SlideShare a Scribd company logo
Types of Attacks
Mr. N. S. Shaikh
MMIT, Lohgaon, Pune-47
nisar.shaikh2022@mmit.edu.in
Security Fundamentals
• Confidentiality: Data should be accessible only to entities
(users/machines/processes) with the valid permissions (also includes
privacy)
• Integrity:
– Data should be modified only by entities with the valid permissions
– A system should perform its function without any deliberate manipulation by
entities without valid permissions
• Availability: Data and service should be accessible (timely and reliable) to
entities with the valid permissions
• Authentication:
– Entity authentication – validating user/machine identity
– Message authentication – validating whether a message came from the
user/machine/source who claims to have sent it
• Access control: Validating the permissions a user claims to have on a
resource
• Non-repudiation: Actions of an entity should be uniquely traced
back to that entity.
Security Fundamentals
• Cryptography (Encryption and Decryption):
– Transform information from plaintext to ciphertext (encryption) so that
it is not comprehensible for unauthorized entities during transmission
or at the end systems (more towards confidentiality)
– Every encryption algorithm needs to have a corresponding
decryption algorithm to get back the plaintext
• Digital Signature: A form of encryption/ decryption that
ensures the message came from the appropriate entity
– Non-repudiation, Message Authentication
Security Fundamentals
• Hashing: A digest of the message such that even if a bit
changes in the message, the hash value should change
– Integrity
• Notarization: Vouching for a user/machine – the notarizing
authority is trusted by the associated entities
– Entity authentication
• Steganography: Replace certain bits in a media file with the
plaintext bits and transmit them
– Weak confidentiality (but not very obvious to unauthorized users)
Computer Security Challenges
• Security is not simple
• Potential attacks on the security features need to be considered
• It is necessary to decide where to use the various security mechanisms
• Requires constant monitoring
• Is too often an afterthought
• Security mechanisms typically involve more than a particular algorithm or
protocol
• Security is essentially a battle of wits between a perpetrator and the
designer
Threats and Attacks (RFC 4949)
Source: William Stallings, Cryptography & Network Security, 6th ed.
Passive vs. Active Attacks
A passive attack attempts
to learn or make use of
information from the
system but does not
affect system resources
Source: William Stallings, Cryptography & Network Security, 6th ed.
Passive vs. Active Attacks
An active attack attempts
to alter system resources
or affect their operation
Passive Attacks
• Eavesdropping (release of message contents) –
solution: use encryption to prevent.
• Traffic analysis (monitoring of transmission
– Difficult to prevent or detect.
– Though the contents of the transmission can be protected
(using encryption), one can learn about the location and
identity of the communicating hosts as well as the frequency
and length of the messages being exchanged.
• As passive attacks are difficult to detect, the
emphasis is on prevention.
Active Attacks
• Active attacks involve some modification of the
data stream or the creation of a false stream
• Active attacks can be divided into four
categories:
– Masquerade: When one entity pretends to be a
different entity (impersonation)
– Replay: Passive capture of a data unit and its
subsequent retransmission (if modified, could
produce an unauthorized effect)
– Modification of messages: modify the captured
message
– Denial of service: prevent the normal use or management
of communications facilities (e.g., overload a server;
prevent legitimate users from use)
• It is difficult to prevent active attacks; the goal is on
their detection.
Active Attacks: Masquerade
Source: William Stallings, Cryptography & Network Security, 6th ed.
Active Attacks: Replay
Source: William Stallings, Cryptography & Network Security, 6th ed.
Active Attacks: Modification
Source: William Stallings, Cryptography & Network Security, 6th ed.
Active Attacks: Denial of Service
Source: William Stallings, Cryptography & Network Security, 6th ed.
Model for Network Security
Source: William Stallings, Cryptography & Network Security, 6th ed.
Security Services
Security
Services
Security Services
Authentication: The assurance that communicating entity is the
one that it claims to be
• Peer Entity Authentication: used in association with a logical
connection to provide confidence in the identity of the entities
connected
• Data Origin Authentication: In a connectionless transfer,
provides assurance that the source of received data is as
claimed
Security Services
Access Control: The prevention of unauthorized use of a
resource(i.e., this service controls who can have access to a
resource, under what conditions access can occur, and what those
accessing the resource are allowed to do
Security Services
Data Confidentiality: The protection of data from unauthorized
disclosure.
• Connection Confidentiality: The protection of all user data on a
connection.
• Connectionless Confidentiality: The protection of all user data
in a single data block.
• Selective-Field Confidentiality: The confidentiality of selected
fields within the user data on a connection or in a single data
block.
Security Services
Data Integrity: The assurance that data received are exactly as
sent by an authorized entity(i.e., contain no modification,
insertion, deletion, or replay).
• Connection Integrity with Recovery
• Connection Integrity without Recovery
• Selective-Field Connection Integrity
• Connectionless Integrity
• Selective-Field Connectionless Integrity
Security Services
Nonrepudiation: Provides protections against denial by one of the
entities involved in communication of having participated in all or
part of the communication.
• Nonrepudiation Origin: Proof that the message was sent by the
specified party.
• Nonrepudiation Destination: Proof that the message was
received by the specified party.
Security Mechanisms
Specific Security Mechanisms
• Encipherment
• Digital Signature
• Access Control
• Data Integrity
• Authentication Exchange
• Traffic Padding
• Routing Control
• Notarization
Security Mechanism
Encipherment: The use of Mathematical algorithms to transform
data into a form that is not readily intelligible.
The transformation and subsequent recovery of the data depend on
an algorithm and zero or more encryption keys.
Security Mechanism
Digital Signature:

