Message Confidentiality Threats
An attacker can easily
violate message confidentiality (and perhaps integrity) because of the public
nature of networks. Eavesdropping and impersonation attacks can lead to a
confidentiality or integrity failure. Here we consider several other
vulnerabilities that can affect confidentiality.
Misdelivery
Sometimes messages are
misdelivered because of some flaw in the network hardware or software. Most
frequently, messages are lost entirely, which is an integrity or availability
issue. Occasionally, however, a destination address is modified or some handler
malfunctions, causing a message to be delivered to someone other than the
intended recipient. All of these "random" events are quite uncommon.
More frequent than network
flaws are human errors. It is far too easy to mistype an address such as
100064,30652 as 10064,30652 or 100065,30642, or to type "idw" or
"iw" instead of "diw" for David Ian Walker, who is called
Ian by his friends. There is simply no justification for a computer network
administrator to identify people by meaningless long numbers or cryptic initials
when "iwalker" would be far less prone to human error.
Exposure
To protect the confidentiality of a message, we
must track it all the way from its creation to its disposal. Along the way, the
content of a message may be exposed in temporary buffers; at switches, routers,
gateways, and intermediate hosts throughout the network; and in the workspaces
of processes that build, format, and present the message. In earlier chapters,
we considered confidentiality exposures in programs and operating systems. All
of these exposures apply to networked environments as well. Furthermore, a
malicious attacker can use any of these exposures as part of a general or
focused attack on message confidentiality.
Passive wiretapping is one
source of message exposure. So also is subversion of the structure by which a
communication is routed to its destination. Finally, intercepting the message
at its source, destination, or at any intermediate node can lead to its
exposure.
Traffic Flow Analysis
Sometimes not only is the
message itself sensitive but the fact that a message exists is also sensitive.
For example, if the enemy during wartime sees a large amount of network traffic
between headquarters and a particular unit, the enemy may be able to infer that
significant action is being planned involving that unit. In a commercial
setting, messages sent from the president of one company to the president of a
competitor could lead to speculation about a takeover or conspiracy to fix
prices. Or communications from the prime minister of one country to another with
whom diplomatic relations were suspended could lead to inferences about a
rapprochement between the countries. In these cases, we need to protect both
the content of messages and the header information that identifies sender and
receiver.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.