University of Twente Student Theses


A threat model analysis of audio recording on mobile health care applications

Harmes, J.P.M. (2020) A threat model analysis of audio recording on mobile health care applications.

[img] PDF
Abstract:Mobile devices are getting used more and more in healthcare. In this report, we do a threat model analysis of recording audio on mobile devices and try to find out how attackers can obtain the privacy-sensitive audio data. We use multiple threat model methods, including STRIDE, attacker profiles, and attack trees. STRIDE is used to get an overview of vulnerabilities and threats and allowed to find 19 initial threats. We then define seven attacker profiles, found from literature and brainstorming sessions with experts. We select two of these profiles, the insider and criminals profiles, to create attack trees and find attack scenarios. Then we grade the nodes of the trees with an effort value to find which attack scenarios are most likely to happen. Last, we propose mitigations to counter these scenarios and try to see how they affect the probability. We found in both attack trees, that our mitigations would make it three times as hard to obtain the audio data. With the results, we choose three mitigations ChipSoft can apply.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page