More Related Content

Similar to 2.Types of Attacks.pptx

CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptx
RizwanBasha12
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptx
salutiontechnology
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
abc.pptx
abc.pptxabc.pptx
abc.pptx
BhargaviGorde1
 
Ch01 NetSec5e.pptx
Ch01 NetSec5e.pptxCh01 NetSec5e.pptx
Ch01 NetSec5e.pptx
Awais725629
 
information security.pptx
information security.pptxinformation security.pptx
information security.pptx
Awais725629
 
Ch01 NetSec5e.pdf
Ch01 NetSec5e.pdfCh01 NetSec5e.pdf
Ch01 NetSec5e.pdf
MohammadAbusaa3
 
Ch01
Ch01Ch01
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCENETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
karthikasivakumar3
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
ssuser4198c4
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
vishnukp34
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network security
sneha padhiar
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdf
surajthakur474818
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
limsh
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
ssuseref9c81
 
ch1-1.ppt
ch1-1.pptch1-1.ppt
ch1-1.ppt
NayyabMirTahir
 
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for womenE content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
Abiramis19
 
cns unit 1.pptx
cns unit 1.pptxcns unit 1.pptx
cns unit 1.pptx
Saranya Natarajan
 
Unit 1
Unit 1Unit 1

Similar to 2.Types of Attacks.pptx (20)

CNS new ppt unit 1.pptx
CNS new ppt unit 1.pptxCNS new ppt unit 1.pptx
CNS new ppt unit 1.pptx
 
Ch1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptxCh1 Cryptography network security slides.pptx
Ch1 Cryptography network security slides.pptx
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
 
abc.pptx
abc.pptxabc.pptx
abc.pptx
 
Ch01 NetSec5e.pptx
Ch01 NetSec5e.pptxCh01 NetSec5e.pptx
Ch01 NetSec5e.pptx
 
information security.pptx
information security.pptxinformation security.pptx
information security.pptx
 
