Let’s take an example, where it is possible to implement STRIDE techniques to mitigate the threats. Note: Threats should be displayed as the highest priority. The figure below is an example of a server that is connected to many clients via the insecure network.
Implementing STRIDE technique will help to find and fix the vulnerabilities of the system before they can be exploited by the attacker. Below are some of the vulnerabilities, that might be exploited by the attacker, which might cause threats to the system.
Attacker intercepts the data, where the attacker can Tampering with data andInformation disclosure or he/she can Spoofing identity.
Chance of occurring: (1 = very high).
The damage it causes: (10 = massive).
Risk: 10/1 = (10).
Attacker floods server with bad data (Denial of service).
Chance of occurring: (1 = very high).
The damage it causes: (7 = high).
Risk: 7/1 = (7).
Attacker accesses the configuration data, where the he/she canTamper with data, Information disclosure and implement a Denial of service.
Chance of occurring: (5 = medium).
The damage it causes: (10 = massive).
Risk: 10/5 = (2).
Attacker access persistent data or the audit log, where the he/she canTamper with data, Information disclosure and implement a Denial of service.
Chance of occurring: (4 = medium).
The damage it causes: (8 = high).
Risk: 8/4 = (2).
There are several techniques that can be implemented to the STRIDE to mitigate these above threats such as;
S – Strong authentication; and never store secrets.
T – hashes, digital signatures; and tamer resistant protocols.
R – Digital signature, time stamps; and secure logging.
I – Strong access control mechanisms (ACLs), encryption; and never store secrets.
The figure below shows the OSI model for the transmission data from one side to another. Previously, I have explained the data flow between the two parties, where it starts from the application layer all the way down to the physical layer; while it works upside down on the receiver side (See the PowerPoint file for more information about the transmission-data).
This blog discusses the possible ways to provide security in these protocols. The Networklayer protocol used on the Internet, in fact, is known as the InternetProtocol (IP); while, the two Transport layer protocols used are TransportControlProtocol (TCP) and UserDatagramProtocol (UDP). These protocols provide no security guarantees, since the packets are transmitted in plaintext (clear text). Transmission Control Protocol/InternetProtocol (TCP/IP) has some vulnerabilities because it is difficult to verify the following:
Confidentiality – Data has not been viewed by a third party while in transit.
Integrity – Data has not been modified in transit.
Authentication – The claimed client or server is the true client or server.
The solution is to provide security in various layers such as, IPSec at the Network layer, SSL/TLS at the Transport layer and S/MIME at the Application layer (for emails).
Message Authentication Codes also known as (MACs) are similar techniques to the DigitalSignatures. MACs use Symmetric keys between all parties; and they provide data integrity and message authentication, but not non-repudiation. In fact, MACs are much faster than Public-key signatures.
Basically, MAC takes an input of any size and produce a short and fixed-size output. The Message Authentication Codes’ security entirely relies on the infeasibility of computing the result by Oscar. In this scenario, it will be very difficult for Oscar to achieve the following:
This scenario is an example of the MAC and how it works:
Any party can start this communication, Bob will start for this example.
Bob will use the private-key to MAC the original message; then he will send it to Alice.
Alice will use the same private-key to verify that the message has been received from Bob.
In conclusion, there are some important thangs about MAC that you need to remember, for example:
MAC provides data integrity and message authentication Meanwhile, Digital signature provides data integrity, message authentication and non-repudiation.
MACs are much faster than Digital signatures.
MACs use a key, but Hash functions do not use key.
Note:MACs are based on hash functions (e.g. HMAC) or on Block Ciphers (e.g. CBC-MAC).
Digital Signatures (e.g. RSA Signatures) are great because they achieve data integrity, message authentication and non-repudiation. However, they have few problems especially when the message (x) is long. In another word (How do we sign a message (x) greater than the modulus n?). The following figure shows an alternative solution, which split the message into blocks and sign each block individually.
This technique (the figure above) works perfectly, but will face some problems:
Computational load:Public-Key operations are time-consuming.
Transmission or storage overhead: Signature is as long as the message itself.
Security: Similar problems to ECBmodeofoperation (remove individual blocks, inject old blocks).
The solution to solve this problem is very simple, which is by having a shorter “representation” of a message, so that we can (sign) that instead of the message itself. This solution is known as (hash function produce representation); and also it is called hash or message digest, or digital fingerprint.
I have defined previously some of the computer security terms and definitions. So far, the encryption and decryption operations provide confidentiality, where the information is kept secret from all but authorized parties (protect the information from being readable to unauthorised people). Whereas, many people do care about the other security properties such as, Integrity, Authentication, Non-repudiation and more (Remember the following terms).
Data Integrity: ensures that a message has not been modified in transit.
Message Authentication: ensures that the sender of a message is authentic.
Non-repudiation: ensures that the sender of a message cannot deny the creation of the message.
Identification: establishing and verifying the identity of an entity.
Access control: restricting access to the resources to privileged entities.
Availability: the electronic system is reliably available.
Auditing: provides evidence about security-relevant activities such as, keeping logs about certain events.
Physical security: providing protection against physical tampering and/or responses to physical tampering attempts.
Anonymity: providing protection against discovery and misuse of identity.
Symmetric Key is not enough to provide full-security, since it does not provide all the previous properties. Therefore, it is important to implement/introduce Digital Signatures. In fact, Digital Signatures provide DataIntegrity, Message Authentication and Non-repudiation. The following steps explain how Digital Signatures work:
Any party can start this communication, either Alice or Bob, by generating two keys (public-key and private-key). In our scenario, Bob has generated the two keys.
Bob sends his public-key to Alice, while keeping his private-key
The message (x) that Bob wants to send will be signed via the Bob’s (private-key).
The message (x); along with Bob’s signature will be sent to Alice.
Alice will verify the received message (x) via Bob’s public-key. This ensures that Bob has sent the message (message integrity, authentication and non-repudiation).
Confidentiality – Is a term in which to ensure that the data should be only read (readable) to/by the authorised people. For example, Cryptography and Encryption methods are an example of an attempt to ensure confidentiality of data transferred from one computer to another.
Integrity – This term is given to the data that must not be changed in transit; and the taken steps must be implemented to ensure that data cannot be altered by unauthorised people. In another word, it is the ability to ensure that the data are accurate and unchanged representation of the original secure information.
Availability – Is the fact that ensures the system components (Hardware and Software) are available and authorised to people when they need it (at all time). For example, a particular search engine is trying to ensure that their web/services are available (Still running).
Accountability – Is the traceability of actions performed on a system, in order to prove if a person did something wrong (with knowing the who did that).
Non-repudiation – Is the fact of proving something without denying it. For example, if a person misses with the system, that person cannot deny it.
Accessibility – Is the fact that ensures the system components (Hardware and Software) are accessible and available to certain people when they need it. For example, the same search engine’s admin should ensure that the web/services are available (Still running) and accessible to authorised people.
Authentication – Is the fact of proving who you say you are (or who he/she claims to be).
Authorisation – Refers to the rules that determine who is allowed to do what. For example, Mike (Admin) may be authorised to create and delete databases, while Tom (User) is only authorised to read.
Note: In computer security CIA does not refer to Central Intelligence Agency, but it does refer to Confidentiality, Integrity, Availability or Authentication. Some people say the letter “A” refers to the big “A”, which means that it concludes everything that starts with the letter “A” such as, Accountability, Authorisation, Authentication, Accessibility and more.