2

In my security course at university, we covered three components of network security, which were confidentiality, availability, or integrity. I'm putting together a presentation based around these 3 components, but my recollection of the course is quite fuzzy.

If a third party is able to sniff and replay a message, and thus they can perform an action like turning off a pump or sensor a second time, which component would that fall under? Suppose they can't actually understand the message and don't have direct visibility of the effect, but they have some context like time of day and frequency.

I think it was integrity, because the recipient can't trust the information, but it also affects the availability of that sensor and could perhaps be confidentiality if they know when particular messages are sent.

Which section would you put this type of attack under?

azoundria
  • 753
  • 2
  • 5
  • 7
  • This question is more suited for the security exchange, rather than cryptography. –  Feb 08 '17 at 18:02

1 Answers1

3

Replay attack is a standard term for this type of attack. You are right that the security property that is broken by this attack falls under the umbrella of integrity. It is an attack on the integrity of the communication as a whole. The integrity of each individual message is preserved, but not the integrity of the whole sequence of transmissions.

The attack may cause some effect in the recipient that in turn compromises the availability or confidentiality of other assets, but these compromises are not caused by the replay attack in itself. For example, if an actuator overflows a limit because it accepts too many messages to move in the same direction, and the reason the attacker could send these messages is that the communication protocol is not protected against replay, then an attack compromises the availability of the actuator, by compromising the integrity of the communication as a step in the overall attack.

Gilles 'SO- stop being evil'
  • 51,955
  • 14
  • 122
  • 182