Threat Modeling for Proxy Software

Key Cracking

If software uses modern encryption protocols like AES or CHACHA20, then there are no known ways to crack. It means that even if we get unencrypted text and its corresponding encrypted text, we cannot get the key used for encryption, no matter how much text we get.

Forward Secrecy

Forward Secrecy means that if someday the encryption key is cracked and known, and we also get previous tranfered encrypted text, we cannot decrypt the text. So far only TLS can support forward secrecy. Forward secrecy means extra key exchange so it will increase time delay for proxy software.

Man-in-the-middle Attack

Usually MITM attack is useful only to protocols with key exchange. In TLS, certificates authorties are used to avoid MITM.

Replay Attack

Usually DDOS is used for replay attack to a server. Sometimes AEAD ciphers can be used for replay attack pretection.

Chosen-ciphertext Attack/Chosen-plaintext Attack

Usually replay attack is used with CCA/CPA for a better result. Replay attack does not need us to make attack content but CCA/CPA does. It seems that there is not a good way to avoid CCA/CPA because replay attack can be used to get some resonable text so that we can modify the text for a CCA/CPA attack.

Pattern Recognition

Pattern recognition means that we can use big data technology to analyse the transfered text to get a specific pattern for a proxy protocol. So if a proxy protocol has a unique pattern, then it can be easily blocked.

 
comments powered by Disqus