1. Use case

  • Authenticate the user of parking is “Aliens” status, a yes/no decision
  • Grant usage duration
  • Disclaim loss/damage responsibilities

2. Enforcement

  • If yes: allow
  • If not: reject
  • If violate: consequence

3. Somehow, vulnerabilities exist:

  • Identity provider is compromised
  • Method of authentication is circumvented
  • Result of authentication is manipulated
  • Barrier to the authorized resource (parking lot) fails and being bypassed without authentication

4. Consequence:

  • False negative: non-alien is mistaken as alien for fraudulent use
  • False positive: genuine alien is mistaken as non-alien resulting into denial of service

5. Counter-measure:

  • Protect identity provider
  • Secure communication from end point to identity provider
  • Ensure authentication result integrity
  • Conduct periodic system health-check
  • Perform regular patrol of parking lot
  • Post terms of use and consequence of violation (e.g. tow away at vehicle owner’s expense)

Leave a Reply