulnerabilities and breaches continue to increase, there is a need to properly test these systems for internal weaknesses in order to prevent intruders proactively. Penetration testing is the act of emulating an adversary in order to test a system’s behaviour. However, due to the amount of possible vulnerabilities and attack methods that exists, the prospect of efficiently choosing a viable weakness to test or selecting a fairly adequate attack method becomes a cumbersome task for the penetration tester. The main objective of this thesis is to explore and show how the semantic data concept of Knowledge Graphs can assist a penetration tester during decision-making and vulnerability analysis. Such as providing insight to attacks a system could experience based on a set of discovered vulnerabilities, and emulate these attacks in order to test the system. Additionally, design aspects for developing a Knowledge Graph based penetration testing system are made and discussions on challenges and complications for the combined fields are also addressed. In this work, three design proposals are made based on inspiration from Knowledge Graph standards and related work. A prototype is also created, based on a penetration testing tool for web applications, OWASP ZAP. Which is then connected to a vulnerability database in order to gain access to various cybersecurity related data, such as attack descriptions on specific types of vulnerabilities. The analysis of the implemented prototype illustrates that Knowledge Graphs display potential for improving data extracted from a vulnerability scan. By connecting a Knowledge Graph to a vulnerability database, penetration testers can extract information and receive suggestions of attacks, reducing their cognitive burden. The drawbacks of this works prototype indicate that in order for a Knowledge Graph penetration testing system to work, the method of extracting information needs to be interfaced in a more user-friendly manner. Additionally, the reliance on specific standardizations create the need to develop several integration modules.
|
8 |
IoT Penetration Testing: Hacking an Electric ScooterCameron Booth, Louis, Mayrany, Matay January 2019 (has links)
The industry of the Internet of Things (IoT) is a burgeoning market. A wide variety of devices now come equipped with the ability to digitally communicate to a wider network and modern electric scooters are one such example of this trend towards a more connected society. With scooter ride-share companies continually expanding in urban areas worldwide these devices are posing a greater attack surface for hackers to take advantage of. In this report we utilize threat modelling to analyse the potential vulnerabilities in a popular electric scooter. Through penetration testing we demonstrate the existence of major security flaws in the device and propose ways in which manufacturers may guard against these exploits in the future. / Internet-of-Things (IoT) växer globalt. Många produkter kommer utrustade med förmågan att digitalt kommunicera med olika nätverk och moderna elektroniska sparkcyklar är ett exempel på denna trend som går mot ett mer uppkopplat och sammankopplat samhälle. I och med att antalet företag som tillhandahåller elsparkcykeltjänster i urbana miljöer över världen växer, så blir dessa produkter ett större mål för hackare att utnyttja. I denna rapport använder vi hotmodellering för att analysera potentiella sårbarheter i en populär elsparkcykelmodell. Genom att penetrationstesta produkten demonstrerar vi allvarliga säkerhetsfel och föreslår förhållningssätt som tillverkare kan ta hänsyn till för att undvika framtida attacker.
|
9 |
Are modern smart cameras vulnerable to yesterday’s vulnerabilities? : A security evaluation of a smart home camera / Undviker dagens smarta kameror gårdagens sårbaraheter? : Utvärdering av säkerheten hos en smart hem kameraLarsson, Jesper January 2021 (has links)
IoT cameras can allow users to monitor their space remotely, but consumers are worried about the security implications. Their worries are neither unfounded as vulnerabilities repeatedly have been found in internet connected cameras. Have modern cameras learned from the mistakes of their predecessors? This thesis has performed a case study of a consumer smart camera popular on the Swedish market. The camera was evaluated through a pentest. The evaluation found that the camera’s cloud centric design allowed it to side step issues present in earlier models. However, it was demonstrated that it is possible to detect potentially sensitive events, e.g. when the camera notice motion, by just inspecting the amount of traffic it sends. Other tests were not able to demonstrate vulnerabilities though. Based on these findings it was concluded that the camera were more secure than it’s predecessors, which supports that the market has improved. / Konsumenter kan med IoT kameror på distans överse sin egendom. De är dock oroliga över hur säkra kamerorna är. Denna oro existerar inte utan god anledning. Sårbarheter har upprepade gånger påvisat finnas i internetuppkopplade kameror. Har dagens kameror lärt sig av deras föregångares misstag? Detta examensarbete har testat en smart kamera som är populär på den svenska marknaden. För att fastställa hur säker kameran är genomfördes ett penetrationstest. Undersökning fann att kameran lyckats kringgå tidigare vanliga sårbarheter genom att förlita sig på molnet. Undersökning kunde dock konstatera att en motståndare kan läcka potentiellt känslig information, t.ex. när kameran upptäcker rörelse, bara genom att mäta hur mycket nätverkstrafik kameran sänder. Undersökningen kunde dock inte påvisa andra sårbarheter. Baserat på dessa resultat fann studien att denna kamera är säkrare än sina föregångare, och att detta stödjer tesen att marknaden som helhet förbättrats.
|
10 |
IoT Pentesting: Obtaining the Firmware of a Smart LockBorg, Alexander, Francke, Carl Aston January 2020 (has links)
Consumer Internet of Things (IoT) has become increasingly popular over the past years and continues to grow with virtual assistants, wearable devices and smart home appliances. Within the consumer IoT market, smart locks have gained popularity. Smart locks offer the consumers a convenient way of handling keys and access to their home. Enabling your front door to be controlled over the internet however, introduces new possibilities for an adversary to brake in. Therefore, the integrity and authenticity of the product must be ensured. This thesis covers a security assessment of a smart lock, focusing on the firmware of the embedded devices as the main assets. Potential threats against obtaining and abusing the firmware are identified by threat modeling. Based on the identified threats, penetration tests are conducted to demonstrate the security of the firmware. The results show that the firmware could not be obtained and that the product constitutes a good example within consumer IoT for how to manage the firmware of embedded devices. / Sakernas internet (IoT) har blivit allt mer populärart under de senaste åren och fortsätter att växa med produkter som virtuella assistenter, bärbara enheter och smarta hushållsapparater. Inom marknaden för IoT-produkter riktat mot konsumenter har smarta lås blivit vanligare. Smarta lås erbjuder konsumenter ett bekvämt sätt att hantera nycklar och tillgång till sina hem. Genom att göra det möjligt att styra ytterdörren via internet introduceras dock nya möjligheter för en attackerare att bryta sig in. Därför måste intergriteten och autenticiteten av produkten säkerställas. Den här examensarbetet omfattar en säkerhetsbedömning av ett smart lås, med fokus på firmware för de inbyggda systemen som huvudtillgångar. Potentiella hot mot att få tag på och missbruka firmware identifieras genom hotmodellering. Baserat på de identifierade hoten genomförs penetrationstester för att utvärdera säkerheten för firmware. Resultaten visar att firmware inte kunde erhållas och att produkten utgör ett bra exempel inom IoT-produkter riktat mot konsumenter för hur man hanterar firmware för inbyggda system.
|
Page generated in 0.0915 seconds