Closed asadmaza closed 3 weeks ago
Realised issue with DFD, Gateway is a Node, not really on the Cloud.
Updated. See Create Components, DFD and Class UML Diagrams for System #13 for Old diagram
Forgot to upload my STRIDE from earlier. Client has changed scope so this will be redundant...
STRIDE Category | Threat | Impact | Risk Level | Mitigation Strategy | When to Address |
---|---|---|---|---|---|
Spoofing | An attacker could spoof the identity of the farmer or the John Deere Platform login interface, tricking the farmer into providing login credentials. | Unauthorized access to the John Deere Platform could lead to control over the IoT system and sensitive data. | High | Mitigate - Ask the farmer to enable Multi-Factor Authentication (MFA) for added security. | Feasibility/PoC Stage |
Tampering | An attacker could physically access the IoT devices and tamper with the data before it is sent to the cloud. | Altered sensor readings could result in incorrect soil moisture data, leading to poor crop management. | Medium | Mitigate - Use tamper-evident enclosures for physical devices and employ data integrity checks to detect unauthorized modifications. | MVP Stage |
Repudiation | A farmer or attacker could deny having sent specific commands or accessed certain data within the John Deere Platform. | Lack of accountability could complicate troubleshooting and auditing. | Low | Mitigate - Ensure comprehensive logging and require user consent for actions. | MVP Stage |
Information Disclosure | Sensitive information could be leaked during transmission between IoT systems, Internet Gateway, Cloud Provider, or John Deere Platform. | Disclosure of sensitive data could lead to privacy violations and competitive disadvantages. | High | Mitigate - Use OAuth 2.0 to prevent MITM attacks, and employ strong encryption protocols (e.g., TLS) for secure data transmission. | Feasibility/PoC Stage |
Denial of Service (DoS) | An attacker could flood the Internet Gateway or LoRa communication channel with excessive traffic, disrupting the flow of data. | Disruption could prevent real-time soil moisture data collection, leading to delayed or incorrect farming decisions. | Medium | Transfer - Employ a third-party DDoS protection service. | Product Ready for Deployment |
Elevation of Privilege | An attacker could exploit a vulnerability in the John Deere Platform to gain unauthorized administrative privileges. | Disruption of operations or access to sensitive data. | Low | Mitigate - Apply strict access control, regularly patch vulnerabilities, and enforce the principle of least privilege. | Feasibility/PoC Stage |
Conducting STRIDE analysis on the UML DFD Diagram for the Ideal Solution