3 (IMP) Security Threats(Attacks)

Security Threats/Attacks

• BY ::Prof Yogesh Doulatramani

VIT College

Security Attacks

Informationsource

Informationdestination

Normal Flow

2

Security Attacks

Informationsource

Informationdestination

Interruption

Attack on availability(ability to use desired information or

resources)3

Security Attacks

Informationsource

Informationdestination

Interception

Attack on confidentiality

(concealment of information)4

Security Attacks

Informationsource

Informationdestination

Fabrication

Attack on authenticity(identification and assurance of origin of information)

5

Security Attacks

Informationsource

Informationdestination

Modification

Attack on integrity(prevention of unauthorized changes)Network

Security 6

Threats and Attacks

• Threat - a potential for violation of security or a possible danger that might exploit a vulnerability

• Attack - an assault on system security- an intelligent act that is a deliberate attempt to evade security services and violate the security policy of a system.

7

Security Security Threats/AttacksThreats/Attacks

8

Security AttacksSecurity Attacks

• Interruption: This is an attack on availability– Disrupting traffic– Physically breaking communication

line• Interception: This is an attack on

confidentiality– Overhearing, eavesdropping over a

communication line

9

Security Attacks (continued)

• Modification: This is an attack on integrity– Corrupting transmitted data or

tampering with it before it reaches its destination

• Fabrication: This is an attack on authenticity– Faking data as if it were created by a

legitimate and authentic party

10

Examples of Threats

• Snooping intercepting information (“passive” wiretapping)

• Modification or alteration of information by “active” wiretapping

• Masquerading or spoofing• Repudiation of origin• Delay or denial of service

11

Safeguards and Vulnerabilities

• A Safeguard is a countermeasure to protect against a threat

• A weakness in a safeguard is called a vulnerability

12

Passive and Active Attacks• Security attacks are usually classified

as passive or active:• Passive- attempts to learn or make

use of information from the system, but does not affect system resources.

• Active- attempts to alter system resources or affect their operation.

13

Passive and active attacks• Passive attacks- goal to obtain information

– No modification of content or fabrication– Eavesdropping to learn contents or other

information (transfer patterns, traffic flows etc.) • Release of message contents• Traffic analysis

• Active attacks- modification of content and/or participation in communication to

• Impersonate legitimate parties (Masquerade)• Replay or retransmit• Modify the content in transit• Launch denial of service attacks

14

15

Summary of Passive and Active Threats

Passive Attacks

16

Passive Attacks

17

Active Attacks

18

Active Attacks

19

20

Passive Threats

• Release of a message contents: Contents of a message are read.> A message may be carrying sensitive or

confidential data.• Traffic analysis: An intruder makes inferences by observing

message patterns.> Can be done even if messages are

encrypted.> Inferences: location and identity of hosts.

21

Active Threats

• Masquerade: An entity pretends to be some other

entity. Example: An entity captures an

authentication sequence and replays it later to impersonate the original entity.

• Replay:Involves capture of a data unit and

its retransmission to produce an unauthorized effect.

22

Active Threats

• Modification of messages:A portion of a legitimate message has

been altered to produce an undesirable effect.

• Denial of service:Inhibits normal use of computer and

communications resources.> Flooding of computer network.>Swamping of CPU or a server.