Threat modeling framework for mobile communication systems

Rao, Siddharth Prakash; Holtmanns, Silke; Aura, Tuomas

doi:10.1016/j.cose.2022.103047

Cited by 12 publications

(10 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lack of authentication H [17][18][19][20][21] Data privacy attacks H [17,[22][23][24] Lack of access control H [25][26][27][28] Identity-based attacks H [18,[29][30][31] Note: H is high risk.…”

Section: Risk Index Authormentioning

confidence: 99%

See 1 more Smart Citation

VoWi‐Fi security threats: Address resolution protocol attack and countermeasures

Lu,

Liu,

Chang

et al. 2024

IET Networks

View full text Add to dashboard Cite

B5G/6G networks are facing challenges in the deployment of additional base stations. However, Taiwan's four major operators have launched VoWi‐Fi calling services to maintain signal quality and coverage for customers. These services pose potential threats when users connect to untrusted Wi‐Fi networks. Therefore, the authors utilised commercial equipment to study the security of VoWi‐Fi calling services offered by Taiwan's four major telecom companies. The authors employed address resolution protocol attack methods to develop two verification attacks that bypass existing security measures: one for dropping session initiation protocol packets and the other for dropping voice call packets, both capable of circumventing current security defences. Through real‐world experiments, the authors confirmed their feasibility and assessed their potential harm. Consequently, two defence methods are proposed. The first is an anti‐attack algorithm for app and device manufacturers to detect the security of the user's calling environment. The second is a recommendation for telecom operators to implement new detection mechanisms to safeguard user rights.

show abstract

Section: Risk Index Authormentioning

confidence: 99%

“…In summary, as wireless communication technologies evolve, we must remain vigilant and proactively address the security challenges they present. Through comprehensive research, collaboration, and innovation, we can better ensure the safety and reliability of future communication technologies [46].…”

Section: Sign Statementioning

confidence: 99%

VoWi‐Fi security threats: Address resolution protocol attack and countermeasures

Lu,

Liu,

Chang

et al. 2024

IET Networks

View full text Add to dashboard Cite

show abstract

“…By addressing software security risks, organizations can reduce the likelihood and impact of security breaches and safeguard their software assets. Some of the key aspects considered in software security include threat modeling [99]- [102], secure design and development [103], authentication and authorization [104], data protection [105], regular updates and patching [106], secure configuration and deployment, secure testing, incident response and recovery, user education and awareness, compliance and regulations.…”

Section: Ensuring Availability and Reliabilitymentioning

confidence: 99%

Theory and practice in secure software development lifecycle: A comprehensive survey

Otieno¹,

Odera²,

Ounza³

2023

World J. Adv. Res. Rev.

View full text Add to dashboard Cite

Software development security refers to the practice of integrating security measures and considerations throughout the software development lifecycle to ensure the confidentiality, integrity, and availability of software systems. It involves identifying, mitigating, and eliminating security vulnerabilities and threats that could be exploited by attackers. The goal of this paper is to survey the various concepts and methodologies directed towards software security, and the identification of any missing gaps. Based on the findings, it is noted that the development of secure software requires a proactive and comprehensive approach. It begins with establishing secure design principles and incorporating security requirements from the initial stages of development. Here, secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, are employed to prevent common security vulnerabilities. In addition, regular security testing, including penetration testing and vulnerability scanning, helps identify and address potential weaknesses in the software. Normally, code reviews and security audits are conducted to ensure adherence to secure coding practices and identify any security flaws. It is important that security training and awareness programs be provided to developers and other stakeholders to foster a security-conscious culture. To minimize potential vulnerabilities, secure configuration management, which involves properly configuring servers, networks, and dependencies may be utilized. On the other hand, regular updates and patching are essential to address known security vulnerabilities in software components. To guide their software development security practices, organizations may follow established security standards and frameworks such as ISO 27001 or NIST Cybersecurity Framework. By prioritizing software development security, organizations can protect sensitive data, prevent unauthorized access, and mitigate the risk of security breaches and incidents. In the long run, this helps build trust with users and stakeholders, enhances the reputation of the software, and reduces the potential impact of security incidents on the organization.

show abstract

“…Additionally, Threat modeling facilitates informed decision-making for management and technical teams. It aids in resource optimization by directing efforts towards addressing the most critical and high-impact vulnerabilities [8] [9]. Moreover, Threat modeling fosters a security-aware culture within organizations, encouraging a mindset that considers security implications throughout the entire development process.…”

Section: Introductionmentioning

confidence: 99%

A Systematic Evaluation of Artificial Intelligence's Impact on the Landscape of Threat Modeling

Pai,

R.Kunte,

Najee

2023

STAIQC

View full text Add to dashboard Cite

This article systematically evaluates the influence of Artificial Intelligence (AI) on the landscape of Threat modelingin cybersecurity. The study involves an extensive review of relevant journal articles, books, and conference papers to comprehensively assess the current state of the field. By synthesizing existing literature, we identify and analyze the ways in which AItechnologies are applied in Threat modelingmethodologies. The evaluation explores the strengths and limitations of these applications, shedding light on the advancements that have significantly enhancedThreat modeling.Furthermore, the research includes a meticulous gap analysis within the existing literature, revealing areas where further investigation is warranted. Identified gaps in the current research landscape serve as a foundation for proposing future research directions in AI-enhanced Threat modeling. The current literature related to the current landscape of Artificial Intelligence research in cybersecurity predominantly focuses on articles and active studies pertaining to the detection and prevention of cyber-attacks. However, there is a noticeable gap in the existing literature when it comes to leveraging Artificial Intelligence to enhance Threat modeling. While numerous innovative methods have been proposed in recent articles, these predominantly concentrate on Threat modeling within specific domains, such as unmanned vehicles, Cyber-Physical Systems, and Healthcare. There is a lack of generalization in applying these findings to improve Threat modeling practices more broadly. A promising avenue for further research lies in the automation of Threat modeling. Existing literature predominantly emphasizes the study of Threat generation areas, leaving other crucial aspects, such as Architecture representation and Model validation,in need of more comprehensive exploration and analysis

show abstract

Threat modeling framework for mobile communication systems

Cited by 12 publications

References 34 publications

VoWi‐Fi security threats: Address resolution protocol attack and countermeasures

VoWi‐Fi security threats: Address resolution protocol attack and countermeasures

Theory and practice in secure software development lifecycle: A comprehensive survey

A Systematic Evaluation of Artificial Intelligence's Impact on the Landscape of Threat Modeling

Contact Info

Product

Resources

About