Security attacks are an illegitimate effort to evade and violate the system’s security in order to monitor, alter, damage the data that is being exchanged between two systems. The security attack creates a threat to the confidentiality, availability, authentication of the transmitted data.
Nowadays the companies allow their employees to access the company’s data from anywhere using any local network. This makes the data vulnerable to attack. There are a variety of ways in which this attack can be performed which we will discuss in the section below.
In every transmission of the data there is one sender who is sending the data and a receiver who is receiving the data apart from these two there is a third part i.e., an opponent who is performing the attack.
In a passive attack, the opponent eavesdrops or monitor the transmission of data from one system to another. The main aim of the opponent is only to gain the information exchanged between the sender and the receiver.
The passive attack is further classified into two types that are the release of message content and traffic analysis.
Release of Message
To understand the release of the message, consider a scenario of a telephone conversation that may have some important talks or transfer of email from one company to another which may have some confidential information. The passive attack here is on the content of these transmissions.
Now, in traffic analysis passive attack the scenario is if we mask the content of transmission then even if the opponent acquires the transmitted message, he will be unable to realize the original content of the message. Masking the original contents can be achieved by the method of encryption where the original text is encoded in such a way that only the authorized receiver can decode it back into the original message.
But even after encryption if the opponent traces several encrypted messages, it can identify the encryption pattern used and may decode the encrypted message.
It is hard to recognize the passive security attack because the opponent does not perform any modification or alteration to the original message. Here the opponent silently observes the information being exchanged between the sender and receiver.
Here the sender and the receiver are unaware of the passive attack. So, here the prevention of attack is more important as compared to the detection.
Active attacks are the attacks in which the opponent modifies or completely changes the information being transmitted. The active security attack is also classified into four types.
In a masquerade attack, the opponent pretends to be the sender on the receiver side. The opponent sends false messages to the receiver without the consent of the sender. Observe the figure above, that path 2 is active in the masquerade attack.
In the replay attack, the opponent acquires the original message using passive attack performs unauthorized effects on the original message, and resends it to the receiver. In the figure above the path 1, 2, and 3 are active.
Modification of Message
In the modification of the message the opponent alters, delays, or reorders the messages send by the sender to the receiver. Here, the path 1 and 2 are active.
Denial of Service
In the denial of service attack, the opponent creates a scenario where the sender of the message would be denied to access its services. Such as the opponent would create a disturbance in the network by overloading it with several messages or by just disabling the network.
Here we conclude that passive security attacks are hard to detect so the concern must be on preventing the attack. Whereas active security attacks are hard to prevent so they must be detected and recovered by some means.