IEEE Access (Jan 2023)
Insider Attack Model Against HSM-Based Architecture
Abstract
Data security is an increasingly important issue in 2023. Whether about user privacy, data availability, or integrity, consumer information is getting targeted by cyber-pirates for various motives. Many strategies and tools have been developed to keep outsider attackers from accessing server-side data, but there needs to be more solutions that target insider attacks. In this paper, we propose a combinatory attack model to identify the risks of insider attacks against HSM-based security architectures. Our proposed model is based on the study of attack vectors in the security architecture and the conduction of all possible attacks on those vectors. It shows that these typical architectures are vulnerable to private key theft and replacement and data theft, alteration, swapping, nullification, and deletion. Results show that we successfully conducted each attack on an HSM-based security architecture relatively easily. They prove the essential need for a security architecture considering insider threats.
Keywords