Security Attacks in cryptography
Introduction to Security Attacks
Overview of Cryptography and Security Attacks
- Abhishek introduces the topic of security attacks, emphasizing the importance of understanding cryptography as a foundational concept.
- He mentions that previous discussions on cryptography are available in another video, which will be linked in the description.
Types of Attacks: Passive Attacks
Definition and Characteristics
- Passive attacks involve an attacker intercepting messages without altering them; they can read but not modify the content.
- The definition highlights that passive attacks allow attackers to learn from the system without affecting its resources.
Prevention Strategies
- Better encryption techniques are suggested as a primary method for preventing passive attacks by converting messages into cipher text.
Types of Passive Attacks
- Release of Message Content
- Attackers can easily understand data if they access unencrypted messages.
- Traffic Analysis
- Even if messages are encrypted, attackers can analyze patterns such as frequency and length to infer information about communication.
Types of Attacks: Active Attacks
Overview and Characteristics
- Active attacks differ from passive ones as they allow attackers to see and modify message content during transmission.
Examples of Active Attacks
- Masquerade
- An attacker pretends to be someone else (e.g., impersonating users on social media), misleading others regarding their identity.
- Modification of Message
- Attackers change message contents before it reaches the intended recipient, potentially causing confusion or misinformation.
- Replay Attack
Understanding Replay Attacks and Denial of Service
Replay Attacks
- A replay attack involves the passive capture of a message, which is then retransmitted to create an unauthorized effect. This can lead to misunderstandings or irritations among users, especially if sensitive information like salary details is involved.
Denial of Service (DoS)
- In a denial of service scenario, an attacker can overload a server by sending multiple requests before legitimate users can access resources. For example, if Lily wants to fetch a webpage, the attacker could send numerous requests to prevent her from accessing it.
- The attacker exploits the server's capacity limits by overwhelming it with requests. If the server can handle only 100 requests at a time, any additional requests will cause delays or failures in processing legitimate user requests.
- Denial of service attacks disrupt normal communication facilities by either disabling networks or overloading them with excessive messages. This degradation in performance prevents users from accessing services they need.
Types of Attacks
- There are two main types of passive attacks: release of message content and traffic analysis. While encryption can help prevent these attacks, they remain difficult to detect since the messages themselves are not visible.