Threat Modelling

Updated: 6 days ago

Threat Modeling for Digital Lending

STRIDE (Microsoft) → Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.
PASTA (Process for Attack Simulation and Threat Analysis) → 7-stage risk-centric threat modeling.
MITRE ATT&CK → Map adversary techniques to banking ecosystem.

We used STRIDE + PASTA combo at design phase, with MITRE ATT&CK for runtime detection coverage.

Customer Onboarding (Amit R)
- eKYC (Aadhaar, PAN, CKYC APIs)
- Fenergo integration for KYC/CDD/EDD
- Risk: API spoofing, man-in-the-middle attacks.
Loan Application & Credit Scoring
- CIBIL/Experian API
- Experian Hunter (fraud scoring)
- Risk: Tampering of score payloads, DoS on scoring APIs.
AML/Financial Crime
- Actimize ingestion (batch feed + SFTP + ETL → CTR/STR/NTR/CBWR reports).
- Risk: Insider manipulation of reports, repudiation (no proof of file delivered).
Core Banking Integration (Finacle / TCS BaNCS)
- Loan origination, disbursement.
- Risk: Privilege escalation, unauthorized approval bypass.
GenAI Advisor
- LLM-powered loan FAQs.
- Risk: Prompt injection, data leakage, hallucination → misinformation to customer.

Category	Example in Lending	Mitigation
Spoofing	Fake user impersonates Amit R during onboarding	MFA, Aadhaar OTP + biometric, FIDO2
Tampering	Loan payload modified during transmission	End-to-end encryption (TLS 1.3 + mTLS).Also use hashing create checksum for the loan data, reciver will use same hashing and creat checsum.if 2 checksum match, then no tampering loan data.
Repudiation	Partner denies sending AML batch	Immutable logs + non-repudiation via digital signatures
Information Disclosure	PAN/Aadhaar exposed in logs	Data masking, tokenization, Azure Key Vault
Denial of Service	DoS on credit scoring API	API Gateway rate limiting, auto-scaling
Elevation of Privilege	Loan officer escalates to admin	RBAC, SailPoint SoD policies, PIM JIT access

Examples:

Spoofing: Fake loan applications → Mitigation: Aadhaar OTP, PAN API validation, Fenergo KYC.
Tampering: Loan data manipulation → Mitigation: Hashing, immutability with blockchain ledger (future roadmap).
Repudiation: User denies transaction → Mitigation: Non-repudiation via digital signature (eSign, Aadhaar).
Information Disclosure: PII leaks → Mitigation: Data masking, tokenization, field-level encryption.
Denial of Service: Loan portal downtime → Mitigation: Azure Front Door + CDN + DDoS Protection.
Elevation of Privilege: Unauthorized access → Mitigation: RBAC + PAM (Privileged Access Management).

Threat Modeling (STRIDE):

Fenergo → KYC/CDD/EDD workflows, API integration.
Actimize → AML/Fraud detection, CTR/STR/NTR/CBWR reports, FIU-IND integration.
Experian / CIBIL → Credit Score API.
Experian Hunter → Fraud Score API.
TCS BaNCS / Finacle → Core Banking System.
ABC Bank Batch Jobs → SFTP → Actimize ingestion → ETL pipeline → FIU-IND reporting.

Define Business Objectives → Secure loan origination, regulatory reporting, AML compliance.
Define Technical Scope → Lending microservices, Finacle/BaNCS, Fenergo, Actimize, APIs.
Application Decomposition → Process flows, trust boundaries (customer → API → microservices → CBS → partners).
Threat Analysis → Map STRIDE + MITRE ATT&CK.
Vulnerability & Weakness Analysis → OWASP Top 10, CVE scans in DevSecOps pipeline.
Attack Simulation → Ethical hacking scenarios: fake onboarding, fraud scoring tamper, AML report suppression.
Risk & Mitigation → Risk register, mapped to controls (Zero Trust, encryption, IAM).

DFDs (Data Flow Diagrams) → Customer to Loan Microservices to Core Banking → AML → Regulator.
Threat Catalog → STRIDE categorized threats.
Mitigation Matrix → Controls per hop.
Integration with DevSecOps → Automated threat checks in pipelines (ZAP scans, dependency checks).
Continuous Review → Updated threat model per sprint → SRB (Security Review Board).