Spoofing

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

A program that attempts to mimic the Identifier and other Identity Attributes.

Context

It is not an accident that attacks are known as viruses or worms. The digital systems exposed on the internet are susceptible to Attack just as Carbon-based Life Forms are susceptible to a wide variety of organism of a wide variety of morphologies. Like our own organic defenses, computer systems look for markers to see if an attack is under way. Lime disease offers an example of a pathogen that wraps itself in a set of markers that the immune system accepts as a valid part of the organizer. [1] Perhaps its time to put the immunology department as a joint effort of medicine and computer science.

Models

Threat Models some in a variety of forms.


Threat Models are assessed according models like the ISO 29115 standard (ISO/IEC JTC 1/SC 27 2013), which describes standardized attack vectors for an IT system:

  • Online/offline guessing (repeatedly trying out the credentials or keys)
  • Credential duplication (copy of credentials and their keys)
  • Phishing (interception of credentials via fake websites/emails and social manipulation)
  • Eavesdropping/snooping
  • Replay attack (reuse of recorded messages)
  • Session hijacking
  • Man-in-the-middle attack (MitM; active attacker positions himself between the communication partners and pretends to be the respective counter-party)
  • Credential theft
  • Spoofing and masquerading (which seems to become easier for attacks based on Artificial Intelligence bots)

Instances

  • The user wallet is meant to be a faithful User Agent, but can also be used by an attacker to load a Subject's Credentials and try to spoof the user's access to valuable content, including their back accounts.
  • "Digital wallets are considered to be more secure than traditional transaction methods. Wallet’s device-based biometric security mechanisms facilitate the bank in user authentication and cardholder verification. Because such a strong authentication guarantee, the bank provides payment features to wallet users that are not accessible for physical cards. The backbone of these features is the bank’s trust in wallet security mechanisms. We demonstrate that these features can be exploited into several security vulnerabilities."[2]

References

  1. Allison Guy, Tackling long-haul Diseases MIT News (2024-03) p. 29 ff.
  2. Raja Hasnain Anwar, In Wallet We Trust: Bypassing the Digital Wallets - Payment Security for Free Shopping n the Proceedings of the 33rd USENIX Security Symposium ending on 2024-08-16 https://www.usenix.org/system/files/usenixsecurity24-anwar.pdf