ATM case study: Horizontal attack-defence diagram

The ATM (Automated Teller Machine) case study aims to study attacks to these kinds of machines, which can be from:

  • Software attacks consisting of infecting the machines with malware software that allows the attacker to take control of the devices, including the ability to open the machine money vault, and record data from the cardholders;
  • Physical attacks consisting in stealing the machines to open them in order to access the money vault.

 

Securing automated teller machines (ATMs), as critical and complex infrastructure, requires a precise understanding of the associated threats. The ATM case study tries to capture the most dangerous multi-stage attack scenarios applicable to ATM structures. This is done through creating attack-defence trees to model and analyse the security of ATMs. Based on expert knowledge and available historical data, the attack-defence tree have been decorated with estimations for critical parameters, such as likelihood of an attack. Next to this, the ATM case study partners have also collected a large data set on ATMs in Lisbon, including data on attacks over the last five years, locations, loss, victims, type of attacks, data on locations of entrances to highways, locations of police stations, unemployment rates in neighbourhoods, and many more.

Developing a horizontal attack-defence diagram

Most attack trees used in the TREsPASS-project only include attacks, decorated with values for difficulty or probability. The ATM case study –next to parameters for difficulty and probability– also implements countermeasures. As previous attack tree visualisations did not account for this yet, a specific visualisation was devised. The arrangement of the tree is based on a hierarchical grid to simplify the relation between the nodes and avoid repetition. The horizontal layout of the attack-defence tree facilitates the exploration of the complex data set and allows the intersection of multiple parameters. The ‘difficulty’ value of each node is represented with a specific colour palette from yellow to red (high—low). The ‘probability’ value of each edge is represented with the thickness of the line (i.e. a thin line shows a low probability).

Download the full research as PDF: lineardefensediagram

at_0929_cs6-07
Example of how an interactive application would highlight the various branches, including countermeasures.
Visualisation strategy of stacking visual elements to communicate multiple parameters, is applied here to the ATM case study. The visualisation is divided into manual and logical attacks. The nodes are combined in broader attack steps as attacks, events, process, action, and countermeasures.
Visualisation strategy of stacking visual elements to communicate multiple parameters, is applied here to the ATM case study. The visualisation is divided into manual and logical attacks. The nodes are combined in broader attack steps as attacks, events, process, action, and countermeasures.
High-level overview based on attack trees for an ATM retail scenario displaying AS-IS versus TO-BE scenarios. In the TO-BE scenarios, various countermeasures have been applied to get to the desired state of security. \\Top left: global overview. Top right: overview for only manual attacks. \\Bottom left: overview for only fraud attack. Bottom right: overview of countermeasures on physical attacks.
High-level overview based on attack trees for an ATM retail scenario displaying AS-IS versus TO-BE scenarios. In the TO-BE scenarios, various countermeasures have been applied to get to the desired state of security. Top left: global overview. Top right: overview for only manual attacks. Bottom left: overview for only fraud attack. Bottom right: overview of countermeasures on physical attacks.

One thought on “ATM case study: Horizontal attack-defence diagram

Comments are closed.