Threat Model Sample Clauses

Threat Model. ▇▇▇▇▇-▇▇▇ (DY) model is employed, which entails an insecure channel communication and an untrustworthy nature between the parties [56]. Thus, the malicious attacker can easily eavesdrop and tamper the exchanged messages. The worst-case scenario, for instance, might involve seizing a drone, that is hovering, and then compromising its data. The prevalent “▇▇▇▇▇▇▇ and ▇▇▇▇▇▇▇▇’▇ adversary model (CK- adversary model)” is, reportedly, the de facto standard for modelling the authenticated key exchange protocols. The CK- adversary model entails that the adversary can also hack the secret credentials, secret keys and the session states. Therefore, it has become an essential requirement that “the leakage of some forms of secret credentials, such as session ephemeral secrets or secret key, should have the minimum possible consequence on the secrecy of other secret credentials of the communicating participants” [58].

Threat Model. Within the KSS, the KSMS, the CM and the PL are considered honest-but-curious entities. They will perform the protocol honestly, but they are curious to extract private information about users. Owners are passive adver- saries while consumers and outsiders may be malicious. The car’s OBU is trusted and equipped with a Hardware Security Module (HSM) [34, 45] that supports secure key storage and cryptographic operations such as symmetric and public- key encryption, following the EVITA [17] and PRESERVE [34] specifications. Users’ PDs are untrusted as they can get stolen, lost or broken.

Threat Model. Quest’s threat security model is based on the following general characteristics:  Confidentiality - The information contained in the Colorado Campaign Finance Database should remain private until the filings are completed by the committees and candidates. Certain document images must be flagged as confidential and not available for public viewing (i.e. Candidate Personal Financial Disclosure Statement).  Integrity - The application and supporting architecture should ensure only authorized users are able to add and update records.  Availability – The system and resulting data must be available. Committees and candidates must maintain the ability to file reports on a tight schedule. The public must have access to the data in a timely manner. Based on these characteristics, the following security threats will be managed as part of this Agreement: Category Risk Mitigation Confidentiality Data could be viewed by public prior to being filed by the candidate or committee. Implement application security measures to ensure application design does not allow public to see data until the associated reports are filed. Integrity Unauthorized users could access and update records for committees and candidates. Implement application security to address data access, web site security, login security, session timeout, page rendering, user account and permission management, user ID and password management and event logging. Also ensure data security through audit logging and data backup procedures. Integrity Unauthorized users may access the servers remotely via network vulnerabilities and manipulate the application data. Maintain remote access to servers on a secure, limited and as needed basis. Category Risk Mitigation Availability Unauthorized persons may access the physical servers. Enforce physical security measures, including:  Only Terremark employees may enter the data center floor  Card access, hand geometry scanners & audible alarms  Multi-zoned, 24/7 monitored access areas w/CCTV surveillance on all external & internal doors  Badge access into gateway  Badge plus biometrics into server suite Availability Power outage, cooling system failure, or fire may result in the system being unavailable. Maintain environmental measures, including:  HVAC closed loop drycooler system (not chilled water)  Total cooling capacity > 1,360 tons  56/20 ton Liebert Air Handlers & 17 drycooler units on roof  24/7 environmental monitoring  18” raised flooring dedicated for ...

Threat Model. Under a fairly loose set of assumptions, our systems from Section 5 succeed at providing secure multi-party semantic agreement. Namely: • The third-party computation entity is to be trusted and will not, for instance, simply send party B’s encrypted ciphertext to party A (who would then be able to decrypt it). • Both parties A and B are incentive-aligned in their goal of obtaining a true semantic agreement measure. Therefore, neither A nor B will be dis- honest and, for example, send an encryption of intentionally bad text to alter the output. This as- sumption should follow from Condition 3 as dis- cussed in the Motivation section. • All parties can be considered curious. That is, our system must protect against parties snooping on communications and intentionally trying to deter- mine the secret texts. Moreover, the hypothetical system proposed in 5.2 eliminates the need for a third party and provides a fairly strong notion of security without the need for the first assumption.

