Message Integrity Threats
In many cases, the integrity
or correctness of a communication is at least as important as its
confidentiality. In fact for some situations, such as passing authentication
data, the integrity of the communication is paramount. In other cases, the need
for integrity is less obvious. Next we consider threats based on failures of
integrity in communication.
Falsification of Messages
Increasingly, people depend
on electronic messages to justify and direct actions. For example, if you
receive a message from a good friend asking you to meet at the pub for a drink
next Tuesday evening, you will probably be there at the appointed time.
Likewise, you will comply with a message from your supervisor telling you to
stop work on project A and devote your energy instead to project B. As long as
it is reasonable, we tend to act on an electronic message just as we would on a
signed letter, a telephone call, or a face-to-face communication.
However, an attacker can take
advantage of our trust in messages to mislead us. In particular, an attacker
may
·
change some or all of the content of a message
·
replace a message entirely, including the date, time, and
sender/receiver identification
·
reuse (replay) an old
message
·
combine pieces of different messages into one
·
change the apparent source of a message
·
redirect a message
·
destroy or delete a message
These attacks can be
perpetrated in the ways we have already examined, including
·
active wiretap
·
Trojan horse
·
impersonation
·
preempted host
·
preempted workstation
Noise
Signals sent over communications media are
subject to interference from other traffic on the same media, as well as from
natural sources, such as lightning, electric motors, and animals. Such
unintentional interference is called noise.
These forms of noise are inevitable, and they can threaten the integrity of
data in a message.
Fortunately, communications
protocols have been intentionally designed to overcome the negative effects of
noise. For example, the TCP/IP protocol suite ensures detection of almost all
transmission errors. Processes in the communications stack detect errors and
arrange for retransmission, all invisible to the higher-level applications.
Thus, noise is scarcely a consideration for users in security-critical
applications.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.