DESCRIPTION AND COUNTERMEASURES FOR TECHNICAL
SECURITY FROM PASSIVE ATTACKS
N.V., Petrechuk L.N.
metallurgical academy of Ukraine
В статье рассматривается
важность как технологических так и не технологических контрмер при построении
эффективной защиты в момент атак на всех уровнях информационной инфраструктуры.
Определены и показани некоторые формы пассивных нападений и контрмеры против
importance of using both technical and nontechnical countermeasures in
constructing an effective and overall security solution is discussed in the
paper. It concerns attacks at all layers of the information infrastructure. The
main principles for determining appropriate technical security countermeasures
are discussed . Determination of some passive attacks and countermeasures
against them are shown.
passive attacks, сountermeasures.
Security services are the ones which save
and secure information and information systems. One can count five primary
areas of security service: access control, confidentiality, integrity,
availability and non-repudiation. These services are provided by incorporating
security mechanisms such as encryption, identification, authentication, access
control, etc. that are embedded into the information system to form a barrier
to attack. Here we present adversaries, motivations, and categories of attacks,
particularly the potential adversaries.
Typically adversaries are the
ones having malicious intent. However, in the context of a system and
information security and protection, it is also important to consider the
threat posed by those without malicious intent. We can divide them into two
common groups, malicious and non -malicious. The first one includes hackers , a
group or individuals (e.g., hackers, crackers, trashers, and pirates) who
attack networks and systems seeking to exploit the vulnerabilities in operating
systems or other flaws ;International press, the organizations that involve
gathering information on everything and anyone at any given time ; industrial
competitors, foreign and domestic corporations rivaling in a competitive market
and often engaged in the illegal gathering of information from competitors or
foreign governments through corporate espionage. Non-malicious group includes
just careless or poorly trained employees, who through lack of training, lack
of concern, or lack of attentiveness, pose a threat to information and
following are some common reasons why the above described groups might want to
exploit a particular target:
Gain access to classified or sensitive information.
or monitor the target’s operations (traffic analysis).
the target’s operations.
money, products, or services.
free use of resources (e.g., computing resources or free use of networks).
the technical challenge of defeating security mechanisms.
From the viewpoint of the information
system these motivations can be classified into three groups with next basic
goals:(a) access to information, (b) modification or destruction of the formation
or system processes, (c) denial of access to information. In attacking an
information processing system, an adversary accepts a certain risk. Risk
the adversary’s ability to perform other types of attacks;
responses that might prevent the success of a future attack, especially when
the gain is much greater;
penalties (e.g., fines, imprisonment, embarrassment); and other dangerous
effects even threatening human life.
The level of risk that an
adversary is willing to accept depends on the adversary’s motivation. Attacks
could be also divided into several classes as each attack has its unique
characteristics that should be considered in defining and implementing
countermeasures. Depending on their activity all attacks can be defined as
active and passive classes. Active attacks include attempts to
circumvent or break security features, introduce malicious code (such as
computer viruses), and subvert data or system integrity. Typical
countermeasures include strong enclave boundary protection (e.g., firewalls and
guards In this paper we consider only one class: passive attacks. As an
example of a passive attack on a cryptosystem is one in which the cryptanalyst
cannot interact with any of the parties involved, attempting to break the
system solely based upon observed data (i.e. the cipher-text).
These attacks involve passive
monitoring of communications given over public media (e.g., radio, satellite,
microwave, and public switched networks). Countermeasures used against passive
attacks include virtual private networks (VPN), cryptographically protected
networks, and protected distribution networks (e.g., physically protected or
alarmed wire line distribution network).
Table 1 provides examples of attacks
characteristic of this class.
An attacker monitoring the network could
capture user or enclave data that is not otherwise protected from disclosure.
Cryptoanalytic capability is available
in the public domain, as witnessed by the June 1997 collaborative breaking of
the 56-bit-strength Data Encryption Standard. While the near-term potential
for attack on large volumes of traffic is questionable given the number of
machines and hours involved, breaking of DES does show the vulnerability of
any single transaction.
This type of attack involves use of
protocol analyzers to capture passwords for unauthorized reuse.
Observation of external traffic patterns
can give critical information to adversaries even without decryption of the
underlying information. For example, extension of a network into a tactical
theater of operations may indicate the imminence of offensive operations
thereby removing the element of surprise.
3. What is the real threat
posted by JHADIST, ESISC,Ludovic Terren, Research Intern-July, 2013.