Elicitation of security threats and vulnerabilities in Insurance chatbots using STRIDE

dc.contributor.authorBokolo, Zilungile
dc.contributor.authorDaramola, Olawande
dc.contributor.emailwande.daramola@up.ac.za
dc.date.accessioned2025-07-03T13:10:42Z
dc.date.available2025-07-03T13:10:42Z
dc.date.issued2024-08-02
dc.descriptionDATA AVAILABILITY : The data used for this study are not publicly available due to confidentiality, but are available from the corresponding author Olawande Daramola (wande.daramola@up.ac.za) on reasonable request.
dc.description.abstractAlthough chatbots are used a lot for customer relationship management (CRM), there needs to be more data security and privacy control strategies in chatbots, which has become a security concern for financial services institutions. Chatbots gain access to large amounts of vital company information and clients’ personal information, which makes them a target of security attacks. The loss of data stored in chatbots can cause major harm to companies and customers. In this study, STRIDE (viz. Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) modelling was applied to identify the data security vulnerabilities and threats that pertain to chatbots used in the insurance industry. To do this, we conducted a case study of a South African insurance organisation. The adopted methodology involved data collection from stakeholders in the insurance organisation to identify chatbot use cases and understand chatbot operations. After that, we conducted a STRIDE-based analysis of the chatbot use cases to elicit security threats and vulnerabilities in the insurance chatbots in the organisation. The results reveal that security vulnerabilities associated with Spoofing, Denial of Service, and Elevation of privilege are more relevant to insurance chatbots. The most security threats stem from Tampering, Elevation of privilege, and Spoofing. The study extends the discussion on chatbot security. It fosters an understanding of security threats and vulnerabilities that pertain to insurance chatbots, which is beneficial for security researchers and practitioners working on the security of chatbots and the insurance industry.
dc.description.departmentInformatics
dc.description.librarianam2025
dc.description.sdgSDG-09: Industry, innovation and infrastructure
dc.description.urihttps://www.nature.com/srep/
dc.identifier.citationBokolo, Z. & Daramola, O. 2024, 'Elicitation of security threats and vulnerabilities in Insurance chatbots using STRIDE', Scientific Reports, vol. 14, art. 17920, pp. 1-25. https://doi.org/10.1038/s41598-024-68791-z
dc.identifier.issn2045-2322 (online)
dc.identifier.other10.1038/s41598-024-68791-z
dc.identifier.urihttp://hdl.handle.net/2263/103175
dc.language.isoen
dc.publisherNature Research
dc.rights© The Author(s) 2024. This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
dc.subjectData security
dc.subjectChatbots
dc.subjectChatbot security
dc.subjectSTRIDE
dc.subjectThreat modelling
dc.subjectInsurance
dc.subjectCustomer relationship management (CRM)
dc.subjectArtificial Intelligence (AI)
dc.titleElicitation of security threats and vulnerabilities in Insurance chatbots using STRIDE
dc.typeArticle

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Bokolo_Elicitation_2024.pdf
Size:
3.18 MB
Format:
Adobe Portable Document Format
Description:
Article

License bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description: