Security Attacks - IT2028 (PDF)

Summary

This document provides a overview of security attacks, objectives, and architecture. It discusses confidentiality, integrity, and availability as key security objectives, along with various types of security attacks like passive and active attacks. It also outlines the OSI security architecture, a standardized model for organizing security requirements.

Full Transcript

IT2028 Security Attacks deliberate or inadvertent unauthorized manipulation of S...

IT2028 Security Attacks deliberate or inadvertent unauthorized manipulation of Security Objectives (Torra, 2018) the system. The identification of security objectives is the first step you can Availability ensures that systems work promptly and the service take to help ensure the security of your application. is not denied to authorized users. A loss of availability is the Security objectives are goals and constraints that affect the disruption of access to or use of information or an information confidentiality, integrity, and availability of your data and system. application. Authenticity: The property of being genuine and being able to Although the use of the CIA triad to define security objectives is be verified and trusted; confidence in the validity of a well established, many in the security field feel that additional transmission, a message, or a message originator. This means concepts are needed to present a complete picture, as illustrated verifying that users are who they say they are and that each input in Figure 1. arriving at the system came from a trusted source. Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Because truly secure systems are not yet an achievable goal, it must be possible to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes. OSI Security Architecture (Torra, 2018) The security architecture for Open Systems Interconnection (OSI) defines a general security architecture that is useful to managers as a way of organizing the task of providing security This standardized architecture defines security requirements. Figure 1. Security Objectives The key concepts that are covered in these sections are summarized in Figures 2-3. Confidentiality: Also known as data confidentiality, this property o Security attacks are any action that compromises the means that information is not made available or disclosed to security of information owned by an organization. unauthorized individuals, entities, or processes. A loss of o Security attacks attempt to gain unauthorized access to confidentiality is the unauthorized disclosure of information. information resources or services, or cause harm or Integrity: This term covers two (2) related concepts: damage to information systems. o Data integrity ensures that data (both stored and is transmitted packets) and programs are changed only in a specified and authorized manner. A loss of data integrity is the unauthorized modification or destruction of information. o System integrity ensures that a system performs its intended function in an unimpaired manner, free from 03 Handout 1 *Property of STI  [email protected] Page 1 of 3 IT2028 unencrypted email or telephone call and intercept it for sensitive information. o Traffic analysis: In this type, an attacker monitors communication channels to collect a range of information, including human and machine identities, locations of these identities, and types of encryption used, if applicable. Passive attacks are very difficult to detect because they do not involve any alteration of the data. Figure 2. Attacks The message traffic is sent and received in a normal fashion, o Security mechanisms are technical tools and and neither the sender nor the receiver is aware that a third party techniques that are used to implement security services has read the messages or observed the traffic pattern. o A process that is designed to detect, prevent, or recover The best way to prevent a passive attack is by using strong from a security attack. network encryption methods. This means that the original o Security service is a processing or communication message should be well encrypted into an unintelligible service that enhances the security of the data language at the sender’s end and should be decoded into an processing systems, and the information transfers of an understandable language at the receiver’s end. organization. Security services are intended to counter Active Attack (Torra, 2018) security attacks, and they make use of security Active attacks involve some modification of stored or mechanisms to provide the services. transmitted data or the creation of false data. There are four categories of active attacks: replay, masquerade, modification of messages, and denial of service. o A masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. Figure 3. Services o Replay involves the passive capture of a data unit Passive Attack (Torra, 2018) and its subsequent retransmission to produce an Passive attacks are like eavesdropping or monitoring unauthorized effect. transmissions. The goal of the attacker is to obtain information o Data modification simply means that some portion that is being transmitted. Two types of passive attacks are the of a legitimate message is altered or that messages release of message contents and traffic analysis: are delayed or reordered to produce an o Release of message contents: In this type, an attacker unauthorized effect. For example, a message will monitor an unprotected communication medium like stating “Allow Kit Estrada to read confidential file, 03 Handout 1 *Property of STI  [email protected] Page 2 of 3 IT2028 Accounts” might be modified to say, “Allow Fred authentication service is to ensure the recipient that the Brown to read confidential file, Accounts.” message is from the source that it claims to be from. o A denial-of-service attack prevents or inhibits the Access control is the ability to limit and control access to normal use or management of communication host systems and applications via communications links. To facilities. Such an attack may have a specific target; achieve this, each entity trying to gain access must first be for example, an entity may suppress all messages identified or authenticated so that access rights can be directed to a particular destination (e.g., the security tailored to the individual. audit service). Another form of service denial is the Data confidentiality is the protection of transmitted data disruption of an entire network, either by disabling from passive attacks. Concerning the content of data the network or by overloading it with messages to transmission, several levels of protection can be identified. degrade performance. The broadest service protects all user data transmitted between two users over a period. For example, when a logical network connection is set up between two systems, this broad protection prevents the release of any user data transmitted over the connection. Data integrity ensures that messages are received as sent, with no duplication, insertion, modification, reordering, or replays Data integrity ensures that information is modified only in appropriate ways by persons authorized to change it. Nonrepudiation prevents either a sender or a receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender sent the message. Similarly, when a message is received, the sender can prove that the alleged receiver received the message. Availability service means that a system or a system resource is accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; that is, a system is available if it provides services according to the system design whenever users request them. References: Figure 4. Types of attacks in the context of a client/server Kumar, G., Saini, DK., Huy Cuong, NH. (2020). Cyber defense mechanisms: Security, privacy, and challenges. CRC Press. interaction. Stallings, W. (2019). Information privacy engineering and privacy by design: Security Services (Torra, 2018) Understanding privacy threats, technologies, and regulations. Assison-Wesley Authentication service is concerned with ensuring that Professional. Torra, V. (2018). Data privacy: foundations, new developments, and the big data challenge. Springer International Publishing. communication is authentic. In the case of a single message, such as a warning or an alarm signal, the function of the 03 Handout 1 *Property of STI  [email protected] Page 3 of 3

Use Quizgecko on...
Browser
Browser