Attack Dynamics

Security Attack Dynamics

Attack Dynamics
	Current	FN
Who?	Low-Moderate Skill & Resources	“Very High Skill & Resources (FN forces attacker to most difficult attack Vectors)”
What?	Any software, vulnerability/threat vector on the system	“FN software vulnerability/threat vector focus (due to materially reduced transitive risks)”
When?	Anytime/Forever	“Only when user is logged on (software AES encrypted at rest / until next update)”
Where?	Anywhere	“Only on User’s Device (enabled by hardware binding)“
How?	Automated	Manual
	Any Attack Vector	Attack Limited to Certain Endpoint Vectors
	Any Attack Sequence	Attack Order Dependent
	Circumvent The Hard Parts (i.e. encryption)	Circumvention Loopholes Closed (Key Hiding; GUI Spoofing)
	Coding Faults	High Assurance Coding Standard + Fragilization/Obfuscation
	Attack The Seams (especially peripherals, such as keyboard, mouse, and applications integration)	No Seams (i.e. One Code Base & Secure Human Computer Interface ~ HCI)
Why?	Easy	Very Hard/Difficult
Why?	Economics Break Once, Break Everywhere (BOBE)	Economics Break Once, Break Once (BOBO)

Attack Attributes and Instance Examples
Parameters	Client (Spyware)	Client (DRM)	Network (Phishing)	Server	FN
Data Aggregation	Very Low	N/A	Very Low	High	Very Low
Value (per instance)	Very Low	High	Very Low	High	Very Low
Reusability / BOBE	Very High	Very High	Very High	Low	Very Low
Automation	Very High	Very High	Very High	Low/Moderate	Very Low
Difficulty	Very Low	Moderate	Very Low	Low/Moderate	Very High
Effort	Low	Moderate	Low	Low/Moderate	Very High
Cost	Very Low	Moderate	Very Low	Low/Moderate	Very High
Bottom Line:	Easy, Automated, Very Low Cost	Moderately Difficult to Break (but once broken, broken for all)	Easy, Automated, Very Low Cost	Low/Moderate Difficulty High Reward (Due to Data Aggregation)	Very High Cost (Effort and Difficulty, Lack of Tools) Low Reward (Due To Data Disaggregation & “Break Once, Break Once)

Why FN?