My review was on safety deposit boxes based on my experience using them. I was surprised at how stunningly insecure they are (although there may be additional controls I did not know about that banks implement), and am further surprised by the fact that the system is still largely operational. Beyond that, I was surprised at how interesting something as mundane as a safety deposit box could turn out to be.<\/p>\n
<\/p>\n
Summary: Assets\/Security Goals: Potential Adversaries\/Threats: Weaknesses: Potential Defenses:<\/strong><\/p>\n My review was on safety deposit boxes based on my experience using them. I was surprised at how stunningly insecure they are (although there may be additional controls I did not know about that banks implement), and am further surprised … Continue reading
\n<\/strong>Safe(ty) deposit boxes are a common service provided by banks with an established protocol and two-lock system for ensuring security of the valuables stored inside. A person requesting to rent a box from a bank initially provides some form of acceptable identification (e.g. driver’s license) and signature and then receives an assigned key. According to Wikipedia, some banks are supplementing these mechanisms with a code or biometric access control, however for this review, I assume that only the identifying document, signature, and key are required (and this is my experience with my current bank). When the person wants to access the box, I assume the procedure to be as follows: identification is presented and the bank verifies it against a paper list of safety deposit box assignments on file. Next, an audit trail is maintained by requiring the person who wants to open the box to sign their name and date on a paper list (their identification information and box number information is written by the banker). Then, both the banker and customer enter the safety deposit box chamber and the transparent door is closed behind them. The banker finds the appropriate shelf location and inserts her guard key and the customer then inserts his key and a small door for the particular shelf is unlocked so that the box can be taken out and brought to a table in the room. The guard key is removed from the shelf door while the customer’s key remains in the lock until the box is replaced and locked into place. Then the banker leaves the room closing the transparent door behind her to ensure the customer’s privacy. When the customer is finished, he returns the box to its proper location on the shelf and calls for the banker who returns and using the guard key, locks the box back into place, which release both the guard and assigned keys. The customer retrieves his key, both leave the chamber and the door is closed behind them. If multiple people are listed in the banks’ records for a particular box and provide identification, they can both enter the chamber together. I assume that two customers with different boxes cannot be in the room at the same time.<\/p>\n
\n<\/strong><\/p>\n\n
\n<\/strong><\/p>\n\n
\n<\/strong><\/p>\n\n
\n
\nRisk Evaluation:<\/strong>
\nThe Risk Impact (from the customer’s perspective) of a breach on a safety deposit box varies according to its usage: if one stores replaceable documents (e.g. a passport or encrypted disk backups), the impact maybe relatively low (unless the loss results in identity theft), but if one stores millions of dollars worth of jewelry in the box, it will be of very high impact. Other critical documents will vary based on the value of their contents. To the bank the Risk Impact (in terms of financial liability) is probably relatively low since the box’s contents are confidential and customers typically access a box infrequently, meaning that stolen or destroyed contents may not be noticed (especially not noticed quickly) and the customer may have no recourse in proving his loss. However, for this analysis, let us focus on the customer’s perspective and assume a medium level risk impact.
\nThe risk probability of key duplication can be assumed to be relatively high because it is currently not difficult to do. Faking a customer’s identity to gain access to his box is a lower probability threat because of the difficulties in obtaining the customer’s key in addition to forging an identity and signature. Ultimately, the security of the system rests primarily on the integrity of bank employees. Being insiders, they have nearly full access and can manipulate or ignore protocol according to their needs. Because of the large number of bank employees, even if we assume a small percentage of them to be crooks, those crooks have considerable access and potential to do harm. In this scenario, the risk probability may be low (due to the small percentage of bad employees), but we must assume the risk impact to be quite high because of the wide access insiders enjoy. Thus the overall risk exposure will be in the mid-range because the assets stored in safety deposit boxes are mostly at least medium impact and the probability of some attack is mild.
\n
\nConclusion:<\/strong>
\nWith the advent of newer access control technologies, it seems like only a matter of time before banks will begin to implement better control mechanisms. However, it is rare to hear stories of safety deposit boxes being broken into perhaps because the current system is sufficient or because the contents of boxes have been so private that their loss has not come to public attention. Perhaps bank employees who certainly have method and opportunity thus far have had little incentive or motive to attack the safety deposit box system (e.g. they are largely people of integrity) or maybe my analysis is too simplistic and left out other controls like surveillance systems that banks have put into place. However, because of the vulnerabilities of the system and the apparently relative ease with which an insider can exploit them, I would recommend using a safety deposit box only to protect assets from disasters such as fires, floods, etc. Under the current system, a determined thief can probably infiltrate the system without too much difficulty and an insider would face even fewer barriers. In order to improve safety deposit box security, banks should implement a biometric identification system (like simply taking a customer photo and verifying it) to protect against external attacks, and a more robust auditing and access control system to protect against insider attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"