STRIDE – Part 1/3

There are several techniques can be implemented to find the vulnerabilities and the threats of the system. These techniques are known as threat modelling in which it is a technique that mitigate the vulnerabilities on your system. One way to determine the threats of your system is via the STRIDE technique. STRIDE is a shorthand for:

  1. S – Spoofing identity.
  2. T – Tampering with data.
  3. R – Repudiation.
  4. I – Information disclosure.
  5. D – Denial of service.
  6. E – Elevation of privilege.

 

Spoofing identity: It allows the attacker to pose as another user or allow a rogue server to pose as a valid server.

Tampering with data: It involves malicious modification of data.

Repudiation: When the users deny performing an action (without other parties having any way to prove otherwise).

Information disclosure: Is the process of exposing the individual information to other people who are not supposed to have access to this information.

Denial of service: Denial of service (DoS) attacks, which is the process of denying the services to valid users.

Elevation of privilege: An unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system

 

In conclusion, STRIDE technique assets the following:

STRIDE technique

Assets

Spoofing identity Configuration Data
Tampering with data Authentication data
Repudiation Persistent Data
Information disclosure Data “on the wire”
Denial of service State Data
Elevation of privilege Temporary Data

 

Risk Management

Risk is a situation that involves exposure to danger, where it might cause a potential harm. Risk management is a process of a quick respond and controlled to the risks in order to minimise their threats. In another word, risk management involves understanding, analysing and addressing risk to make sure organisations fulfil and achieve their objectives. Meanwhile, risk assessment is the methodical process of evaluating the risks’ prospective that might involve in the project activities.

Risks occur frequently in the world of computer security. Thus, it is important to keep your system up to date and to know everything happens in and around your system. The term risk assessment in computer security is a process of implementing techniques to mitigate the risks. A simple example, is how to implement security techniques to your house to mitigate risks in the future or to make sure thief cannot come inside your house and steel you. Let’s take a real-life example and try to find some of the vulnerabilities in which it might cause threats.

vulnerable-house

 

The figure above shows an example of a normal house, which might be vulnerable to many threats via thieves. Due to the absence of security, the thief can penetrate the house and steal valuable things such as, jewelleries, money, TVs, PCs, accessories and many more. Therefore, it is important to implement risk assessments and risk managements to mitigate these threats as much as possible.

 

Risk assessment is the process of introducing and finding the vulnerabilities within the system that might cause threats or allow the attacker to gain access to the system. Below are some of the vulnerabilities that might be exploited from the figure above:

  1. The windows might be used to penetrate the house.
  2. The door can be used/ broken to penetrate the house.
  3. There is no security camera to record video of any suspicious activities.
  4. And many more.

 

Risk management is the taken steps to manage and control the system by implementing different techniques to avoid the threats from being occurred. Below are some techniques than can be introduced to the house to mitigate the threats or the attacker from exploiting these vulnerabilities.

  1. Implement fence around the windows (bulletproof).
  2. Add a fence around the house.
  3. Have a dog outside the house for more security.
  4. Install recorded cameras to monitor and control the area around the house.
  5. Patrolling the area around the house.

The figure below for more details about the implemented security techniques:

secure-house

 

Remember: you cannot build secure systems unless you know the threats to which you are susceptible.

Password Protection

Passwords are very popular and widespread in modern computer applications. Passwords are no different than locks, since it is safe as long as you (user/password’s owner) are the only one know it. However, if someone else gets a replica of the password, they will be able to gain access to that place or application.

Previously, I have explained the requirements behind choosing a strong password. In 2010, a study was performed on several websites containing over 32,000,000 passwords shows that the passwords had previously been leaked on the web. This is due to the online attacks, which were performed by the attacker by selecting a set of targets and applies several guesses.

 

Eventually, try to avoid the blacklist passwords, which contain the popular and unacceptable passwords. For example, Twitter was once compromised due to an administrator’s password being “happiness”.

Pretty Good Privacy (PGP)

PGP is another security mechanism, which is an abbreviation for Pretty Good Privacy. PGP is an application of Cryptographic technology that uses public-key encryption. PGP has been used to protect the privacy in any communication forms such as, email, data, data storage and more.

PGP was designed to provide the security and privacy measures that are not currently presented in many forms of online communication. The email, for example, travels from one destination to another in an encrypted form. The recipient will decrypt the message back to the plaintext using PGP.

 

PGP works with two keys (public-key and private-key); where the public-key encrypts the message and the private-key decrypts the message. In addition, PGP provides authentication, since the users can use the private-key to digitally sign the message. This will make sure that the recipient knows where the message (mail) came from.

