Edith Cowan College Australia
This assignment will assess your understanding of attack tree methodology, your skills in the analysis of a concept and your research ability into identifying methods by which to compromise a specific entity. This assignment is the foundation for assignment 2. A manager at an accounting firm has recently discovered that a number of employees use various online social networking services. In the interest of the employees you have been hired by this firm to educate the employees on ways in which their Facebook or Twitter account could be compromised. The employees have basic to intermediate computer skills. In addition, they are quite naive regarding the security risks of using the Internet. A small internal survey discovered that the majority of employees do not use a personal firewall or anti-virus software on their Windows 7 operating system. In addition, they all use a Gmail email accounts to access Facebook or Twitter. Thus you can assume that overall ideal cyber security practices are not followed.
Using the background information draw a set of attack trees that reflect your analysis of how you could successfully compromise a Facebook or Twitter account. In the context of this assignment, ‘compromise’ refers to process of obtaining the user’s authentication credentials, obtaining the data within these online services, possessing the ability to misuse these online services for your own personal gain, or simply spying on the private content within these accounts. The manager is interested in all ways in which the account could be compromised.
The submission must be a Microsoft Word document. The diagrams may be produced using any software product but must be converted and inserted into the Microsoft Word document. All diagrams and text must be incorporated into one document. Assignments that are not in the specified format will not be marked. To demonstrate your research ability you must adequately reference each of the attack methods you have identified. It is recommended that you place the ‘in-text’ reference within each node of the attack tree.
Now these days, the communication process has evolved to such extent that it has become necessary for people to get in touch with their fellows in regular interval. The extensive usage of smart phones works as a catalyst regarding this factor. Therefore, it can be said that getting in touch with people has become an easy factor for the people. In addition to that, the evaluation in the field of different social networking sites also makes this fact simple by keeping the people in touch with one another. Using the social networking sites such as Facebook, Twitter people can get in touch with the unknown person and share their knowledge with them. This enhances their level of knowledge and makes them aware of the different societal issues.
However, while maintaining the communication process every individual needs to have the proper security measures that can ensure their security and privacy in the web platform. The main aim of this particular study is to evaluate the different security related threats to the social networking site Facebook. Along with that, the study also aims to gather an ample amount of knowledge regarding the proper identification of the different risk factors that are related to the social networking site Facebook through an approach, namely “Attack Trees”. In addition to that, this particular study also provides a brief description regarding the proper usage of the attack trees and their evaluation.
Description of attack trees
Once a particular threat has been determined with a high level of threat, there is the necessity to decompose those threat factors into fragmented objectives. Those particular objectives can also be decomposed into the actions of the different attackers (Rocha Flores, Holm, Nohlberg & Ekstedt, 2015). Therefore, the Threat Logic Trees (TLT) can be used for this kind of decomposition. This is considered as the structure that defines the attacker's goal as the root node. Along with that, every child node in the attack tree is connected to their parent node and they are related to each other through an OR or an AND relationship. In the case of the OR relationship, if any of the children nodes complete their tasks, then the parent node is considered as the successful one. On the other hand, when it comes to AND relationships, all the tasks need to be achieved in order to make the parent node to get successful ().
In order to get a better understanding of the construction of the attack trees, there needs to be a brief overview of the different levels and the different type of nodes. The root nodes are considered as the ultimate goal for the attacker (Kennedy & Kennedy, 2016). On the other hand, the intermediate nodes are considered as the subgoals that are necessary to be reached at the root or the primary goal. Along with that, the leaf nodes are considered as the attacker’s action. According to Forget, Chiasson & Biddle (2015), an attacker is only able to impact upon the system where they can interact with the system. This particular point of influence is mainly represented by the different leaf nodes of attack tree. All the different type of nodes is mainly derived from the different actions of the attacker. However, the attacker is not able to enter in the attack tree at the different intermediate nodes.
