ieeeColors = ({
navy: "#2C3E50",
teal: "#16A085",
orange: "#E67E22",
gray: "#7F8C8D",
red: "#E74C3C",
green: "#27AE60",
purple: "#8E44AD",
blue: "#3498DB",
yellow: "#F1C40F",
darkGray: "#34495E",
lightGray: "#BDC3C7",
white: "#FFFFFF",
lightRed: "#FADBD8",
lightGreen: "#D5F4E6",
lightBlue: "#D6EAF8",
lightOrange: "#FDEBD0"
})
// Attack type definitions with mitigations
attackTypes = [
{
id: "mitm",
name: "Man-in-the-Middle (MITM)",
icon: "π΅οΈ",
severity: "Critical",
owaspMapping: "I3: Insecure Ecosystem Interfaces",
description: "Attacker intercepts communications between two parties, potentially reading and modifying data in transit.",
realWorldExample: "In 2020, researchers demonstrated MITM attacks on smart home devices by exploiting weak TLS implementations, allowing interception of commands sent to smart locks.",
mitigations: [
{ technique: "Certificate Pinning", description: "Device only accepts specific known certificates", effectiveness: 90 },
{ technique: "Mutual TLS (mTLS)", description: "Both client and server authenticate with certificates", effectiveness: 95 },
{ technique: "Network Segmentation", description: "Isolate IoT devices on separate VLANs", effectiveness: 70 },
{ technique: "ARP Inspection", description: "Dynamic ARP inspection on network switches", effectiveness: 85 }
]
},
{
id: "replay",
name: "Replay Attack",
icon: "π",
severity: "High",
owaspMapping: "I7: Insecure Data Transfer and Storage",
description: "Attacker captures legitimate messages and retransmits them later to achieve unauthorized actions.",
realWorldExample: "In 2017, researchers showed that certain smart garage door openers could be attacked by recording and replaying the RF signals used to open the door.",
mitigations: [
{ technique: "Nonces (Number Used Once)", description: "Include random values that can only be used once", effectiveness: 95 },
{ technique: "Timestamps", description: "Messages expire after short time window", effectiveness: 80 },
{ technique: "Sequence Numbers", description: "Track message order, reject out-of-sequence", effectiveness: 85 },
{ technique: "Challenge-Response", description: "Server sends challenge that must be answered", effectiveness: 90 }
]
},
{
id: "dos",
name: "Denial of Service (DoS)",
icon: "π«",
severity: "High",
owaspMapping: "I9: Insecure Default Settings",
description: "Attacker overwhelms target with traffic or requests, making it unavailable to legitimate users.",
realWorldExample: "The Mirai botnet (2016) compromised over 600,000 IoT devices to launch massive DDoS attacks, taking down major internet services including Twitter, Netflix, and Reddit.",
mitigations: [
{ technique: "Rate Limiting", description: "Restrict requests per source per time period", effectiveness: 75 },
{ technique: "Traffic Filtering", description: "Block known malicious IPs and patterns", effectiveness: 70 },
{ technique: "CDN/DDoS Protection", description: "Use services like Cloudflare to absorb attacks", effectiveness: 90 },
{ technique: "Resource Scaling", description: "Auto-scale resources to handle traffic spikes", effectiveness: 65 }
]
},
{
id: "sidechannel",
name: "Side-Channel Attack",
icon: "π‘",
severity: "Medium",
owaspMapping: "I5: Use of Insecure or Outdated Components",
description: "Attacker extracts secret information by analyzing physical characteristics like power consumption, timing, or electromagnetic emissions.",
realWorldExample: "Researchers demonstrated extracting AES keys from smart cards by analyzing power consumption patterns during encryption operations, a technique called Differential Power Analysis (DPA).",
mitigations: [
{ technique: "Constant-Time Operations", description: "Ensure operations take same time regardless of data", effectiveness: 80 },
{ technique: "Power Noise Injection", description: "Add random noise to power consumption", effectiveness: 75 },
{ technique: "Hardware Countermeasures", description: "Use security-hardened chips with shielding", effectiveness: 90 },
{ technique: "Masking", description: "Randomize intermediate values during computation", effectiveness: 85 }
]
},
{
id: "firmware",
name: "Firmware Extraction",
icon: "πΎ",
severity: "Critical",
owaspMapping: "I4: Lack of Secure Update Mechanism",
description: "Attacker extracts firmware from device to analyze vulnerabilities, extract secrets, or create malicious versions.",
realWorldExample: "In 2019, researchers extracted firmware from a popular IP camera via UART interface, discovering hardcoded credentials and command injection vulnerabilities.",
mitigations: [
{ technique: "Secure Boot", description: "Verify firmware signature before execution", effectiveness: 90 },
{ technique: "Encrypted Firmware", description: "Store firmware encrypted on flash", effectiveness: 85 },
{ technique: "Disable Debug Interfaces", description: "Fuse-blow JTAG/UART in production", effectiveness: 80 },
{ technique: "Hardware Security Module", description: "Store secrets in tamper-resistant HSM", effectiveness: 95 }
]
},
{
id: "downgrade",
name: "Protocol Downgrade Attack",
icon: "β¬οΈ",
severity: "High",
owaspMapping: "I3: Insecure Ecosystem Interfaces",
description: "Attacker forces systems to use older, weaker protocol versions that have known vulnerabilities.",
realWorldExample: "The POODLE attack (2014) forced servers to downgrade from TLS to SSL 3.0, which had vulnerabilities allowing decryption of encrypted data.",
mitigations: [
{ technique: "Disable Legacy Protocols", description: "Only allow modern secure versions", effectiveness: 95 },
{ technique: "TLS_FALLBACK_SCSV", description: "Signal to prevent downgrade attacks", effectiveness: 85 },
{ technique: "Version Pinning", description: "Require minimum protocol version", effectiveness: 90 },
{ technique: "Certificate Transparency", description: "Monitor for suspicious certificates", effectiveness: 70 }
]
}
]
// State management
mutable selectedAttack = attackTypes[0]