Note: The sensitive data files stored on the hard drive or USB can also be protected by PGP, by using the public-key to encrypt the files; and private-key to decrypt them.

Secure Sockets Layer (SSL)

SSL is another important mechanism for securing information. SSL is an abbreviation for Secure Sockets Layer. SSL is a protocol that was developed by Netscape in 1990. Rapidly SSL became a standard mechanism for exchanging data securely over insecure channels (e.g. Internet). SSL, in fact, is supported by all modern browsers and emails. SSL operates in the Transport layer (OSI Model).

ssl

Basically, it is a handshake between the client and the server. The following scenario shows how the handshake works, where the client is Alice and the server is Bob, for example:

  • When the Alice, client, connects to any location that requires SSL connection, the Bob, Server, will present Alice with a digital certificate that allows her to identify the server.
  • Alice will ensure that that the domain name matches the name on the certificate; and the certificate has been generated by a trusted authority.

Once this handshake is finished, Alice will automatically encrypt all the data that is sent to Bob. Once the data arrives to the server side, Bob will decrypt it using the private-key. Note: Bob can send any message back to Alice, which will be encrypted during the transferring process.

 

Remember: Encrypting the data will make it unreadable to unauthorised people.

Internet Protocol Security (IPSec)

IPSec is an abbreviation for Internet Protocol Security, which is a set of protocols designed to protect the confidentiality and integrity of data as it flows over the network. These protocols are designed to operate at the Network layer (OSI Model) and process the packets according the predefined settings.

ipsec

Comparing to the other methods of security, IPSec has proven to be more successful technology than the other nowadays. In fact, it has the ability to provide tremendous security as well as the ability to be implemented without major changes to individual computer systems.

In order to protect the information, IPSec provides two mechanisms Authentication Header (AH) and Encapsulating Security Payload (ESP).

  • Authentication Header (AH) – it provides authentication services and provides a way to authenticate the sender.
  • Encapsulating Security Payload (ESP) – it provides authentication to the information; along with data encryption.

 

In conclusion, the information associated with each of these services is inserted into the packet, where the Authentication Header provides authentication services to the data; and the Encapsulating Security Payload provides data security.

 

Introduction to Cryptanalysis

Cryptanalysis is the study of ciphers or ciphertexts to find weaknesses in them, which will let/permit the attacker to retrieve the plaintext from the ciphertext (without necessarily knowing the key). Cryptanalysis, in fact, is part of the cryptology science. There are several techniques used in cryptanalysis that can decrypt a message such as, substitution cipher, brute force, frequency analysis and more.

 

Substitution cipher encrypts letters rather than bits. The idea is to replace/substitute each occurrence of a plaintext letter with the same ciphertext letter randomly. The table below shows the substitution table.

Plaintext letters

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Ciphertext letters

D K V Q F I B J W E P S C X H T M Y A U O L R G Z N

For example, CARDIFF is encrypted to VDYQWII; also, HELLO is encrypted to JFSSH.

The advantage of this substitution cipher would ensure that this message can be read only by Alice and Bob, since it means nothing to Oscar without knowing the key (substitution table).

Note: When replacing the letters, you cannot replace one plaintext with two ciphertext or vice versa. Every plaintext should be substituted with only one ciphertext.

 

In order to break this cipher, the attacker could implement some techniques to decrypt the encrypted message (original message) such as, the brute force attack or the frequency analysis. Brute force is a cryptanalysis attack, which is trying all the possible combinations until the message is decrypted. If the attacker is lucky he/she would be able to find the key quickly, otherwise it might take a very long time. Some software, nowadays, go through all the possible combinations until they find the key.

The question is: How many possible substitution tables are there? and the simple answer would be about 288. Since we have 26 letters and we would like to try all the possible combinations, the result would be:

26 x 25 x 24 x 23 x 22 x ……………. x 4 x 3 x 2 x 1 = 26! ≈ 288

However, if you have modern computers with a high process and memory space, you would be able to break the key faster than old computers (with old hardware). This attack is also known as an exhaustive key search.

 

The second technique is the frequency analysis. This is the process of replacing plaintext letter by the same ciphertext letter. (Note: Plaintext letter frequencies are not identical). In addition to that, hackers can use frequencies of letter pairs or triples such as, ‘th’ , ‘the’ , ‘as’ , ‘he’ , ‘she’, ‘I’m’, ‘is’, ‘are’ and many more. The table below shows the most common 5 letters use in English frequently.

frequency-analysis-table

Note: Even though the substitution cipher has a sufficiently large key space of 288, but it can easily be defeated with analytical methods.