1 / 5

STRINT IETF / W3C Security Workshop London, UK, March 2014 Juan Carlos Zuniga

STRINT IETF / W3C Security Workshop London, UK, March 2014 Juan Carlos Zuniga. Threat Model. Five main classes of attack Pervasive passive attack [metadata, correlation] Pervasive active attack [access in the network core] Static key exfiltration Dynamic key exfiltration

felice
Download Presentation

STRINT IETF / W3C Security Workshop London, UK, March 2014 Juan Carlos Zuniga

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. STRINT IETF / W3C Security WorkshopLondon, UK, March 2014Juan Carlos Zuniga

  2. Threat Model • Five main classes of attack • Pervasive passive attack [metadata, correlation] • Pervasive active attack [access in the network core] • Static key exfiltration • Dynamic key exfiltration • Content exfiltration

  3. Collaborators • A legitimate actor giving help to the attacker • Static: One-time help (e.g., private key) • Dynamic: Ongoing, per-session help • Content: The desired content itself • Witting or unwitting • Your IT can collaborate on your behalf • Real or virtual • Hand over key data or make it predictable

  4. Summary • Attackers will do all five attack classes • Attacks can be performed in different ways • Threats to Objects • Metadata, content • Threats to Venue • Infrastructure and links (from TLS down) • Technology can be used to increase cost of attack • Tech cost (passive-> active) • Risk of exposure (static -> dynamic, target dispersal)

  5. Possible implications/considerations for IEEE 802 • Generic protocol guidelines (e.g. Privacy) should we equally applicable to most 802 protocols • Link layer encryption (not only data) • MAC addresses • Broadcast identifiers • Size and sequence of messages

More Related