Digital Signatures, OSI Model, and Network Attacks
Digital Signatures and Encryption
Digital Signature: A cryptographic method that ensures the identity of the sender in messages and documents. It uses two keys: a public key (Kp) and a secret key (Ks). The message is signed using the private key: F(M, Ks) = S
PGP (Pretty Good Privacy)
A system used for encryption and decryption to protect information that travels over the internet (including email) and other files (such as those stored on a hard drive). The system is based on public-key cryptography. The IETF used this as a basis to create the OpenPGP standard.
Triple DES (3DES or TDES)
A type of algorithm that performs triple DES encryption, making it much more secure than single DES encryption. It was developed by IBM in 1978. Triple DES encryption is not a multiple, independent process since they are not all subclasses. This is because DES has the mathematical property of being a group, implying that if the same block is encrypted twice with two different keys, the effective size of the key is increased.
OSI Model
7. Application Layer
The Application Layer interacts directly with the end-user, providing information services to support distributed applications and managing their communications with the presentation layer. Vulnerability: DNS spoofing (impersonation of a domain name).
6. Presentation Layer
The Presentation Layer allows the application to interpret the meaning of the information being exchanged. It performs format conversions, achieved through communication devices.
5. Session Layer
The Session Layer manages the dialogue between the two cooperating applications, providing services needed to establish communication, data flow, and connection termination.
4. Transport Layer
The Transport Layer provides end-to-end control and information exchange with the level of quality required by the user. It is the heart of the protocol hierarchy, enabling safe and economical data transport. Vulnerability: SYN Flood: An attacker sends messages marked by bursts of the SYN flag, aiming to saturate the operating system’s “Half-Open Connection” table.
3. Network Layer
The Network Layer provides the means to establish, maintain, and terminate switched connections between end-user systems. It is the lowest layer that deals with end-to-end transmission. Vulnerabilities: IP Spoofing (the source IP address is distorted in a datagram, generally using a private address); Route Prefix Injection; IP Fragmentation Attack.
2. Data Link Layer
The Data Link Layer ensures reliable transmission over the medium, performing error checking, retransmission, flow control, out-of-sequencing handling, and utilizing network layer capacities. Vulnerabilities: MAC Flooding, DHCP Server Spoofing, ARP Spoofing (fake ARP messages are sent to persuade a switch to redirect traffic from a certain host).
1. Physical Layer
The Physical Layer is responsible for the electrical, mechanical, functional, and procedural safeguards required to move data bits between each end of the communication link.
Types of Network Attacks
- MAC Flooding: Saturation of a switch’s CAM (Content Addressable Memory), forcing it to behave like a hub.
- DHCP Server Spoofing: An attacker sets up a rogue DHCP server to assign network addresses and designate itself as the router.
- ARP Spoofing: Fake ARP messages are sent to persuade a switch to redirect traffic from a certain host.
- WEP Cracking: Obtaining the key value of a wireless network access point.
- IP Spoofing: The source IP address is distorted (in a datagram), generally using a private address.
- Route Prefix Injection: By attacking a routing protocol, an attacker masquerades as a router, directing traffic to one or more networks (other destinations).
- IP Fragmentation Attack: Specially crafted packets with inconsistent fragment values are used to bypass firewalls.
- SYN Flood: An attacker sends messages marked by bursts of the SYN flag, aiming to saturate the operating system’s “Half-Open Connection” table. When this happens, the service cannot continue to receive requests (DoS attack).
- Brute Force Attack: On servers with open SSH, FTP, or HTTP services, brute force attacks are common, targeting usernames like root, admin, ftp, etc., with various passwords.