Message Transmission Security Risks

Version of 11 May 1998

Roger Clarke

© Xamax Consultancy Pty Ltd, 1996, 1997, 1998

This document was prepared as a breakout box to support the documents called 'Crypto-Confusion' and 'Data Transmission Security'. It provides an outline of the risks involved in the transmission of a message from one person or organisation to another.

This document is at http://www.anu.edu.au/people/Roger.Clarke/II/CryptoSecy.html

When a message is sent from one person or organisation to another, over a communications link, the following risks exist:

(1) Non-Receipt of a message by the intended recipient

1. This may be:

• accidental (e.g. through mis-addressing of the message, or loss in transit); or
• intentional (e.g. through interception and non-re-transmission by a third party, delivery to an imposter instead of the intended recipient, or non-transmission by a message-carrier).

(2) Access by an unintended person or organisation

This may be to:

• the contents of the message; or
• just to the fact that a message passed between that particular sender and that particular receiver.

Its cause may be:

• accidental (e.g. through mis-addressing of a message); or
• intentional (e.g. through interception in transit, delivery to an imposter, or unauthorised access by a message-carrier).

(3) Change to the contents while in transit

The cause may be:

• accidental (e.g. through corruption in transit, or misinterpretation by the sender's or the receiver's software); or
• intentional (e.g. through interception, change and re-transmission by some other party, including the message-carrier).

(4) Receipt of a false message

By this is meant a message that purports to come from a particular sender, but which that person or organisation did not in fact send. The cause may be:

• accidental (e.g. re-transmission of a duplicate message); or
• intentional (e.g. creation of a message by an imposter. This is commonly referred to as 'spoofing').

(5) Wrongful denial

This may be an act by:

• a message-sender claiming that they did not do send it; or
• a message-recipient claiming that they did not receive it.

Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 11 February 1996

Last Amended: 11 May 1998

These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).