The attack trees are also considered as a method that is able to graphically represent the probable attacks against a particular system by using an attack tree diagram. It is quite similar to the structured tree diagram. Alazab, Hobbs, Abawajy, Khraisat & Alazab (2014) said that the attack trees mainly provide a formal and methodological way that can easily describe the security of the system based on different type of attacks. Once a particular attack tree is generated, one can easily assign the values to the different leaf nodes and based on that generate the calculations regarding the nodes. Therefore, it can be said that, once the values are provided to the nodes, then the security of the goal can be measured easily. The different characteristics of an attack mainly help to associate the risk factors with a particular type of attack. In addition to that, according to Li, Tryfonas & Li (2016), an attack tree can also include the special knowledge regarding the equipment that is needed along with the time that is required to complete a particular step. In addition to that, it also provides the knowledge regarding both the physical and the legal risk factors that are assumed by the attacker.
Different issues in Facebook
As the social networking sites are gradually upgrading their features, therefore they also generate a proper sense of security threats to their users. According to Komatsu, Takagi & Takemura (2013), sometimes it is the users based on whose silly mistakes the intruders can break into their account and perform a different kind of unethical practices from there. The common security issues are described below.
Forget to log out
The users can easily enhance their security measures by always logging out from the device or the system. Along with that, the users can also move a step forward by closing the browser through which they view their accounts. Yaokumah (2014) said that, if the users get their accounts logged in, then anyone who has the access to the user's device or the system can get into their account and change the entire settings regarding their needs. This can easily reduce the security measures of the social networking sites.
Click on the unwanted advertisements
The technology has evolved to such extent that the viruses and worms can easily find their way to the system by the different advertisements. The advertising in the web platform seems to like the real ones, however by clicking on those ads, the users are redirected to an unknown website and the viruses find their way in to the system or to the device.
Connection with strangers
The users or the account holders need to be aware of the fact that with whom they are connecting to the social platform. According to Alavi et al. (2016), connecting with unknown people in the different social platform and sharing the set of information with them can cause a huge result to a particular account holder. The intruders can create the fake accounts in order to get the important set of information from an individual or from an organization. Therefore, the individuals need to be very much aware while receiving the unknown friend invitations in the social media platform.
Worms in the social networking sites
Along with the mentioned threats, there is another threat factor, which is the existence of worms in the social media platforms. These worms are mainly designed to propagate across the different social networking sites such as Twitter, Facebook. They are also able to enlist an ample amount of numbers into their botnet and can take out all the necessary set of information from the accounts. Along with that, they are also able to send spams that can easily enlist more systems or devices. Koobface is considered as the largest web 2.0 botnet (Bahl & Wali, 2014).
The social networking platforms are considered as the place where a user can share his or her knowledge with other people. Along with that, sometimes the organizations use this platform to detail their projects and different information regarding the project. Gangwar, Date & Ramaswamy (2015) said that the unauthorized users or the intruders can easily check those set of information can perform a different kind of unethical practices with those set of data. In addition to that, the intruders also perform the phishing attacks over the users through which they can take out all the important data set for the users. Along with that, the use of Trojan viruses can also help the intruders to take all the data set from a user. According to Singhal et al. (2013), Zeus was one of the well-known banking Trojan that has been provided with a new motivation by the social networks. Zeus Trojan was used in 2009 for a high profile theft in the Duanesburg Central School district in the New York State.
Botnets are the other type of security threats to the social networking account holders. Earlier the security researchers had discovered the fact that the Twitter accounts were being used as a command and control channel for some botnets (Baskerville, Hee Park & Kim, 2014). IRC was considered as the standard command and control channel. Along with that, some have used the other commands and applications. However, Twitter is unable to restrict those accounts and because of this factor, the botnets are spreading the different malicious activities in the different systems.
Cross-Site Request Forgery
This is considered as the type of technique that is mainly used to spread the worms. The CSRF attacks mainly to exploit the trust factor of a social networking application that is already in the browsers of the logged in users.
According to Jiang et al. (2014), it is considered as the common type of threat as users have an ample amount of trust on the social media platforms. As e-mails and the instant messages have gathered the trust of the users after they were frequently being used for the different purposes.
