💵
ITU DFS Security Assurance Framework
  • Acronyms
  • Executive Summary
  • Introduction
  • ITU-T Recommendation X.805 Overview
  • DFS Provider Business Models
  • Elements of DFS ecosystem
  • Security threats
  • DFS Security Assurance Framework
    • Risk assessment methodology
      • Assessment of DFS security vulnerabilities, threats and mitigation Measures
  • DFS security vulnerabilities, threats and mitigation Measures In order to systematical
    • Account and Session Hijacking
    • Attacks against systems and platforms
    • Code Exploitation Attacks
    • Data Misuse
    • Denial of Service Attacks
    • Insider Attacks
    • Man-in-the-middle and social engineering attacks
    • Compromise of DFS Infrastructure
    • Compromise of DFS Services
    • SIM attacks
    • Unauthorized access to DFS data
    • Malware
    • Rogue Devices
    • Unauthorised Access to Mobile Devices
    • Unintended Disclosure of Personal Information
    • Zero-Day Attacks
    • Attacks against credentials
Powered by GitBook
On this page
  • Affected entity: MNO & DFS Provider
  • Affected entity: Third-Party Provider
  1. DFS security vulnerabilities, threats and mitigation Measures In order to systematical

Compromise of DFS Infrastructure

Attacks as targeting the underlying infrastructure of the DFS ecosystem.

Affected entity: MNO & DFS Provider

Risk: Infrastructure and data compromise

  • Vulnerability: _Insecure and inadequate access controls on user accounts (SD: access control)

Risk: Service outage and inability to transact.

  • Vulnerability: Untested Service restoration (SD: availability)

Risk: Data exfiltration and modification, compromise of transaction integrity, and interruption of service

  • Vulnerability: Inadequate data controls like inadequate implementation of ACID tests (Atomicity, Consistency, Isolation, Durability) on transactions, allowing them to exist in a partially completed state (SD: data integrity)

Affected entity: Third-Party Provider

Risk: Inability for the user to transact.

  • Vulnerability: Inadequate mechanisms to assure data integrity and over-reliance on external trust anchors (SD: non-repudiation)

PreviousMan-in-the-middle and social engineering attacksNextCompromise of DFS Services

Last updated 2 years ago