Ch01 NetSec5e.pdf
Ch01 NetSec5e.pdfCh01 NetSec5e.pdf
Ch01 NetSec5e.pdf
 
Ch01
Ch01Ch01
Ch01
 
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCENETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
NETWORK SECURITY-K.GAYADRI-II-MSC COMPUTER SCIENCE
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Introduction of network security
Introduction of network securityIntroduction of network security
Introduction of network security
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdf
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
Unit-1.pptx
Unit-1.pptxUnit-1.pptx
Unit-1.pptx
 
ch1-1.ppt
ch1-1.pptch1-1.ppt
ch1-1.ppt
 
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for womenE content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
E content,S.Abirami,II-M.sc(computer Science),Bon Secours college for women
 
cns unit 1.pptx
cns unit 1.pptxcns unit 1.pptx
cns unit 1.pptx
 
Unit 1
Unit 1Unit 1
Unit 1
 

Recently uploaded

Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 
Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...
Prakhyath Rai
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
Gino153088
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
Atif Razi
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
shadow0702a
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
IJECEIAES
 
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
nedcocy
 
Engineering Standards Wiring methods.pdf
Engineering Standards Wiring methods.pdfEngineering Standards Wiring methods.pdf
Engineering Standards Wiring methods.pdf
edwin408357
 
SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m                 .pptxSCALING OF MOS CIRCUITS m                 .pptx
SCALING OF MOS CIRCUITS m .pptx
harshapolam10
 
Design and optimization of ion propulsion drone
Design and optimization of ion propulsion droneDesign and optimization of ion propulsion drone
Design and optimization of ion propulsion drone
bjmsejournal
 
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
PIMR BHOPAL
 
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
upoux
 
ITSM Integration with MuleSoft.pptx
ITSM  Integration with MuleSoft.pptxITSM  Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
VANDANAMOHANGOUDA
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
VICTOR MAESTRE RAMIREZ
 
CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1
PKavitha10
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
Paris Salesforce Developer Group
 
Curve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods RegressionCurve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods Regression
Nada Hikmah
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
IJECEIAES
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
bijceesjournal
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
kandramariana6
 

Recently uploaded (20)

Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
 
Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...Software Engineering and Project Management - Introduction, Modeling Concepts...
Software Engineering and Project Management - Introduction, Modeling Concepts...
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
 
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
 
Engineering Standards Wiring methods.pdf
Engineering Standards Wiring methods.pdfEngineering Standards Wiring methods.pdf
Engineering Standards Wiring methods.pdf
 
SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m                 .pptxSCALING OF MOS CIRCUITS m                 .pptx
SCALING OF MOS CIRCUITS m .pptx
 
Design and optimization of ion propulsion drone
Design and optimization of ion propulsion droneDesign and optimization of ion propulsion drone
Design and optimization of ion propulsion drone
 
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...
 
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
 
ITSM Integration with MuleSoft.pptx
ITSM  Integration with MuleSoft.pptxITSM  Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
 
CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1CEC 352 - SATELLITE COMMUNICATION UNIT 1
CEC 352 - SATELLITE COMMUNICATION UNIT 1
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
 
Curve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods RegressionCurve Fitting in Numerical Methods Regression
Curve Fitting in Numerical Methods Regression
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
 