Implication of Attack tree on the social networking site Facebook
When it comes to the analysis of the attack trees in terms of the social networking site Facebook, it is quite similar to the process of internet banking. The development of the attack trees for the security risks of the Facebook includes two different stages. According to Stolpe, Mitsos & Tsoukalas (2015), one of them is the proper identification of the known security issues that can create an ample amount of impact over Facebook. On the other hand, the next stage is the proper development of the attack tree that can easily define the security threats that can create an impact on Facebook. The proper implementation of the attack tree can help Facebook to mitigate the different security related issues.
The below attack tree diagram mainly represents the security risk factors that are related to the Facebook. In the diagram, the round symbols are used to define the security countermeasures those are integrated with a particular threat factor.
Figure 1: Attack tree method for Facebook
(Source: Created by self)
The misuse of the different user credentials as a factor in order to compromise a social networking account includes different risk factors. Jose et al. (2016) said that those are considered as the leaf nodes of the attack tree.
The main risk factor resides in the theft of data or the password details. In addition to that, the installation of particular software into a system can help the intruder to get the user credentials. Therefore, it may compromise the login of the user and the information regarding passwords (Boro, Basumatary, Goswami & Bhattacharyya, 2016). In addition to that, the use of screen capture, keyboard logger can also be counted as the threats for the user's credentials.
The use of the different hidden codes in the web pages can exploit the different vulnerable factors that can install the malicious codes. In addition to that, the intruders may use the worms as an alternative form of attack. It mainly finds out the vulnerabilities and exploits those vulnerabilities automatically. In addition to that, the malicious codes can also be installed by the emails. The malicious codes are sent as the attachment files and then the user opens those files accidentally and installs the malicious software into their systems (Mori et al. 2015).
This is considered as the use of technology that is able to generate the username and password automatically. If Facebook is taken as an example, then it provides their user with a chance to identify their “friends” in order to generate the new set of the password.
In addition to the above-mentioned aspects, a major issue is the manipulation of the different third party applications those are used within the Facebook system. Along with that, the users sometimes redirected to some other malicious sites. According to Wei & Zhang (2016), this can also be counted as a major threat factor for the users.
Evaluation of the attack trees
The attack tree diagram mainly provides a formal method in order to understand the different security threats. According to Xie et al. (2013), the attack tree mainly creates the base of understanding the security process. The attack tree diagram has a certain amount of advantages. One of them is the fact that it allows the proper modelling of complex security related threats that can generate a good amount of understanding. In addition to that, by using the attack tree, the different security threats can be easily segmented into different sub-components that also enhance the chance for the better understanding of the threat factors. Moreover, this approach also allows identifying the exact link in between the security threats and the security countermeasures (Fangfang, Dingyi, Huaijun, Jinrong & Xiaoqing, 2015).
In addition to that, it also finds the link in between the countermeasure and the threat factor in an attack tree diagram. However, this particular attack tree approach also has some sort of limitations. This particular approach does not factor in the attack type. In addition to that, this particular approach does not factor in the temporal issues. As the social networking sites are becoming the most powerful web 2.0 components, therefore the chance of the security threats have also been increased. Therefore, it is essential for the security professionals to have the ability that can develop the different organizational solutions regarding the threat factors. In addition to that, according to Kammüller, Nurse & Probst (2016), it also ensures a particular fact that the security solutions are very much comprehensive. Moreover, throughout the proposed attack tree diagram, the new techniques that are related to the social engineering have also been observed.
After summing up the entire study, it has been evaluated that the attack trees can lead the social networking site’s security to such extent that the intruders find it tough to go through the system. Along with that, it also provides a depth amount of knowledge to the users regarding the different security related threats that may become larger if they are not mitigated. In addition to that, the study also concludes an important fact that the different social networking sites are gradually becoming the more prominent target of the intruders as they have become very much popular in between the people.
Along with that, as the people are trying to make themselves available in the social media sites, therefore it has become easier for the intruders to break into the system. Therefore, it can be said that with the enhancement in the number of people in the different social media platforms, the number of attacks is also getting increased. That is why the proper countermeasures are required and the attack trees are considered as the best countermeasure for this.