Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
175 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Towards an Improved Taxonomy of Attacks related to Digital Identities and Identity Management Systems (2407.16718v1)

Published 23 Jul 2024 in cs.CR

Abstract: Digital transformation with the adoption of cloud technologies, outsourcing, and working-from-home possibilities permits flexibility for organizations and persons. At the same time, it makes it more difficult to secure the IT infrastructure as the IT team needs to keep track of who is accessing what data from where and when on which device. With these changes, identity management as a key element of security becomes more important. Identity management relates to the technologies and policies for the identification, authentication, and authorization of users (humans, devices) in computer networks. Due to the diversity of identity management (i.e., models, protocols, and implementations), different requirements, problems, and attack vectors need to be taken into account. In order to secure identity management systems with their identities, a systematic approach is required. In this article, we propose the improved framework Taxonomy for Identity Management related to Attacks (TaxIdMA). The purpose of TaxIdMA is to classify existing attacks, attack vectors, and vulnerabilities associated with system identities, identity management systems, and end-user identities. In addition, the background of these attacks can be described in a structured and systematic way. The taxonomy is applied to the Internet of Things and self-sovereign identities. It is enhanced by a description language for threat intelligence sharing. Last but not least, TaxIdMA is evaluated and improved based on expert interviews, statistics, and discussions. This step enables broader applicability and level of detail at the same time. The combination of TaxIdMA, which allows a structured way to outline attacks and is applicable to different scenarios, and a description language for threat intelligence help to improve the security identity management systems and processes.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (170)
  1. “Cybersecurity in the Remote Work Era: A Global Risk Report”. Report, Ponemon Institute, 2020.
  2. “Why Older Adults (Don’t) Use Password Managers”. In Proceedings of the 30th USENIX Security Symposium (USENIX Security), pages 73–90, Berkeley, CA, USA, August 2021. USENIX Association. [Online]. Available: https://www.usenix.org/conference/usenixsecurity21/presentation/ray.
  3. “Why people (don’t) use password managers effectively”. In Proceedings of the 15th Symposium on Usable Privacy and Security (SOUPS), pages 319–338, Berkeley, CA, USA, August 2019. USENIX Association. [Online]. Available: https://www.usenix.org/conference/soups2019/presentation/pearman.
  4. “Why Users (Don’t) Use Password Managers at a Large Educational Institution”. In Proceedings of the 31st USENIX Security Symposium (USENIX Security), pages 1849–1866, Berkley, CA, USA, August 2022. USENIX Association. [Online]. Available: https://www.usenix.org/conference/usenixsecurity22/presentation/mayer.
  5. kaggle. “Common Password List (rockyou.txt)”. https://www.kaggle.com/datasets/wjburns/common-password-list-rockyoutxt, 2021. accessed July 23, 2024.
  6. OffSec Services. “John”. https://www.kali.org/tools/john/, 2022. accessed July 23, 2024.
  7. OffSec Services. “Brutespray”. https://www.kali.org/tools/brutespray/, 2022. accessed July 23, 2024.
  8. “The Password Life Cycle”. ACM Trans. Priv. Secur., vol. 21, no. 3, 2018.
  9. “Don’t Forget the Stuffing! Revisiting the Security Impact of Typo-Tolerant Password Authentication”. In Proceedings of the SIGSAC Conference on Computer and Communications Security (CCS), CCS ’21, pages 252–270, New York, NY, USA, 2021. Association for Computing Machinery.
  10. “The SolarWinds Hack, and a Grand Challenge for CS Education”. Commun. ACM, vol. 64, no. 4, 6–7, mar 2021.
  11. “Perspectives on the SolarWinds Incident”. IEEE Security & Privacy, vol. 19, no. 2, 7–13, 2021.
  12. “On SolarWinds Orion Platform Security Breach”. In Proceedings of the SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/IOP/SCI), pages 636–641, New York, NY, USA, 2021. IEEE.
  13. Lothar Fritsch. “Identity management as a target in cyberwar”. In Heiko Roßnagel, Christian H. Schunck, Sebastian Mödersheim and Detlef Hühnlein, editors, Proceedings of the Open Identity Summit (OIS), pages 61–70, Bonn, Germany, 2020. GI.
  14. Purple Knights Security. “Purple Knight Report 2022 – Facing the Unknown: Uncovering & Addressing Systemic Active Directory Security Failures”. Report, Purple Knights Security, 2022.
  15. OASIS Cyber Threat Intelligence Technical Committee. “Introduction to STIX”. https://oasis-open.github.io/cti-documentation/stix/intro.html, 2022.
  16. “TaxIdMA: Towards a Taxonomy for Attacks Related to Identities”. In Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES), New York, NY, USA, 2022. Association for Computing Machinery.
  17. “On Data Protection Using Multi-Factor Authentication”. In Proceedings of the 2019 International Conference on Information System and System Management, ISSM 2019, page 1–4, New York, NY, USA, 2020. Association for Computing Machinery. [Online]. Available: https://doi.org/10.1145/3394788.3394789.
  18. “Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service”. ACM Trans. Priv. Secur., vol. 26, no. 1, nov 2022. [Online]. Available: https://doi.org/10.1145/3546069.
  19. “Locked Your Phone? Buy a New One? From Tales of Fallback Authentication on Smartphones to Actual Concepts”. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI ’15, page 295–305, New York, NY, USA, 2015. Association for Computing Machinery. [Online]. Available: https://doi.org/10.1145/2785830.2785839.
  20. Sara Motiee, Kirstie Hawkey and Konstantin Beznosov. “Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices”. In Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS ’10, New York, NY, USA, 2010. Association for Computing Machinery. [Online]. Available: https://doi.org/10.1145/1837110.1837112.
  21. Vipin Samar. “Unified Login with Pluggable Authentication Modules (PAM)”. In Proceedings of the 3rd ACM Conference on Computer and Communications Security, CCS ’96, page 1–10, New York, NY, USA, 1996. Association for Computing Machinery. [Online]. Available: https://doi.org/10.1145/238168.238177.
  22. Mohammed A. Qadeer, Mohammad Salim and M. Sana Akhtar. “Profile Management and Authentication Using LDAP”. In Proceedings of the International Conference on Computer Engineering and Technology (ICCET), volume 2, pages 247–251, New York, NY, USA, 2009. IEEE.
  23. Doug Lowe. Managing Windows User Accounts, pages 213–230. 2020.
  24. “Towards the Adoption of Secure Cloud Identity Services”. In Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES), pages 90:1–90:7, New York, NY, USA, 2017. ACM.
  25. “The Venn of Identity: Options and Issues in Federated Identity Management”. IEEE Security & Privacy, vol. 6, no. 2, 16–23, 2008.
  26. “Security Assertion Markup Language (SAML) V2.0 Technical Overview”. Technical report, OASIS, 2008.
  27. D. Hardt. “The oauth 2.0 authorization framework”. RFC 6749, RFC Editor, October 2012. http://www.rfc-editor.org/rfc/rfc6749.txt, [Online]. Available: http://www.rfc-editor.org/rfc/rfc6749.txt.
  28. “OpenID Connect Core 1.0”. Technical report, OpenID Foundation, 2014.
  29. Diana Berbecaru, Antonio Lioy and Cesare Cameroni. “Electronic Identification for Universities: Building Cross-Border Services Based on the eIDAS Infrastructure”. Information, vol. 10, no. 6, 2019. [Online]. Available: https://www.mdpi.com/2078-2489/10/6/210.
  30. “SoK: Single Sign-On Security — An Evaluation of OpenID Connect”. In Proceedings of the European Symposium on Security and Privacy (EuroS&P), pages 251–266, New York, NY, USA, 2017. IEEE.
  31. “OpenID Connect – Security Considerations”. Technical report, Ruhr Universität Bochum, 2017.
  32. Daniel Fett, Ralf Küsters and Guido Schmitz. “A Comprehensive Formal Security Analysis of OAuth 2.0”. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, page 1204–1215, New York, NY, USA, 2016. Association for Computing Machinery. [Online]. Available: https://doi.org/10.1145/2976749.2978385.
  33. “OAuth 2.0 Security Best Current Practice”. Internet-Draft draft-ietf-oauth-security-topics-16, IETF Secretariat, October 2020. http://www.ietf.org/internet-drafts/draft-ietf-oauth-security-topics-16.txt, [Online]. Available: http://www.ietf.org/internet-drafts/draft-ietf-oauth-security-topics-16.txt.
  34. T. Lodderstedt, M. McGloin and P. Hunt. “OAuth 2.0 Threat Model and Security Considerations”. RFC 6819, RFC Editor, January 2013.
  35. Frederick Hirsch, Rob Philpott and Eve Maler. “Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0”. Technical report, OASIS, 2005.
  36. Eve Maler, Maciej Machulak and Justin Richer. “User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization”. Kantara Specification, 2018.
