Interception is a form of #Security Attack aims at eavesdropping or monitoring or simply gaining access to the network flow or the system itself. It undermines the confidentiality# of the system. Traffic analysis# and Man-In-The-Middle Attack (MITM)# are one of the methods of interception, and the information acquired by this method could be exposed to the public or furthered materialised using one of the Active Attack.
Interception
-
Simple Authentication Dialogue
Simple Authentication Dialogue is a simple scheme that authenticates# users with username and password. It comes with a problem: If the password is transmitted in plaintext, then the user is vulnerable to eavesdropping#. Furthermore, it could prompt too many times for the user to enter their password as their sessions come to an end which could be one of the information the Cryptanalyst can utilise.
-
Security Attack
Security Attack is an action that attempt to compromise the information security and/or disrupt the normal flow of information, that is from source to destination. There are several methods on attempting it: Interruption#, Interception#, Modification# and Fabrication#. Based on its invasiveness, Security Attack could be divided into two categories: Passive Attack# and Active Attack#.
-
Passive Attack
Passive Attack is a kind of #Security Attack involves eavesdropping or monitoring the network without disturbing the system utilities. It is rather difficult to detect, but there are some prevention methods available. Interception# is such attack. A Passive Attack could be developed into an Active Attack.
- Network External Threat
-
Man-In-The-Middle Attack (MITM)
MITM is a #Cryptanalytic Attack where the Cryptanalyst found a way to be in between two parties in a communication channel. It is exceptionally dangerous to encryption scheme that involves key exchange such as Symmetric Cryptography# and Asymmetric Cryptography#. It is form of #Interception.
-
Kerberos
There are four requirements for Kerberos. First, it needs to be secure so that the eavesdropper# will not obtain enough information for impersonation. Second, it must be highly reliable where there is at least one system able to back up another (typically in a distributed server architecture). Third, the Authentication# should be transparent that is the user should not aware that the authentication is taking place beyond the need to enter a password. Last but not least, it should be scalable so that it is capable of supporting large numbers of clients and servers.
-
File Transfer Protocol (FTP)
FTP transfers password in plaintext, which is vulnerable to eavesdropping#.
-
Confidentiality
Confidentiality is the protection of transmitted data from unauthorised disclosure. It serves as a #Security Service and utilises encryption# and Routing Control# in order to counter the release of message contents#.