Replay Attack

Published on December 2016 | Categories: Documents | Downloads: 36 | Comments: 0 | Views: 214
of 2
Download PDF   Embed   Report

replay attack

Comments

Content


4. Replay Attack : An attack on an authentication system by recording and
replaying previously sent valid messages (or parts of messages). Any constant
authentication information, such as a password or electronically transmitted
biometric data, can be recorded and used later to forge messages that appear to
be authentic.
Security services : services that are provided by a system to give a specific kind
of protection to system resources are called security services.
Passive Attack
A passive attack monitors unencrypted traffic and looks for clear-text passwords and
sensitive information that can be used in other types of attacks. Passive attacks include
traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted
traffic, and capturing authentication information such as passwords. Passive interception of
network operations enables adversaries to see upcoming actions. Passive attacks result in
the disclosure of information or data files to an attacker without the consent or knowledge of
the user.
Active Attack
In an active attack, the attacker tries to bypass or break into secured systems. This can be
done through stealth, viruses, worms, or Troan horses. Active attacks include attempts to
circumvent or break protection features, to introduce malicious code, and to steal or modify
information. These attacks are mounted against a network backbone, exploit information in
transit, electronically penetrate an enclave, or attack an authori!ed remote user during an
attempt to connect to an enclave. Active attacks result in the disclosure or dissemination of
data files, "o#, or modification of data.
5. (is given in the book)
6. Access $ontrol is a set of controls to restrict access to certain resources. If we think
about it, access controls are everywhere around us. A door to your room, the guards
allowing you to enter the office building on seeing your access card, swiping your
card etc. all are examples of various types of access control.
A security policy may use two types of access controls, alone or in
combination. In one, access control is left to the discretion of the owner. In the other,
the operating system controls access, and the owner cannot override the controls.
DAC- If an individual user can set an access control mechanism to allow or deny access to an
object, that mechanism is a discretionary access control (A!). iscretionary access controls
base access rights on the identity of the subject and the identity of the object involved.
Identity is the key" the owner of the object constrains who can access it by allowing only
particular subjects to have access. #he owner states the constraint in terms of the identity of
the subject, or the owner of the subject.
$%A&'($) *uppose a child keeps a diary. #he child controls access to the diary,
because she can allow someone to read it (grant read access) or not allow someone to
read it (deny read access). #he child allows her mother to read it, but no one else.
#his is a discretionary access control because access to the diary is based on the
identity of the subject (mom) re+uesting read access to the object (the diary).
Mandatory Access Control (MAC)
,hen a system mechanism controls access to an object and an individual user cannot
alter that access, the control is a mandatory access control (&A!), occasionally called a rule-
based access control.
#he operating system enforces mandatory access controls. -either the subject nor the owner
of the object can determine whether access is granted. #ypically, the system mechanism will
check information associated with both the subject and the object to determine whether the
subject should access the object. .ules describe the conditions under which access is allowed.
This is a stricter and rather static Access $ontrol model as compared to "A$ and is mostly
suited for military organi!ations where data classification and confidentiality is of prime
importance. #pecial types of the %nix operating systems are based on &A$ model.
$%A&'($) #he law allows a court to access driving records without the owners/ permission.
#his is a mandatory control, because the owner of the record has no control over the court/s
accessing the information. originator controlled access control (0.!0- or 0.1!0-) -
originator controlled access control (0.!0- or 0.1!0-bases access on the creator of an
object (or the information it contains). #he goal of this control is to allow the originator of the
file (or of the information it contains) to control the dissemination of the information. #he
owner of the file has no control over who may access the file. *ection 2.3 discusses this type
of control in detail.
7.
8.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close