  37. Eve Maler, Maciej Machulak and Justin Richer. “Federated Authorization for User-Managed Access (UMA 2.0”. Kantara Specification, 2017.
  38. “User-Managed Access to Web Resources”. In Proceedings of the 6th Workshop on Digital Identity Management (DIM), pages 35–44, New York, NY, USA, 2010. Association for Computing Machinery. [Online]. Available: https://doi.org/10.1145/1866855.1866865.
  39. Md Sadek Ferdous, Farida Chowdhury and Madini O. Alassafi. “In Search of Self-Sovereign Identity Leveraging Blockchain Technology”. IEEE Access, vol. 7, 103059–103079, 2019.
  40. “Self-Sovereign Digital Identity: A Paradigm Shift for Identity”. IEEE Security Privacy, vol. 17, no. 3, 17–27, May 2019.
  41. Nitin Naik, Paul Grace and Paul Jenkins. “An Attack Tree Based Risk Analysis Method for Investigating Attacks and Facilitating Their Mitigations in Self-Sovereign Identity”. In Proceedings of the Symposium Series on Computational Intelligence (SSCI), pages 1–8, New York, NY, USA, 2021. IEEE.
  42. “Identity management systems: Laws of identity for models evaluation”. In Proceedings of the 4th IEEE International Colloquium on Information Science and Technology (CiSt), pages 736–740, New York, NY, USA, Oct 2016. IEEE.
  43. Bob Martin. “Common Vulnerabilities Enumeration (CVE), Common Weakness Enumeration (CWE), and Common Quality Enumeration (CQE): Attempting to Systematically Catalog the Safety and Security Challenges for Modern, Networked, Software-Intensive Systems”. Ada Lett., vol. 38, no. 2, 9–42, dec 2019. [Online]. Available: https://doi.org/10.1145/3375408.3375410.
  44. MITRE Corporation. “CWE – Common Weakness Enumeration”. https://cwe.mitre.org, 2022. accessed July 23, 2024.
  45. “MITRE ATT&CK: Design and Philosophy”. Report, The MITRE Corporation, 2020.
  46. “Cyber Kill Chain based Threat Taxonomy and its Application on Cyber Common Operational Picture”. In Proceedings of the International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), pages 1–8, New York, NY, USA, 2018. IEEE.
  47. MITRE Corporation. “CAPEC – Common Attack Pattern Enumeration and Classification”. https://capec.mitre.org, 2022. accessed July 23, 2024.
  48. OWASP. “Projects”. https://owasp.org/projects/, 2022. accessed July 23, 2024.
  49. “Taxonomies of Attacks and Vulnerabilities in Computer Systems”. IEEE Communications Surveys Tutorials, vol. 10, no. 1, 6–19, 2008.
  50. Ian M. Chapman, Sylvain P. Leblanc and Andrew Partington. “Taxonomy of Cyber Attacks and Simulation of Their Effects”. In Proceedings of the Military Modeling & Simulation Symposium (MMS), pages 73–80, San Diego, CA, USA, 2011. Society for Computer Simulation International.
  51. “An Analysis of Cyber Security Attack Taxonomies”. In Proceedings of the IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 153–161, 2018.
  52. Identity Attack Vectors. Apress, 2020.
  53. “Cloud identity management security issues & solutions: a taxonomy”. Complex Adaptive Systems Modeling, vol. 2, no. 1, 5, 2014.
  54. “A Taxonomy and a Knowledge Portal for Cybersecurity”. In Proceedings of the 15th Annual International Conference on Digital Government Research (DG-O), pages 79–85, New York, NY, USA, 2014. ACM.
  55. “Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies”. In Proceedings of the Workshop on Information Sharing & Collaborative Security (WISCS), pages 51–60, New York, NY, USA, 2014. ACM.
  56. “A Survey in Presentation Attack and Presentation Attack Detection”. In Proceedings of the International Carnahan Conference on Security Technology (ICCST), pages 1–13, New York, NY, USA, 2019. IEEE.
  57. “Exploring the Taxonomy of USB-Based Attacks”. In Proceedings of the 12th International Conference Management of Large-Scale System Development (MLSD), pages 1–4, New York, NY, USA, 2019. IEEE.
  58. “Toward a Taxonomy and Attacker Model for Secure Routing Protocols”. SIGCOMM Comput. Commun. Rev., vol. 47, no. 1, 43–48, jan 2017.
  59. Sarathiel Chaipa, Ernest Ketcha Ngassam and Singh Shawren. “Towards a New Taxonomy of Insider Threats”. In Proceedings of the IST-Africa Conference (IST-Africa), pages 1–10, New York, NY, USA, 2022. IEEE.
