Active attack: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Caesar Schinas
m (Robot: Changing template: TOC-right)
imported>Sandy Harris
No edit summary
Line 11: Line 11:
'''Successful active attacks are devastating'''; if the attacker can replace messages and have them taken as genuine, it is all over. The security system is then at best worthless; at worst it is of great value to the enemy.
'''Successful active attacks are devastating'''; if the attacker can replace messages and have them taken as genuine, it is all over. The security system is then at best worthless; at worst it is of great value to the enemy.


Fortunately, active attacks are '''generally hard to execute'''. The attacker must not only intercept messages, break whatever [[cryptography]] is in use, and send off his bogus message; he also has to block delivery of the genuine message. Moreover, he has to do it all ''in real time'', fast enough to avoid alerting his victims and to beat whatever synchronisation mechanisms the network may be using. A cryptosystem that an enemy can break in hours or days would generally be considered insecure, even worthless, but it will prevent active attacks as long as the enemy cannot break it quickly enough to replace messages.
Fortunately, active attacks are '''generally hard to execute'''. The attacker must not only intercept messages, break whatever [[cryptography]] is in use, and send off his bogus message; he also has to block delivery of the genuine message. Moreover, he has to do it all '''in real time''', fast enough to avoid alerting his victims and to beat whatever synchronisation mechanisms the network may be using. A cryptosystem that an enemy can break in hours or days would generally be considered insecure, even worthless, but it will prevent active attacks as long as the enemy cannot break it quickly enough to replace messages.
 
Note, however, that in some applications the previous paragraph does not apply. For example, if the encrypted "message" is actually a stored document, then an attacker may have ample time and it may be relatively easy to alter the document.


Moreover, [[cryptographic authentication]] can provide a '''complete defense''' against active attackers.
[[Cryptographic authentication]] can provide a '''complete defense''' against active attackers.
*[[Public key]] techniques are often used for [[information security#source authentication|source authentication]], to authenticate people or devices. This ensures that communication is with the right party and prevents [[man-in-the-middle attack]]s.
*[[Public key]] techniques are often used for [[information security#source authentication|source authentication]], to authenticate people or devices. This ensures that communication is with the right party and prevents [[man-in-the-middle attack]]s.
* Packets or messages are often authenticated with a [[hashed message authentication code]], for [[information security#integrity|data integrity protection]]. This prevents [[rewrite attack]]s, among others.
* Packets or messages are often authenticated with a [[hashed message authentication code]], for [[information security#integrity|data integrity protection]]. This prevents [[rewrite attack]]s, among others.


Systems that combine several cryptographic techniques are called [[hybrid cryptosystem]]s.
Systems that combine several cryptographic techniques are called [[hybrid cryptosystem]]s.

Revision as of 08:56, 24 August 2009

This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.
For more information, see: Cryptanalysis.

In cryptography an active attack on a communications system is one in which the attacker changes the communication. He may create, forge, alter, replace, block or reroute messages. This contrasts with a passive attack in which the attacker only eavesdrops; he may read messages he is not supposed to see, but he does not alter messages.

Active attacks include:

  • man-in-the-middle attack; the attacker tricks both communicating parties into communicating with him; they think they are talking to each other
  • rewrite attacks; the attacker can replace a message with anything he chooses

Successful active attacks are devastating; if the attacker can replace messages and have them taken as genuine, it is all over. The security system is then at best worthless; at worst it is of great value to the enemy.

Fortunately, active attacks are generally hard to execute. The attacker must not only intercept messages, break whatever cryptography is in use, and send off his bogus message; he also has to block delivery of the genuine message. Moreover, he has to do it all in real time, fast enough to avoid alerting his victims and to beat whatever synchronisation mechanisms the network may be using. A cryptosystem that an enemy can break in hours or days would generally be considered insecure, even worthless, but it will prevent active attacks as long as the enemy cannot break it quickly enough to replace messages.

Note, however, that in some applications the previous paragraph does not apply. For example, if the encrypted "message" is actually a stored document, then an attacker may have ample time and it may be relatively easy to alter the document.

Cryptographic authentication can provide a complete defense against active attackers.

Systems that combine several cryptographic techniques are called hybrid cryptosystems.