The IT Law Wiki
The IT Law Wiki

Definitions[]

A passive attack is

[a]n attack against an authentication protocol where the attacker intercepts data traveling along the network between the claimant and verifier, but does not alter the data (i.e., eavesdropping)."[1]
[a]n actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.[2]

A passive attack is "[a]n attack that does not alter systems or data.[3]

Overview[]

The object of a passive attack might be to obtain data that is needed for an off-line attack.

"A passive attack is the simplest attack to mount in some ways. The base requirement is that the attacker obtain physical access to a communications medium and extract communications from it. For example, the attacker might tap a fiber-optic cable, acquire a mirror port on a switch, or listen to a wireless signal. The need for these taps to have physical access to a link exposes the attacker to the risk that the taps will be discovered. For example, a fiber tap or mirror port might be discovered by network operators noticing increased attenuation in the fiber or a change in switch configuration. Of course, passive attacks may be accomplished with the cooperation of the network operator, in which case there is a risk that the attacker's interactions with the network operator will be exposed."[4]

References[]

  1. NIST Special Publication 800-63, at 7.
  2. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  3. CNSSI 4009.
  4. Pervasive Attack: A Threat Model and Problem Statement, at 10-11.