UNIT - I
Cryptography & Network Security
A second type of passive attack, traffic analysis (above fig.(b)), is subtler. Suppose
that we had a way of masking the contents of messages or other information traffic so
that opponents, even if they captured the message, could not extract the information
from the message. The common technique for masking contents is encryption. If we
had encryption protection in place, an opponent might still be able to observe the
pattern of these messages. The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of messages being
exchanged. This information might be useful in guessing the nature of the
communication that was taking place.
Passive attacks are very difficult to detect, because they do not involve any alteration
of the data. Typically, the message traffic is sent and received in an apparently normal
fashion, and neither the sender nor receiver is aware that a third party has read the
messages or observed the traffic pattern. However, it is feasible to prevent the success
of these attacks, usually by means of encryption. Thus, the emphasis in dealing with
passive attacks is on prevention rather than detection.
Active Attacks: Active attacks involve some modification of the data stream or the
creation of a false stream and can be subdivided into four categories: masquerade,
replay, modification of messages, and denial of service.
A masquerade (below fig.(a)) takes place when one entity pretends to be a different
entity. A masquerade attack usually includes one of the other forms of active attack.
For example, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those
Replay (below fig.(b)) involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect.
Modification of messages (below fig.(c)) simply means that some portion of a
legitimate message is altered, or that messages are delayed or reordered, to produce an
unauthorized effect. For example, a message meaning ―Allow John Smith to read
confidential file accounts‖ is modified to mean ―Allow Fred Brown to read
confidential file accounts.‖
The denial of service (below fig.(d)) prevents or inhibits the normal use or
management of communications facilities. This attack may have a specific target; for
example, an entity may suppress all messages directed to a particular destination.
Another form of service denial is the disruption of an entire network, either by
disabling the network or by overloading it with messages so as to degrade
performance. Active attacks present the opposite characteristics of passive attacks.
Whereas passive attacks are difficult to detect, measures are available to prevent their
On the other hand, it is quite difficult to prevent active attacks absolutely because of
the wide variety of potential physical, software, and network vulnerabilities. Instead,
the goal is to detect active attacks and to recover from any disruption or delays caused
by them. If the detection has a deterrent effect, it may also contribute to prevention.
© Dept.s of CSE & IT, PEC
For the internal circulation in Pragati Engineering College only
Soma Sekhar T.