  60. “A taxonomy of IoT: Security and privacy threats”. In Proceedings fo the International Conference on Information and Computer Technologies (ICICT), pages 72–77, New York, NY, USA, 2018. IEEE.
  61. “Internet of Things (IoT): Taxonomy of security attacks”. In Proceedings of the 3rd International Conference on Electronic Design (ICED), pages 321–326, New York, NY, USA, 2016. IEEE.
  62. “A Survey of Security Challenges, Attacks Taxonomy and Advanced Countermeasures in the Internet of Things”. IEEE Access, vol. 8, 219709–219743, 2020.
  63. “Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations”. IEEE Communications Surveys & Tutorials, vol. 21, no. 3, 2702–2733, 2019.
  64. Lars Wüstrich, Marc-Oliver Pahl and Stefan Liebald. “Towards an Extensible IoT Security Taxonomy”. In Proceedings of the IEEE Symposium on Computers and Communications (ISCC), pages 1–6, New York, NY, USA, 2020. IEEE.
  65. “Securing the Internet of Things (IoT): A Security Taxonomy for IoT”. In Proceedings of the 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pages 163–168, New York, NY, USA, 2018. IEEE.
  66. “Playing With Danger: A Taxonomy and Evaluation of Threats to Smart Toys”. IEEE Internet of Things Journal, vol. 6, no. 2, 2986–3002, 2019.
  67. Phillip Williams, Pablo Rojas and Magdy Bayoumi. “Security Taxonomy in IoT – A Survey”. In Proceedings of the 62nd International Midwest Symposium on Circuits and Systems (MWSCAS), pages 560–565, New York, NY, USA, 2019. IEEE.
  68. “A Taxonomy of Privacy, Trust, and Security Breach Incidents of Internet-of-Things Linked to F(M).A.A.N.G. Corporations”. In Proceedings of the World AI IoT Congress (AIIoT), pages 591–596, New York, NY, USA, 2022. IEEE.
  69. “Consumer, Commercial, and Industrial IoT (In)Security: Attack Taxonomy and Case Studies”. IEEE Internet of Things Journal, vol. 9, no. 1, 199–221, 2022.
  70. “A Taxonomy of IoT Client Architectures”. IEEE Software, vol. 35, no. 3, 83–88, 2018.
  71. “Security in IoT-based Smart Homes: A Taxonomy Study of Detection Methods of Mirai Malware and Countermeasures”. In Proceedings of the International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME), pages 1–6, New York, NY, USA, 2021. IEEE.
  72. “Taxonomy of authentication techniques in Internet of Things (IoT)”. In Proceedings of the 15th Student Conference on Research and Development (SCOReD), pages 67–71, New York, NY, USA, 2017. IEEE.
  73. “Attacks and Defenses in Short-Range Wireless Technologies for IoT”. IEEE Access, vol. 8, 88892–88932, 2020.
  74. “A taxonomy of identities management systems in IOT0”. In Proceedings of the IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA), pages 1–8, New York, NY, USA, 2015. IEEE.
  75. Anastasios N. Bikos and Sathish A. P. Kumar. “Securing Digital Ledger Technologies-Enabled IoT Devices: Taxonomy, Challenges, and Solutions”. IEEE Access, vol. 10, 46238–46254, 2022.
  76. “A Survey on Resilience in the IoT: Taxonomy, Classification, and Discussion of Resilience Mechanisms”. ACM Comput. Surv., vol. 54, no. 7, sep 2021.
  77. Faisal Alsubaei, Abdullah Abuhussein and Sajjan Shiva. “Security and privacy in the internet of medical things: Taxonomy and risk assessment”. In Proceedings of the 42nd Conference on Local Computer Networks Workshops (LCN Workshops), pages 112–120, New York, NY, USA, 2017. IEEE.
  78. David Redding, Jian Ang and Suman Bhunia. “A Case Study of Massive API Scrapping: Parler Data Breach After the Capitol Riot”. In Proceedings of the 7th International Conference on Smart and Sustainable Technologies (SpliTech), pages 1–7, New York, NY, USA, 2022. IEEE.
  79. “Vulnerability in massive api scraping: 2021 linkedin data breach”. In Proceedings of the International Conference on Computational Science and Computational Intelligence (CSCI), pages 777–782, New York, NY, USA, 2021. IEEE.
