Definitions[]
A passive attack is
“ | [a]n attack against an authentication protocol where the attacker intercepts data traveling along the network between the claimant and verifier, but does not alter the data (i.e., eavesdropping)."[1] | ” |
“ | [a]n actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.[2] | ” |
A passive attack is "[a]n attack that does not alter systems or data.[3]
Overview[]
The object of a passive attack might be to obtain data that is needed for an off-line attack.
"A passive attack is the simplest attack to mount in some ways. The base requirement is that the attacker obtain physical access to a communications medium and extract communications from it. For example, the attacker might tap a fiber-optic cable, acquire a mirror port on a switch, or listen to a wireless signal. The need for these taps to have physical access to a link exposes the attacker to the risk that the taps will be discovered. For example, a fiber tap or mirror port might be discovered by network operators noticing increased attenuation in the fiber or a change in switch configuration. Of course, passive attacks may be accomplished with the cooperation of the network operator, in which case there is a risk that the attacker's interactions with the network operator will be exposed."[4]
References[]
- ↑ NIST Special Publication 800-63, at 7.
- ↑ NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
- ↑ CNSSI 4009.
- ↑ Pervasive Attack: A Threat Model and Problem Statement, at 10-11.