Threat Model. We cryptanalyze protocol security using the popular Dolev-Yao(DY) model [21]. By using this threat model, malicious attackers can capture, modify, add, or delete messages sent over insecure channels. And we also consider the following assumptions: • A malicious adversary can steal or obtain a legitimate user’s device, and perform side-channel attacks [22] to obtain key information stored in the device. We also follow the claims of [1–3]. Therefore, we assume that attackers can perform side channel attack or power analysis attack over TPDs or OBUs. Subsequently, attackers can obtain values stored in TPDs. Adversaries can perform a variety of attacks including impersonation, spoofing, identity guessing attacks using values obtained from compromised TPDs.

Threat Model. In our scenario, we assume mutually-distrusting, rational parties using a payment channel to exchange payments. The threat model includes two potential threats and focuses on the inability of nodes to revoke previous states of the pay- ment channel. Notably, the node that receives the payment faces the threat of the inability to report a misbehaving peer before the contest period expires. On the other hand, the node sending the payment faces the threat of the inability to unlock her money from the channel. The receiver expects a non-repudiation property of the system. After several payments, none of the parties will be Parking Sensor Smart Car Ethereum Register Template Smart Contract Local Copy Sensor Data Public Address 0x00 Off-Chain Execution New Payment Channel Sign Final State Side-Chain On-Chain Commit(s) Side-Chain(s) Side-Chain(s) Icons by flaticon (CC 3.0 BY) Challenge Period

Threat Model. In this section, we discuss the threat models that are widely used in exist- ing schemes. We consider a recently described threat model for IoT security in [32]. Same as most authentication schemes, our scheme first considers the ▇▇▇▇▇-▇▇▇ threat model [33]. In this threat model, the communications of the participants in the key agreement are all carried out on insecure ▇▇▇▇- ▇▇▇▇. Adversary can eavesdrop on all messages in the communication, and can modify or delete them after intercepting them. The adversary can send the modified or directly forged message to the participants in order to obtain a favorable return. The adversary can forge himself as a legitimate partici- pant in the agreement of the key and actively try to participate in the session key agreement. The CK-adversary model [34] is considered to be the standard model of the key exchange scheme. The adversary under this model is more threat- ening than the adversary under the Dolev-Yao model. In the CK-adversary model, the adversary can not only fully control the communication link be- tween the communication subjects and the scheduling of the scheme practice, but also obtain the private information of the participating subjects and re- lated sessions through a series of queries. Because the adversary can damage the session information, including session state, session key and private key, it is necessary to ensure that when some forms of private information in the session are leaked, the security impact on other private information of the participating communicating entities is minimal. Therefore, the main con- sideration of the CK-adversary model is the security threat to other secret credentials of the communicating entity in the scheme caused by the leakage of some forms of private information. In addition to the threat of communication messages, there are also threats to the privacy and security of user entity information. The adver- sary can make an educated guess about the user’s identity and password. In the case where the user does not use a simple password or username, the adversary guesses the user’s password and identity, and verifies his guess in polynomial time, from computationally speaking, it is difficult for an adver- sary to complete [35]. We also need to consider security threats from IoT devices. Similar to other scheme considerations, we assume that an adversary can use physical entities to capture some smart devices of the IoT, and then extract sensitive information from...

Threat Model. We employs the widely recognized Dolev-Yao (DY) model [25] to secure the proposed system. Within the DY model, adversary A possesses the ability to read, delete, modify, and send fake messages during communication over an unsecured public channel. Additionally, due to the vulnera- bilities inherent in IIoT devices, A can exploit opportunities to capture IoT sensing machines. Through power analysis attacks, A can extract secret credentials stored in the memory of these compromised machines. Similarly, if a legitimate user’s device or smart card is lost or stolen, A can gain access to FMS unitn nth unit of flexible FMS unitn manufacturing FMS unit1 Fig. 1: Network model of flexible manufacturing monitoring system. the secret credentials stored within them. Armed with such sensitive information, A gains the capability to launch a variety of attacks, including replay attacks, privileged-insider attacks, impersonation attacks, and man-in-the-middle attacks. Additionally, the CK-adversary model [26] is considered the standard for authenticated security protocols. The CK model encompasses all the activities discussed within the DY model and includes an additional feature of revealing confidential credentials during sessions, such as session keys and session states. Consequently, the authentication scheme implemented in the proposed system must possess the potential to ensure security by effectively mitigating the effects of attacks, even in the scenarios where confidential credentials are exposed to A during communication. It should be noted that the MCNs in the proposed IIoT system are operated in a locking mode to safeguard against physical attacks instigated by A. Consequently, the MCNs are regarded as secure within the system.