  80. “Analyzing SocialArks Data Leak - A Brute Force Web Login Attack”. In Proceedings of the 4th International Conference on Computer Communication and the Internet (ICCCI), pages 21–27, New York, NY, USA, 2022. IEEE.
  81. “A Case Study of Credential Stuffing Attack: Canva Data Breach”. In Proceedings of the International Conference on Computational Science and Computational Intelligence (CSCI), pages 735–740, New York, NY, USA, 2021. IEEE.
  82. “Red Toad, Blue Toad, Hacked Toad?”. In Proceedings of the World AI IoT Congress (AIIoT), pages 379–386, New York, NY, USA, 2022. IEEE.
  83. “A Systematic Review of 2021 Microsoft Exchange Data Breach Exploiting Multiple Vulnerabilities”. In Proceedings of the 7th International Conference on Smart and Sustainable Technologies (SpliTech), pages 1–6, New York, NY, USA, 2022. IEEE.
  84. “A Case Study on the Multi-Vector Data Breach on Astoria”. In Proceedings of the 4th International Conference on Computer Communication and the Internet (ICCCI), pages 51–57, New York, NY, USA, 2022. IEEE.
  85. “A Study on Brute Force Attack on T-Mobile Leading to SIM-Hijacking and Identity-Theft”. In Proceedings of the World AI IoT Congress (AIIoT), pages 501–507, New York, NY, USA, 2022. IEEE.
  86. “On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey”. IEEE Access, vol. 9, 109289–109319, 2021.
  87. N Anita. and M Vijayalakshmi. “Blockchain Security Attack: A Brief Survey”. In Proceedings of the 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pages 1–6, New York, NY, USA, 2019. IEEE.
  88. “Exploring the Attack Surface of Blockchain: A Comprehensive Survey”. IEEE Communications Surveys & Tutorials, vol. 22, no. 3, 1977–2008, 2020.
  89. “Survey of Web Application Vulnerability Attacks”. In Proceedings of the 4th International Conference on Advanced Computer Science Applications and Technologies (ACSAT), pages 154–158, New York, NY, USA, 2015. IEEE.
  90. “Mitigation of attack on authenticating identities in ad-hoc network”. In Proceedings of the International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS), pages 1027–1032, New York, NY, USA, 2017. IEEE.
  91. “A detection technique for identity based attacks in clustered mobile ad-hoc networks”. In Proceedings of the International Conference on Advances in Computer Engineering and Applications (ICACEA), pages 893–898, New York, NY, USA, 2015. IEEE.
  92. Leila Bahri. “Identity Related Threats, Vulnerabilities and Risk Mitigation in Online Social Networks: A Tutorial”. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), page 2603–2605, New York, NY, USA, 2017. Association for Computing Machinery.
  93. Surbhi Gupta, Abhishek Singhal and Akanksha Kapoor. “A literature survey on social engineering attacks: Phishing attack”. In Proceedings of the International Conference on Computing, Communication and Automation (ICCCA), pages 537–540, New York, NY, USA, 2016. IEEE.
  94. “Addressing False Identity Attacks in Action-Based P2P Social Networks with an Open Census”. In Proceedings of the IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT) - Volume 03, WI-IAT ’13, page 50–57, USA, 2013. IEEE Computer Society.
  95. “De-Anonymisation Attacks on Tor: A Survey”. IEEE Communications Surveys & Tutorials, vol. 23, no. 4, 2324–2350, 2021.
  96. Esra Erdin, Chris Zachor and Mehmet Hadi Gunes. “How to Find Hidden Users: A Survey of Attacks on Anonymity Networks”. IEEE Communications Surveys & Tutorials, vol. 17, no. 4, 2296–2316, 2015.
  97. “Survey on Threats and Attacks on Mobile Networks”. IEEE Access, vol. 4, 4543–4572, 2016.
  98. Jose Maria Briones, Mario Alejandro Coronel and Patricia Chavez-Burbano. “Case of study: Identity theft in a university WLAN Evil twin and cloned authentication web interface”. In Proceedings of the World Congress on Computer and Information Technology (WCCIT), pages 1–4, New York, NY, USA, 2013. IEEE.
  99. “A Survey of Advanced Persistent Threats Attack and Defense”. In Proceedings of the 6th International Conference on Data Science in Cyberspace (DSC), pages 608–613, New York, NY, USA, 2021. IEEE.
  100. “Survey: Cybersecurity Vulnerabilities, Attacks and Solutions in the Medical Domain”. IEEE Access, vol. 7, 168774–168797, 2019.
