RFC 2828 / X.800 security architecture framework categorizes information security into three distinct areas:
Security Attacks: Any action that compromises the security of information owned by an organization.
Security Services: A processing or communication service provided by a system to ensure specific security of data or transfers (e.g., Confidentiality).
Security Mechanisms: A process or device designed to detect, prevent, or recover from a security attack (e.g., Encryption).
Basically, there are four core types of security attacks: Interruption, Interception, Modification, and Fabrication. These are often conceptualized by how they disrupt normal communication between a sender (Alice) and a receiver (Bob).
1. Interruption: An asset of the system is destroyed or becomes unavailable or unusable (Attack on Availability).
2. Interception: An unauthorized party gains access to an asset (Attack on Confidentiality).
3. Modification: An unauthorized party not only gains access but tampers with an asset (Attack on Integrity).
4. Fabrication: An unauthorized party inserts counterfeit objects into the system (Attack on Authentication).
These four attacks are broader examples of Passive Attacks (monitoring/intercepting without altering data) and Active Attacks (modifying data or altering the state of the system).
Passive attacks focus on monitoring and observing communications without altering the data itself. The primary objective of the attacker is to obtain information that is being transmitted.
Because the data remains unchanged, these attacks are extremely difficult to detect. The system continues to operate normally, leaving no obvious traces or logs. Therefore, the focus of information security when dealing with passive attacks is on prevention (using encryption) rather than detection.
There are two primary types of passive attacks:
Release of Message Contents ✉️: An unauthorized attacker intercepts a communication (like an email or a file transfer) and reads the confidential information contained within it.
Traffic Analysis 📊: Even if the message contents are encrypted and unreadable, the attacker observes the online traffic. They analyze the location and identity of the communicating hosts, and monitor the frequency and length of messages being exchanged to determine the nature of the communication.
