CaSS Docs

# KBAC Threat Model

# Server-Side Attacks

Operation Threat Specific Attack Attack Effort Damages KBAC Effective? Protections in Place Mitigations Advice
User logs in using username/password Network Compromised Traffic Intercept via MITM Medium None Yes. HTTPS for transport, username and password can be used to retreive credentials but not decrypt credentials.
User logs in using username/password Network Compromised Traffic Intercept via MITM w/Replay Attack High None Yes. Randomly salted username/password prevents replay attacks.
Login server is hacked. Server Compromised "owned" server. (many) High None Yes. Login data at rest is encrypted w/keys not on server.
User downloads data from server. Network Compromised Traffic Intercept via MITM. Data is read. Medium None Yes. HTTPS for transport, sensitive data is in a (further) encrypted form. AES keys randomized for each request. RSA-2048 is strong (as of 2016). Subject to NSA-style long term storage attack.
User downloads data from server. Network Compromised Traffic Intercept via MITM. Request is replayed for additional information. Medium None Yes. Requests are signed, preventing request being used for any information other than the initially requested information.
User downloads data from server. Network Compromised Traffic Intercept via MITM. Data is manipulated. Medium None Yes. Requests are signed, preventing request being used for any information other than the initially requested information. Response data is also signed.
User downloads data from server. Network Compromised Traffic Intercept via MITM. Data is omitted or redirected. Medium Data is not stored. Yes. Data is signed and sensitive data is encrypted.
User downloads data from server. Server Compromised Malicious Server High Data may be unavailable. Yes. Data is signed and sensitive data is encrypted. User IP/fingerprints can be acquired for correlation attacks. Subject to NSA-style long term storage attack.
User uploads data to server. Network Compromised Traffic Intercept via MITM. Data is read. Medium None Yes. HTTPS for transport, sensitive data is in a (further) encrypted form. AES keys randomized for each request. RSA-2048 is strong (as of 2016). Subject to NSA-style long term storage attack.
User uploads data to server. Network Compromised Traffic Intercept via MITM. Data is read and HTTPS is skimmed or a certificate attack works. High None Yes. Sensitive data is in an encrypted form. AES keys randomized for each request. RSA-2048 is strong (as of 2016). Subject to NSA-style long term storage attack.
User uploads data to server. Network Compromised Traffic Intercept via MITM. Request is replayed to overwrite changes. High None Yes. Request signature is timestamped, limiting the viability of this attack to some number of seconds after the initial capture.
User uploads data to server. Network Compromised Traffic Intercept via MITM. Data is manipulated. High None Yes. Request signature is timestamped, limiting the viability of this attack to some number of seconds after the initial capture.
User uploads data to server. Network Compromised Traffic Intercept via MITM. Data is omitted or redirected. Medium Data is not stored. Yes.
User deletes data. Network Compromised Traffic Intercept via MITM. Data is read. Medium None Yes. HTTPS for transport, sensitive data is in a (further) encrypted form. AES keys randomized for each request. RSA-2048 is strong (as of 2016).
User deletes data. Network Compromised Traffic Intercept via MITM. Request is replayed to delete additional material. High None Yes. Request signature is timestamped, limiting the viability of this attack to some number of seconds after the initial capture. Request signature also denotes the material to be deleted.
User deletes data. Network Compromised Traffic Intercept via MITM. Data is manipulated. High None Yes. Request signature is timestamped, limiting the viability of this attack to some number of seconds after the initial capture.
User deletes data. Network Compromised Traffic Intercept via MITM. Data is omitted or redirected. Medium Can be aborted, retaining data. Yes. Data is signed and sensitive data is encrypted.
User deletes data. Server Compromised Malicious Server High Can be aborted, retaining data. Yes. Data is signed and sensitive data is encrypted.

# Client-Side Attacks

Operation Threat Specific Attack Attack Effort Damages KBAC Effective? Protections Mitigations Advice
User logs in using username/password Client Compromised Malicious Browser / Plugin Low One Person Compromised, cannot use Private Keys any longer. Public key should be blacklisted. No. We encourage servers to require HTTP/S which prevents some damages.
User logs in using username/password Client Compromised Worm / Virus / Keylogger Low One Person Compromised, cannot use Private Keys any longer. Public key should be blacklisted. No. Automated login prevents keylogger use.
User logs in using username/password Website Compromised Malicious Javascript High Every User after server compromised is compromised WRT this system. Usernames and passwords may be sniffed if re-entered. Private Keys may be compromised. Public keys should be blacklisted. No. Automated login uses post-hashed credentials, preventing username/password from being reused in other systems. Client code should be served from a signed third party (Android application, other application)
User downloads data from server. Client Compromised Data altered before viewing on browser. (credentials added, removed, targeted attack) High Viewed data for compromised client. No. Client code should work in an isolated container, however, this theoretically can still be pierced.
User downloads data from server. Website Compromised Data altered before viewing on browser via malicious Javascript. High Viewed data for any clients who downloads the compromised site. No. Client code should be served from a signed third party (Android application, other application)
User uploads data to server. Client Compromised Malicious Browser High Data can be altered before upload. No.
User uploads data to server. Website Compromised Malicious Javascript High Data can be altered via javascript before upload. No.
User deletes data. Client Compromised Malicious Browser High Can be aborted, retaining data. Yes. Data is signed and sensitive data is encrypted.
User deletes data. Website Compromised Malicious Javascript High Can be aborted, retaining data. Yes.

Links and References