  101. Ş. Okul and M. Ali Aydın. “Security Attacks on IoT”. In Proceedings of the International Conference on Computer Science and Engineering (UBMK), pages 1–5, New York, NY, USA, 2017. IEEE.
  102. “Security attacks in IoT: A survey”. In Proceedings of the International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), pages 32–37, New York, NY, USA, 2017. IEEE.
  103. R. Barona and E. A. Mary Anita. “A Survey on Data Breach Challenges in Cloud Computing Security: Issues and Threats”. In Proceedings of the International Conference on Circuit ,Power and Computing Technologies (ICCPCT), pages 1–8, New York, NY, USA, 2017. IEEE.
  104. “Analyzing and Identifying Data Breaches in Underground Forums”. IEEE Access, vol. 7, 48770–48777, 2019.
  105. “Modeling and Predicting Cyber Hacking Breaches”. In Proceedings of the 5th International Conference on Intelligent Computing and Control Systems (ICICCS), pages 288–293, New York, NY, USA, 2021. IEEE.
  106. “Mind Your Wallet’s Privacy: Identifying Bitcoin Wallet Apps and User’s Actions through Network Traffic Analysis”. In Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing (SAC), pages 1484–1491, New York, NY, USA, 2019. Association for Computing Machinery.
  107. “Pushing the limits of cyber threat intelligence: Extending stix to support complex patterns”. In Shahram Latifi, editor, Information Technology: New Generations, pages 213–225, Cham, 2016. Springer International Publishing.
  108. Manfred Vielberth, Florian Menges and G√ľnther Pernul. “Human-as-a-security-sensor for harvesting threat intelligence”. Cybersecurity, vol. 2, no. 1, 23, Oct 2019. [Online]. Available: https://doi.org/10.1186/s42400-019-0040-0.
  109. OASIS Cyber Threat Intelligence TC. “TAXII Version 2.1”. Oasis standard, OASIS, 2021.
  110. FireEye. “OpenIOC 1.1 DRAFT – README”. https://github.com/fireeye/OpenIOC_1.1, 2020. accessed July 23, 2024.
  111. SECEF. “IODEF Introduction”. https://www.secef.net/secef/iodef/iodef-introduction/, 2022. accessed July 23, 2024.
  112. Jan Meijer, Roman Danyliw and Yuri Demchenko. “The Incident Object Description Exchange Format”. RFC 5070, December 2007. accessed July 23, 2024, [Online]. Available: https://www.rfc-editor.org/info/rfc5070.
  113. Brian Trammell. “Expert Review for Incident Object Description Exchange Format (IODEF) Extensions in IANA XML Registry”. RFC 6685, July 2012. accessed July 23, 2024, [Online]. Available: https://www.rfc-editor.org/info/rfc6685.
  114. Takeshi Takahashi, Kent Landfield and Youki Kadobayashi. “An Incident Object Description Exchange Format (IODEF) Extension for Structured Cybersecurity Information”. RFC 7203, April 2014. accessed July 23, 2024, [Online]. Available: https://www.rfc-editor.org/info/rfc7203.
  115. Ryan Stillions. “The DML model”. https://ryanstillions.blogspot.com/2014/04/the-dml-model_21.html, 2014. accessed July 23, 2024.
  116. Siri Bromander, Audun Jøsang and Martin Eian. “Semantic Cyberthreat Modelling”. In Proceedings of the Semantic Technology for Intelligence, Defense, and Security (STIDS), pages 74–78, Aachen, Germany, 2016. CEUR Workshop.
  117. Maryam Pahlevan, Artemis Voulkidis and Terpsichori-Helen Velivassaki. “Secure Exchange of Cyber Threat Intelligence Using TAXII and Distributed Ledger Technologies - Application for Electrical Power and Energy System”. In Proceedings of the 16th International Conference on Availability, Reliability and Security (ARES), New York, NY, USA, 2021. Association for Computing Machinery.
  118. “Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence”. In Proceedings of the European Intelligence and Security Informatics Conference (EISIC), pages 91–98, New York, NY, USA, 2017. IEEE.
  119. “Cyber Threat Information Sharing: Perceived Benefits and Barriers”. In Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES), New York, NY, USA, 2019. Association for Computing Machinery.
  120. “What’s in a Cyber Threat Intelligence Sharing Platform? A Mixed-Methods User Experience Investigation of MISP”. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), page 385–398, New York, NY, USA, 2021. Association for Computing Machinery.
