Chirag's Blog: Types of Security Attack in Cryptography | Active Attack

What is cryptographic Security Attack?

A cryptographic attack is a method for circumventing the security of a cryptographic system by finding a weakness in a code, cipher, cryptographic protocol or key management scheme. This process is also called "cryptanalysis".

Types of Security Attack in Cryptography

Figure: Classification of Security Attack in Cryptography

Passive Attack

Release of message content:

Figure shows the release of message content passive attack.

Figure: Release of Message Content (Passive Attack)

The goal of the attacker is to obtain information that is being transmitted. A telephonic conversation, an electronic mail message and a transferred file may contain sensitive or confidential information. In this type of passive attack, message cannot modify by attacker. Attacker just read the message and then release the message. There may be a delay to reach message at receiver end.

For example, B sent message to A, A receives message. But before receiving message, message was read by unauthorized person. This kind of passive attack cannot by recognize/identified during massage transmission. It does not affect the system, just monitor data in network.

Traffic Analysis:

Figure shows the traffic analysis attack.

Figure: Traffice Analysis (Passive Attack)

Intruders checks the contents of message or other information, even if they captured the message but could not extract the information from the message. The opponent might observe a pattern of message to get the location, or any clue regarding the origin of message. Passive attack is very difficult to detect, because they do not involve any alteration of the data.

For example, B sending message to A, at that time intruders check the pattern of message and also check that how many numbers of messages send by sender with same pattern.

Active Attack

Masquerade

Figure shows masquerade attack.

Figure: Masquerade (Active Attack)

A masquerade take place when an attacker pretends to be an authentic user. Authentication sequence can be captured & replayed after a valid authentication sequence has taken place. It generally done to gain access to a system, or steal information from system.

Replay Attack

Figure shows replay attack.

Figure: Replay Attack (Active Attack)

Replay involves the passive capture of data unit and its subsequent retransmission to produce an unauthorized effect. A replay attack is also known as playback attack where attacker repeatedly keeps on transmitting valid data again and again to make the network jam or delayed the transmission of data.

For example, A and C have bank account in Bank B. A send request to bank B for fund transfer in C’s account. C capture the message produce unauthorized effect of message and get benefits twice for fund transfer. One is from original message and second is from unauthorized message.

Modification of Message

Figure shows modification of message attack. It is also one kind of replay attack.

Figure: Modification of Message (Active Attack)

Some portion message is altered, or that message is delayed or recorded to produce unauthorized effect. When content of message modified after sender sends it but before it reaches to concerned receiver, such type of attack is called modification of message.

For example, A message is “Virat will play and also captain in next match” is modified to “Rohit will play and also captain in next match.”

Denial of Services

Figure shows the denial of services.

Figure: Denial of Service (Active Attack)

Denial of service attack means making the network unavailable for the user those who want to communicate securely. Flood the entire network or server with traffic until shutdown occurs because if overload. This attack may have a specific target. Other form of this attack is disturbing an entire network, either by disabling the network or by overloading with messages so as to degrade performance.

Difference between Active Attack and Passive Attack