A useful means of classifying security attacks, used both in X.800 and RFC 2828, is in terms of passive attacks and active attacks. A passive attack attempts to learn or make use of information from the system without affecting system resources. In contrast, an active attack attempts to alter system resources or affect their operation.
Passive Attacks
Passive attacks involve eavesdropping on or monitoring transmissions. The goal of the attacker is to obtain information that is being transmitted. There are two main types of passive attacks: the release of message contents and traffic analysis.
The release of message contents is straightforward. A telephone conversation, an electronic mail message, or a transferred file may contain sensitive or confidential information. We want to prevent an attacker from learning the contents of these transmissions.
The second type of passive attack, traffic analysis, is subtler. Suppose we have a way to mask the contents of messages or other information traffic so that attackers, even if they capture the message, cannot extract information from it. The common technique for masking contents is encryption. However, even with encryption protection, an attacker might still observe the pattern of these messages, determining the location and identity of communicating hosts and observing the frequency and length of messages being exchanged. This information could be useful in guessing the nature of the communication. Passive attacks are very difficult to detect because they do not involve altering data. Typically, message traffic is sent and received in an apparently normal fashion, and neither the sender nor the receiver is aware that a third party has read the messages or observed the traffic pattern. However, it is feasible to prevent the success of these attacks, usually through encryption. Thus, the emphasis in dealing with passive attacks is on prevention rather than detection.
Active Attacks
Active attacks involve modification of data streams or the creation of a false stream. These attacks can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.
A masquerade occurs when one entity pretends to be a different entity. A masquerade attack often includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence takes place, thereby enabling an unauthorized entity to gain extra privileges by impersonating an entity with those privileges.
Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
Modification of messages means that some portion of a legitimate message is altered, or messages are delayed or reordered to produce an unauthorized effect. For example, a message meaning "Allow John Smith to read confidential file accounts" could be modified to mean "Allow Fred Brown to read confidential file accounts."
Denial of service attacks prevent or inhibit the normal use or management of communication facilities. This attack may target a specific entity; for example, an attacker might suppress all messages directed to a particular destination, such as the security audit service. Another form of service denial is disrupting an entire network, either by disabling it or by overloading it with messages to degrade its performance.
Active attacks have characteristics opposite to passive attacks. While passive attacks are difficult to detect and prevent, active attacks are challenging to prevent absolutely due to the wide variety of possible physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and recover from any disruption or delays they cause. If detection has a deterrent effect, it may also contribute to prevention.
0 Comments