  121. “Investigating Sharing of Cyber Threat Intelligence and Proposing A New Data Model for Enabling Automation in Knowledge Representation and Exchange”. Digital Threats, vol. 3, no. 1, oct 2021.
  122. “Threat Actor Type Inference and Characterization within Cyber Threat Intelligence”. In Proceedings of the 13th International Conference on Cyber Conflict (CyCon), pages 327–352, New York, NY, USA, 2021. IEEE.
  123. “MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform”. In Proceedings of the Workshop on Information Sharing and Collaborative Security (WISCS), page 49–56, New York, NY, USA, 2016. Association for Computing Machinery.
  124. OpenCTI Platform. “OpenCTI”. https://github.com/OpenCTI-Platform/opencti, 2022. accessed July 23, 2024.
  125. . “TheHive”. https://github.com/TheHive-Project/TheHive, 2022. accessed July 23, 2024.
  126. Stefan Wendzel, Luca Caviglione and Wojciech Mazurczyk. “Avoiding research tribal wars using taxonomies”. IEEE Computer, vol. 56, no. 1. In Press.
  127. “A Taxonomy of Computer Program Security Flaws”. ACM Comput. Surv., vol. 26, no. 3, 211–254, 1994.
  128. “How to systematically classify computer security intrusions”. In Proceedings of the IEEE Symposium on Security and Privacy (S&P), pages 154–163, New York, NY, USA, 1997.
  129. Mahdi Jaafar Muhesin Al-Saadi and Muhammad Ilyas. “Identity Management Approach in Internet of Things (IoT)”. In Proceedings of the 4th International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT), pages 1–6, New York, NY, USA, 2020. IEEE.
  130. Bo Zhao, Pengyuan Zhao and Peiru Fan. “ePUF: A lightweight double identity verification in IoT”. Tsinghua Science and Technology, vol. 25, no. 5, 625–635, 2020.
  131. “Distributed, Secure, Self-Sovereign Identity for IoT Devices”. In Proceedings of the 6th World Forum on Internet of Things (WF-IoT), pages 1–6, New York, NY, USA, 2020. IEEE.
  132. “A Survey of Identity Modeling and Identity Addressing in Internet of Things”. IEEE Internet of Things Journal, vol. 7, no. 6, 4697–4710, 2020.
  133. “Identity-Based Authentication Technique for IoT Devices”. In Proceedings of the International Conference on Consumer Electronics (ICCE), pages 1–4, New York, NY, USA, 2022. IEEE.
  134. “Re-Shaping the EU Digital Identity Framework”. In Proceedings of the 23rd Annual International Conference on Digital Government Research (dg.o), page 13–21, New York, NY, USA, 2022. Association for Computing Machinery.
  135. “SoK: A Survey on Technological Trends for (Pre)Notified EIDAS Electronic Identity Schemes”. In Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES), New York, NY, USA, 2022. Association for Computing Machinery.
  136. “Towards the Classification of Self-Sovereign Identity Properties”. IEEE Access, vol. 10, 88306–88329, 2022.
  137. “Hacker types, motivations and strategies: A comprehensive framework”. Computers in Human Behavior Reports, vol. 5, 100167, 2022.
  138. “A taxonomy of network and computer attacks”. Computers & Security, vol. 24, no. 1, 31–43, 2005.
  139. “AVOIDIT: A Cyber Attack Taxonomy”. In Proceedings of the 9th Annual Symposium on Information Assurance (ASIA), pages 2–12, 2014.
  140. “A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks”. ACM Comput. Surv., vol. 48, no. 3, 2015.
  141. Federal Office for Information Security. “IT-Grundschutz-Compendium”. Standard, 2021.
  142. MITRE. “Steal or Forge Kerberos Tickets”. https://attack.mitre.org/techniques/T1558/, 2022. accessed July 23, 2024.
  143. Microsoft. “Microsoft Security Bulletin MS17-010 - Critical”. https://learn.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010, 2022. accessed July 23, 2024.
  144. Microsoft. “Microsoft Security Bulletin MS16-032 - Important”. https://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-032, 2022. accessed July 23, 2024.
  145. MITRE. “Steal or Forge Kerberos Tickets”. https://attack.mitre.org/techniques/T1550/002/, 2022. accessed July 23, 2024.
  146. MITRE. “Steal or Forge Kerberos Tickets: Kerberoasting”. https://attack.mitre.org/techniques/T1558/003/, 2022. accessed July 23, 2024.
  147. Kazi Istiaque Ahmed, Mohammad Tahir and Sian Lun Lau. “Trust Management for IoT Security: Taxonomy and Future Research Directions”. In Proceedings of the Conference on Application, Information and Network Security (AINS), pages 26–31, New York, NY, USA, 2020. IEEE.
  148. “Self-Sovereign Identity Specifications: Govern Your Identity Through Your Digital Wallet using Blockchain Technology”. In Proceedings of the 8th International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud), pages 90–95, New York, NY, USA, 2020. IEEE.
  149. “Current Status and Prospects of Blockchain Security Standardization”. In Proceedings of the 9th International Conference on Cyber Security and Cloud Computing (CSCloud)/2022 IEEE 8th International Conference on Edge Computing and Scalable Cloud (EdgeCom), pages 24–29, New York, NY, USA, 2022. IEEE.
  150. “Evaluation of Performance and Security of Proof of Work and Proof of Stake using Blockchain”. In Proceedings of the 3rd International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV), pages 279–283, New York, NY, USA, 2021. IEEE.
  151. “Exploring Security Threats on Blockchain Technology along with possible Remedies”. In Proceedings of the 7th International conference for Convergence in Technology (I2CT), pages 1–4, New York, NY, USA, 2022. IEEE.
  152. “Detecting Blockchain Security Threats”. In Proceedings of the International Conference on Blockchain (Blockchain), pages 313–320, New York, NY, USA, 2020. IEEE.
  153. Taha Ameen, Suryanarayana Sankagiri and Bruce Hajek. “Blockchain Security When Messages Are Lost”. In Proceedings of the Workshop on Developments in Consensus (ConsensusDay), pages 1–14, New York, NY, USA, 2022. Association for Computing Machinery.
  154. “How Does Blockchain Security Dictate Blockchain Implementation?”. In Proceedings of the SIGSAC Conference on Computer and Communications Security (CCS), pages 1006–1019, New York, NY, USA, 2021. Association for Computing Machinery.
  155. Ghassan Karame. “On the Security and Scalability of Bitcoin’s Blockchain”. In Proceedings of the SIGSAC Conference on Computer and Communications Security (CCS), page 1861–1862, New York, NY, USA, 2016. Association for Computing Machinery.
  156. Nils Amiet. “Blockchain Vulnerabilities in Practice”. Digital Threats, vol. 2, no. 2, mar 2021.
  157. Rui Zhang, Rui Xue and Ling Liu. “Security and Privacy on Blockchain”. ACM Comput. Surv., vol. 52, no. 3, jul 2019.
  158. “Modeling Threat of Leaking Private Keys from Air-Gapped Blockchain Wallets”. In Proceedings of the International Smart Cities Conference (ISC2), pages 9–13, New York, NY, USA, 2019. IEEE.
  159. Mordechai Guri. “BeatCoin: Leaking Private Keys from Air-Gapped Cryptocurrency Wallets”. In Proceedings of the International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pages 1308–1316, New York, NY, USA, 2018. IEEE.
  160. “Security Threats from Bitcoin Wallet Smartphone Applications: Vulnerabilities, Attacks, and Countermeasures”. In Proceedings of the 11th Conference on Data and Application Security and Privacy (CODASPY), pages 89–100, New York, NY, USA, 2021. Association for Computing Machinery.
  161. Symantec. “Internet Security Threat Report – Volume 24”. Technical report, Symantec, 2019.
  162. ENISA. “ENISA Threat Landscape”. Technical report, ENISA, 2022.
  163. Federal Trade Commission. “Consumer Sentinel Network – Data Book 2021”. Technical report, Federal Trade Commission, 2022.
  164. EY. “Is cybersecurity about more than protection? – EY Global Information Security Survey 2018-19”. Technical report, EY, 2018.
  165. ENISA. “Identity theft - ENISA Threat Landscape”. Technical report, ENISA, 2020.
  166. ENISA. “Data breach - ENISA Threat Landscape”. Technical report, ENISA, 2020.
  167. OWASP. “OWASP Top Ten”. https://owasp.org/www-project-top-ten/, 2022. accessed July 23, 2024.
  168. IIoT World. “An overview of the IoT Security Market Report 2017-2022”. https://iiot-world.com/reports/an-overview-of-the-iot-security-market-report-2017-2022/, 2022.
  169. Curated Intel. “Initial-Access-Broker-Landscape”. https://github.com/curated-intel/Initial-Access-Broker-Landscape, 2021. accessed July 23, 2024.
  170. Identity Defined Security Alliance. “2022 Trends in Securing Digital Identities”. Technical report, IDSA, 2022.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now