Table 7 Security analysis for STRIDE and Dolev–Yao models.
From: Intelligent two-phase dual authentication framework for Internet of Medical Things
Model | Attack type | How it was tested | Tools/methods | Framework defense |
|---|---|---|---|---|
STRIDE | Spoofing | Simulated identity impersonation | Scapy | Two-phase authentication, ECDH key exchange. |
Tampering | Modified messages during transmission | Wireshark | AES-GCM encryption, message integrity checks. | |
Repudiation | Tested non-repudiation by verifying logs | Log Files | Timestamping, secure logging. | |
Information disclosure | Intercepted communication to test data leakage | Wireshark | AES-GCM encryption, secure key exchange (ECDH). | |
DoS | Sent large traffic volume to disrupt services | LOIC | Rate-limiting, message filtering, load balancing. | |
Privilege escalation | Tested unauthorized privilege access | Metasploit | Continuous device authentication using ECDH. | |
Information modification | Altered transmitted data | Burp Suite | AES-GCM encryption, integrity check on messages. | |
Fabrication | Created fake data to simulate the attack | Scapy | Nonces, timestamp validation, session management. | |
Replay | Sent captured packets to replay communications | Wireshark | ECDH key exchange, two-phase authentication. | |
Dolev–Yao | Spoofing | Impersonated entities in the communication network | Scapy | AES-GCM encryption, HMAC for integrity. |
Tampering | Modified messages during transmission | Wireshark | Timestamping, secure logging. | |
Repudiation | Tested if the sender could deny sent messages | Log Files | End-to-end AES-GCM encryption, key exchange. | |
Information disclosure | Intercepted data in-transit | Wireshark | Rate-limiting, load balancing, IP blocking. | |
DoS | Attacked the network with flooding to test resilience | LOIC | Continuous authentication, ECDH key exchange. | |
Privilege escalation | Attempted unauthorized privilege escalation | Metasploit | AES-GCM encryption, integrity checks. | |
Information modification | Modified sensitive data in transit | Burp Suite | Nonces, session tokens, timestamp validation. | |
Fabrication | Generated fake communication data | Scapy | Nonces, session tokens, timestamp validation. | |
Replay | Replay old captured packets to simulate the attack | Wireshark | ECDH key exchange, session tokens, timestamp validation. |
