In this video, you will learn to describe the various attack classifications such as passive attacks and active attacks. So let's move into security attacks. So let's move into attack classifications. One of the first attack classifications that we'll look at is the idea of a passive attack. Essentially, it's an eavesdropping style of attack. The methodology of citizens [inaudible] communications connection to the channel that we described earlier in Module 1. Here in the diagram, we see Bob communicating with Alice, and an intruder, in this case, Darth captures the message out of the communications channel, and this is undetected by Alice or Bob. So the benefits of this attack obviously since it's not detected by Alice or Bob is that the eavesdropping could occur for a long time, for a very long time. So we can actually get the content of the message. Second class of attack for passive attacks is traffic analysis. This is a an attack or style that doesn't look so much at the payload, but the frequency and the size of the messages. One of the great examples of this is during an earlier presidential administration, a local newspaper was monitoring the number of pizzas that were delivered after 7:00 PM to the White House, and the correlation was between a large number of pizzas being correlated, being delivered after 7:00 PM and events of a National Security nature occurring the next day. So this is actually traffic analysis in its most basic form very very noble way to do that. So one of the questions that you'll see here on the slide is do you think passive attacks are hard or easy to detect? Well, they're hard to detect because the message from Bob to Alice meets our security criteria. So what do I mean by that? That the messages are authenticated. So Alice can prove that the message is in fact back from Bob. The message can be passed an integrity check because Darth our interceptor is only collecting the messages, he's not changing them. So there's no evidence that the messages have been changed. We've seen certainly examples of proving that when Bob says to Alice let's go to lunch at 1:00 PM, and both of them show up at lunch at 1:00 PM, and consequently there's no evidence that that message has been modified. The confidentiality of that of course is violated because our intercept or Darth now has access to the message, now whether it's encrypted or not, like I said, that's another question. But Alice doesn't have any evidence that Darth has a copy of the message. So in fact, it actually passes that context. So you can see the perspective of how passive attacks are some of the most dangerous from an information or an intelligence collection process that can run literally for years before it's been detected. Active attacks. Active attacks obviously involves some modification of the data stream or the creation of a false story that can actually fall into four basic categories. Masquerade, replay, modification of the messages, and denial of service. So masquerade is intuitive. This is the masking of one end at the appearing as another. So in this case, Darth would pretend to be Bob. He would intercept the message read it. Let's go to one-to-one, if that was the message. Send the message to Alice, Oh, how about 11: 30 A.M, is that better? Alice thinks it's Bob reports the lunch at 11: 30 A.M. So masquerading is extremely dangerous within this context. We talked about the replay of these messages. So this can be used for man in the middle attack so that Darth would intercept the message from Bob, read it, act on that, and then send the unmodified message to Alice, let's say, an hour later with the correct timestamp, so that Alice receives the message and then acts on it and it passes the integrity perspective because the message is not modified, fails the confidentiality because Darth has seen that the integrity passes, message isn't modifying, the authentication part fails however because this actually came from Darth not Bob, no way to prove that. So modification that we talked about that a little bit earlier that the message from Darth could be let's meet for lunch at 11:30 A.M. So that message could be actively modified. Once again, this is of great concern to the US government. The messages are modified. Reports are modified. Significant effort to ensure the integrity of that. Then fundamentally, the last one of course is the denial of service where the message actually just never gets through. So active attacks are the opposite in terms of characteristics of passive attacks. Passive attacks are difficult to detect. However, active attacks have measures that are available that we can actually get a sense that something that there's an anomaly. It's difficult to prevent active attacks universally absolutely because of the diversity of the style of attacks that come through with that. So the goal here is to detect the active attacks earlier, and to recover from any disruption or delays caused by the attacks. So two major attack classifications. Passive attacks and active attacks.
