All new systems connected to the EMREX network should be subject to a risk analysis.
This should be performed by the unit responsible for the system.
Below, you will find some risks that could be considered doing this analysis.

New HTTPS vulnerabilities are discovered. A hacker can replace NCP-list data being downloaded from EMREG. This makes it possible to set up a fake NCP server and produce fraudulant diplomas.45

Use correct server security configuration. Use cryptographic signatures on data, in addition to HTTPS

Several critical SSL/TLS vulnerabilities have been found in recent years.

CA certificate leaked or abused


Use signature on data in addition to HTTPS or use custom list of custom Cas (trust store)

Comodo, diginotar, Chinese CA

EMREG is hacked. SMP is communicating with correct server but recieving false data.


Pen-testing regularly and before major releases to secure application.Patch OS and third party software. Log changes made by user in application.


NCP is hacked. Places false data in EMREG


Responsibility of each NCP but login solution (yubikey etc) can make abuse of EMREG more difficult


EMREG is DDOSed for several days during diploma deadline.


Anti DDOS measures and Caching

EMREG data can be cached. EMREG downtime may not matter much as long as cached data can be used

NCP is DDOSed. Unable to retrieve foreign diplomas from attacked country during attack.


Anti DDOS measures

Caching all diplomas is not an option

Rogue employees


Good practices


EMREG downtime


Redundancy and alerts

NCP or Result service downtime24

Redundancy and alerts


Hostile code injected in SMP binaries (jar-­‐file)


Reproducible/determenistic builds


Hostile code injected in mobility plugin source code. Enabling forging diplomas and hacking systems using SMP


Good practice, open source, code-­‐review


NCP sends data against user's wish


NCP must ask for concent and make it very clear which data will be sent and where it will be sent. A white list of approved URLs for diploma delivery could be used to prevent fake web sites from receiving diplomas. Whitelisting might not be an option if EMREX is to be used by recruiting agencies etc.

Open source. Makes it easy for hackers to find vulnerabilities.24

Bug bounty program.


Min. probability value 1 - Very low (never occured)
Max. probability value 5 ‐ Very high (daily/always)
Min. impact value 1 ­‐ Can be ignored
Max. impact value 5 - Very high/catastrophic



  • No labels