written 8.5 years ago by | • modified 4.6 years ago |
written 8.5 years ago by | • modified 8.5 years ago |
Various aspects of Conventional Encryption:
Security Attack: Any action that compromises the security of information owned by an organization.
Security Mechanism: A process that is designed to detect, prevent or recover from a security attack.
Security Service: A processing or communication service that enhance the security of data processing systems to counter security attacks and make use of one or more counter security attacks and make use of one or more security mechanisms is called a ‘Security Service’.
Key definitions of Conventional Encryption:
Threat: Threat is a possible danger that might exploit vulnerability.
Attack: An intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violet the security policy of system. It is an assault on system security that derives from an intelligent threat.
Plaintext: This is the original intelligible message or data that is fed into the algorithm as input.
Ciphertext: This is the scrambled message produced as output. The ciphertext is an apparently random stream of data and as it stands is unintelligible.
Types of Security Attacks:
Passive Attack: It attempts to learn or make use of information from the system but does not affect system resources.
Active Attack: It attempts to alter system resources or affect their operation.
Passive Attacks:
- Passive attacks are in the nature of eavesdropping on, or monitoring of transmissions.
- The goal of the opponent is to obtain information that is being transmitted.
- There are 2 types of passive attacks they are
$$\text{Figure 4.1 Release of Message Contents}$$
$$\text{Figure 4.2 Traffic analysis}$$
- Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message.
- The common technique for masking content is encryption. However if the opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.
- Passive attacks are very difficult to detect because they do not involve any alteration of the data. Typically, the message traffic is not sent and received in an apparently normal fashion and the sender nor receiver is aware that a third party has read the messages or observed the traffic pattern.
- However, it is feasible to prevent the success of these attacks, usually by means of encryption. Thus the emphasis in dealing with passive attacks is on prevention rather than detection.
- Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:
4.Active Attacks:
A. Masquerade: It takes place when one entity pretends to be a different entity.
E.g. Authentication sequences can be captured and replayed after a valid authentication sequences has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by interpersonating an entity that has those privileges.
$$\text{Figure 4.3 Masquerade}$$
B. Replay: Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
$$\text{Figure 4.4 Replay}$$
C. Modification of Messages: The some portion of a legitimate message is altered or that messages are delayed or reordered, to produce an unauthorized effect.
E.g A message meaning “Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read the confidential file accounts”.
$$\text{Figure 4.5 Modification of Messages}$$
D. Denial of Service: It prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target;
Ex. An entity may suppress all messages directed to a particular destination. (e.g The security audit service) Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.
$$\text{Figure 4.6 Denial of Service}$$
- Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success.
- On the other hand, it is quite difficult to prevent active attacks absolutely because of the wide variety of potential physical, software and network vulnerabilities.
Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them. If the detection has a deterrent effect, it may also contribute to prevention.
(Note- Attacks: Disclosure, Traffic Analysis, Masquerade, Content Modification, Sequence Modification, Timing Modification, Source Repudiation, Destination Repudiation)