Spoofing (STRIDE)

Question

What is spoofing? How does authentication mitigate this threat?

Answer

Spoofing is attempting to gain access to a system by using a false identity. This can be accomplished using stolen user credentials or a false IP address. After the attacker successfully gains access as a legitimate user or host, elevation of privileges or abuse using authorization can begin.1

A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls.2

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be.4

Authentication is the security control to mitigate spoofing, because an adequate authentication implementation will:3

  • Ensure all internal and external connections (user and entity) go through an appropriate and adequate form of authentication. Be assured that this control cannot be bypassed.
  • Ensure that authentication credentials do not traverse the wire in clear text form.
  • Ensure development/debug backdoors are not present in production code.
  • For web applications, ensure that:
    • All pages enforce the requirement for authentication.
    • Whenever authentication credentials or any other sensitive information is passed, only accept the information via the HTTP “POST” method and do not accept it via the HTTP “GET” method.
    • Any page deemed by the business or the development team as being outside the scope of authentication should be reviewed in order to assess any possibility of security breach.

Mitigations for Specific Threats

  • What is the threat, spoofing of a model entity?
    • Summary: Spoofing threats occur when an attacker pretends to be something or someone he/she isn’t. In this case, the named model entity may be spoofed by an attacker and this may lead to incorrect data delivered to the entity on the other side of the indicated data flow.
    • Recommendations: Recommended mitigations include: Use a standard authentication mechanism to identify the source entity. If the title of the threat is “Spoofing of Source <Element A>” and when selected the diagram shows <Element A> connected to <Element B> using <DataFlow X>, then this indicates that <Element B> should authenticate <Element A> to ensure <Element A> is not being spoofed.

References

  1. MSDN: Improving Web Application Security: Chapter 2 Threats and Countermeasures
  2. Veracode: Spoofing Attack: IP, DNS & ARP
  3. OWASP: Application Threat Modeling
  4. Definition of Authentication
  5. Microsoft Threat Modelling Tool Documentation