2.Types of Attacks.pptx

  • 1. Types of Attacks Mr. N. S. Shaikh MMIT, Lohgaon, Pune-47 nisar.shaikh2022@mmit.edu.in
  • 2. Security Fundamentals • Confidentiality: Data should be accessible only to entities (users/machines/processes) with the valid permissions (also includes privacy) • Integrity: – Data should be modified only by entities with the valid permissions – A system should perform its function without any deliberate manipulation by entities without valid permissions • Availability: Data and service should be accessible (timely and reliable) to entities with the valid permissions • Authentication: – Entity authentication – validating user/machine identity – Message authentication – validating whether a message came from the user/machine/source who claims to have sent it • Access control: Validating the permissions a user claims to have on a resource • Non-repudiation: Actions of an entity should be uniquely traced back to that entity.
  • 3. Security Fundamentals • Cryptography (Encryption and Decryption): – Transform information from plaintext to ciphertext (encryption) so that it is not comprehensible for unauthorized entities during transmission or at the end systems (more towards confidentiality) – Every encryption algorithm needs to have a corresponding decryption algorithm to get back the plaintext • Digital Signature: A form of encryption/ decryption that ensures the message came from the appropriate entity – Non-repudiation, Message Authentication
  • 4. Security Fundamentals • Hashing: A digest of the message such that even if a bit changes in the message, the hash value should change – Integrity • Notarization: Vouching for a user/machine – the notarizing authority is trusted by the associated entities – Entity authentication • Steganography: Replace certain bits in a media file with the plaintext bits and transmit them – Weak confidentiality (but not very obvious to unauthorized users)
  • 5. Computer Security Challenges • Security is not simple • Potential attacks on the security features need to be considered • It is necessary to decide where to use the various security mechanisms • Requires constant monitoring • Is too often an afterthought • Security mechanisms typically involve more than a particular algorithm or protocol • Security is essentially a battle of wits between a perpetrator and the designer
  • 6. Threats and Attacks (RFC 4949)
  • 7. Source: William Stallings, Cryptography & Network Security, 6th ed. Passive vs. Active Attacks A passive attack attempts to learn or make use of information from the system but does not affect system resources
  • 8. Source: William Stallings, Cryptography & Network Security, 6th ed. Passive vs. Active Attacks An active attack attempts to alter system resources or affect their operation
  • 9. Passive Attacks • Eavesdropping (release of message contents) – solution: use encryption to prevent. • Traffic analysis (monitoring of transmission – Difficult to prevent or detect. – Though the contents of the transmission can be protected (using encryption), one can learn about the location and identity of the communicating hosts as well as the frequency and length of the messages being exchanged. • As passive attacks are difficult to detect, the emphasis is on prevention.
  • 10. Active Attacks • Active attacks involve some modification of the data stream or the creation of a false stream • Active attacks can be divided into four categories: – Masquerade: When one entity pretends to be a different entity (impersonation) – Replay: Passive capture of a data unit and its subsequent retransmission (if modified, could produce an unauthorized effect) – Modification of messages: modify the captured message – Denial of service: prevent the normal use or management of communications facilities (e.g., overload a server; prevent legitimate users from use) • It is difficult to prevent active attacks; the goal is on their detection.
  • 11. Active Attacks: Masquerade Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 12. Active Attacks: Replay Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 13. Active Attacks: Modification Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 14. Active Attacks: Denial of Service Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 15. Model for Network Security Source: William Stallings, Cryptography & Network Security, 6th ed.
  • 17. Security Services Authentication: The assurance that communicating entity is the one that it claims to be • Peer Entity Authentication: used in association with a logical connection to provide confidence in the identity of the entities connected • Data Origin Authentication: In a connectionless transfer, provides assurance that the source of received data is as claimed
  • 18. Security Services Access Control: The prevention of unauthorized use of a resource(i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do
  • 19. Security Services Data Confidentiality: The protection of data from unauthorized disclosure. • Connection Confidentiality: The protection of all user data on a connection. • Connectionless Confidentiality: The protection of all user data in a single data block. • Selective-Field Confidentiality: The confidentiality of selected fields within the user data on a connection or in a single data block.
  • 20. Security Services Data Integrity: The assurance that data received are exactly as sent by an authorized entity(i.e., contain no modification, insertion, deletion, or replay). • Connection Integrity with Recovery • Connection Integrity without Recovery • Selective-Field Connection Integrity • Connectionless Integrity • Selective-Field Connectionless Integrity
  • 21. Security Services Nonrepudiation: Provides protections against denial by one of the entities involved in communication of having participated in all or part of the communication. • Nonrepudiation Origin: Proof that the message was sent by the specified party. • Nonrepudiation Destination: Proof that the message was received by the specified party.
  • 22. Security Mechanisms Specific Security Mechanisms • Encipherment • Digital Signature • Access Control • Data Integrity • Authentication Exchange • Traffic Padding • Routing Control • Notarization
  • 23. Security Mechanism Encipherment: The use of Mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys.