A useful means of classifying security attacks, used both in
X.800 and RFC 2828, is in terms of passive attacks and active
attacks. A passive attack attempts to learn or make use of information from
the system but does not affect system resources. An active attack attempts to
alter system resources or affect their operation.
Passive attacks are in the nature of eavesdropping on, or
monitoring of, transmis-sions. The goal of the opponent is to obtain
information that is being transmitted.
Two types of passive attacks are the release of message contents
and traffic analysis.
The release of message contents is easily understood
(Figure 1.2a). A telephone conversation, an electronic mail message, and a
transferred file may contain sensitive or confidential information. We would
like to prevent an opponent from learning the contents of these transmissions.
A second type of passive attack, traffic analysis, is
subtler (Figure 1.2b). Suppose that we had a way of masking the contents of
messages or other information traffic so that opponents, even if they captured
the message, could not extract the information from the message. The common
technique for masking contents is encryption. If we had encryption protection
in place, an opponent might still be able to observe the pattern of these
messages. The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of messages
being exchanged. This information might be useful in guessing the nature of the
communication that was taking place.
Passive attacks are very difficult to detect, because they do
not involve any alteration of the data. Typically, the message traffic is sent
and received in an appar-ently normal fashion, and neither the sender nor
receiver is aware that a third party has read the messages or observed the
traffic pattern. However, it is feasible to pre-vent the success of these
attacks, usually by means of encryption. Thus, the empha-sis in dealing with
passive attacks is on prevention rather than detection.
Active attacks involve some modification of the data stream or
the creation of a false stream and can be subdivided into four categories:
masquerade, replay, modification of messages, and denial of service.
A masquerade takes place when one entity pretends to be a
different entity (Figure 1.3a). A masquerade attack usually includes one of the
other forms of active attack. For example, authentication sequences can be
captured and replayed after a valid authentication sequence has taken place,
thus enabling an authorized entity with few privileges to obtain extra
privileges by impersonating an entity that has those privileges.
the passive capture of a data unit and its subsequent retrans-mission to
produce an unauthorized effect (Figure 1.3b).
Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered, to produce an unau-thorized
effect (Figure 1.3c). For example, a message meaning “Allow John Smith to read
confidential file accounts” is modified to mean “Allow Fred Brown to
read confidential file accounts.”
The denial of service prevents or inhibits the normal use
or management of communications facilities (Figure 1.3d). This attack may have
a specific target; for example, an entity may suppress all messages directed to
a particular destination
(e.g., the security audit service). Another form of service
denial is the disruption of an entire network, either by disabling the network
or by overloading it with messages so as to degrade performance.
Active attacks present the opposite characteristics of passive
attacks. Whereas passive attacks are difficult to detect, measures are
available to prevent their success.
On the other hand, it is quite difficult to prevent active
attacks absolutely because of the wide variety of potential physical, software,
and network vulnerabilities. Instead, the goal is to detect active attacks and
to recover from any disruption or delays caused by them. If the detection has a
deterrent effect, it may also contribute to prevention.