Threat Model. A probabilistic polynomial-time adversary in the Dolev-Yao model [17] has full control over the parties involved. As a result, the adversary can read, capture, reply, delete, or modify the transmitted messages on the public channel. Furthermore, the adversary may obtain secret information stored in the devices' memory through explicit attacks [1]. ▇▇▇▇▇ et al. represented their protocol in ▇▇▇▇▇-▇▇▇ threat model and proved the security features of their scheme in their paper. In the CK-adversary model [18], the adversary, in addition to all the aforementioned abilities, possesses the ability to access the secret information stored in the parties' memories; Subsequently, it is the advanced version of ▇▇▇▇▇-▇▇▇ threat model. The data exposed to the adversary can be categorized as follows: • Session-state reveal: The adversary obtains the current internal state information of incomplete session (ephemeral secret parameters), except long-term private keys. • Session-key query: The adversary obtains the session key of specific completed session. • Party corruption: The attacker can decide at any point to corrupt a party, in which case the attacker learns all the internal memory of that party including long-term secrets (such as private keys or master shared keys used across different sessions) and session-specific information contained in the party’s memory (such as internal state of incomplete sessions and session-keys corresponding to completed sessions) [18]. As a result, the security protocol should guarantee that the • Upon receiving this message, the (𝐼𝑁) first checks the timestamp validity i.e. |𝑡1− 𝑡𝑐 | < 𝛥𝑇, where 𝑡𝑐 is the current timestamp of 𝐼𝑁. It also computes 𝑉∗= ℎ (𝑋𝑛−𝑖𝑛∣∣ 𝑡1) and checks the validity of 𝑉∗ by comparing to 𝑉𝑛. 𝑛 • If the statement is true, IN generates the current timestamp 𝑡2 to compute 𝑉𝑖 = ℎ(𝑖𝑑𝑖𝑛 ∣∣ 𝑡2) and sends the tuple ⟨𝑡𝑖𝑑𝑛, 𝑦𝑛, 𝑎𝑛, 𝑏𝑛, 𝑉𝑖, 𝑡1, 𝑡2⟩ to 𝐻𝑁. • The 𝐻𝑁 checks the timestamp validity i.e., |𝑡2 − 𝑡𝑐 | 𝑖 <𝛥𝑇, where 𝑡𝑐 is the current timestamp of 𝐻𝑁. It then computes 𝑉 ∗=ℎ (𝑖𝑑𝑖𝑛 ∣∣ 𝑡2) and checks the validity of 𝑖 𝑉 ∗ by comparing to 𝑉𝑖. • If the statement is true, HN computes 𝐾∗= 𝐾 ⊕ 𝑏 𝑛 ℎ𝑛 𝑛 𝑛 𝑛 𝑛 𝑛 𝑛 leakage of certain secret information, such as ephemeral secret parameters or long-term keys, would have the least possible ⊕ 𝑎𝑛, 𝑥∗ = ℎ(𝐾 ∣∣ 𝐾∗), 𝑖𝑑∗ = 𝑎 ⊕ 𝑥∗ , ��∗= 𝑦 ⊕ 𝑥∗ . Finally, it calculates 𝑡𝑖𝑑∗ =ℎ((𝑖𝑑∗ ⊕ 𝑡 ) ∣∣ 𝑟∗) 𝑛 𝑛 𝑛 𝑛 1 𝑛 effect on the security of other sessions or other private and checks the validity...