Table 3.
Threat classification following the STRIDE modeling methodology.
| Threat ID | Description | S | T | R | I | D | E |
|---|---|---|---|---|---|---|---|
| TH1 | Gaining access to and misusing credentials that were originally granted to someone else | ✓ | ✓ | ✓ | |||
| TH2 | Attempting to gain unauthorized system access with a brute force attack, i.e., systematically trying combinations of usernames and passwords | ✓ | ✓ | ✓ | |||
| TH3 | Performing a Man-in-the-Middle (MitM) attack to intercept, manipulate, or eavesdrop on the data transmitted to the IoT Environmental System | ✓ | ✓ | ✓ | |||
| TH4 | Gaining system access by exploiting a previously unidentified or unaddressed software vulnerability, allowing them to read and alter data | ✓ | ✓ | ✓ | ✓ | ✓ | |
| TH5 | Performing a Denial of Service (DoS) attack to make the IoT Environmental System unavailable and non-functional | ✓ |