Home »
Cyber Security
Active and Passive attacks in Information Security | Cyber Security
By Sahil Singh, on September 30, 2019
The attack in cryptography means that our data or sent messages or any kind of information is accessed by some anonymous user without our permission. An attack simply means to alter, destroy, implant or reveal the data of a user without their permission. This happens because of some flaws and defects in the security systems. Attacks are differentiated based on the actions of the attacker.
There are two types of security attacks,
- Active Attack
- Passive Attack
1. Active Attack
Assume that two computers or any communicating devices are connected and they are transferring data with each other. In Active Attack, the attacker, not just only observes data but he has direct access to it. The attacker can read and update the data without the information of any of the users. In Active Attack, the attacker tries to induce noise in the data transmission. He tries to put error bits in the transmission. The attacker tries to alter or modify the data. In other words, the data that is transmitted is modified by a third client illegally is called Active Attack.
Active attack
The example of active attack are:
- Masquerade
- Relay
- Denial of service:
Masquerade
Assume that A and B are connected and they are transferring data to each other. A and B are genuine users. In the Masquerade attack, the attacker used the identity of the authentic users and he breaks into the communication and behaves like the authentic user and grabs all the data.
Relay
Assume that A and B are connected and they are transferring data to each other. A is sending some message to B. The message is on its way but in between the attacker captures the message and now not only he can read the message but he can update and modify it too. He can create error bits in the message. Error bits are the bits that don’t belong to the original message.
Denial of service
In this attack, the attacker sends a lot of requests to the server to increase the traffic. If the server has a lot of requests then it will take a lot of time to respond to the genuine requests which are made by the authentic users. In this way, by increasing the traffic on the server, he can slow down the server. In this way, the authentic users will not get a response from the server. In this way, their service is denied.
2. Passive Attack
In Passive Attack, the attacker can observe every message or data that is sent or received in the communication but he can not update or modify it. This is called Passiveness. He can’t induce noise or error bits in the original message. The users have no idea that their communication is observed by a third party. He can silently read all the data and he can use that data in the future to create threats