OSI Model Security and Encryption Protocols

Common Block Cipher Modes and Encryption

Double DES: This method uses two keys for encryption. It is susceptible to the meet-in-the-middle attack, where an attacker attempts to find a match such that E(k1, M) = D(k2, C).

ECB (Electronic Codebook): Each block is encoded with the same key. Information leakage can occur with repeated messages. While it is parallelizable, it is vulnerable to block replay attacks, where an attacker monitors and replays repeated messages.

CBC (Cipher Block Chaining): This mode uses a key and an Initialization Vector (IV). The IV ensures that the same plaintext produces different ciphers, which limits information leaks. However, patterns can still emerge in long messages, and the primary drawback is a lack of integrity.

Asymmetric Encryption and Key Exchange Protocols

Diffie-Hellman Key Exchange

1. Choose two large primes: p and g.
2. Choose private values a and b from the range [1, p-2].
3. Calculate public values A = g^a mod p and B = g^b mod p.
4. Calculate the shared secret s = B^a mod p (or A^b mod p).
5. Derive the key k = SHA256(s).
6. Use k as the key for CBC encryption.

Note: This protocol is vulnerable to Man-in-the-Middle (MITM) attacks if an attacker changes A and B to p.

RSA Encryption

1. Generate two large, distinct primes: p and q.
2. Calculate n = pq and phi = (p-1)(q-1).
3. Select a random integer e < phi that is relatively prime to phi.
4. Calculate d < phi such that e * d mod phi == 1.
5. The public key is [e, n] and the private key is [d, n].

Web Security Protocols and HTTPS Implementation

SSL (Secure Sockets Layer): Designed to avoid network attacks such as eavesdropping. It provides confidentiality and integrity, though it does not prevent browser-based attacks.

TLS (Transport Layer Security): The modern successor to SSL, providing updated security standards for data in transit.

Why We Don’t Always Use HTTPS

HTTPS can slow down web servers and break internet caching mechanisms. However, it is best practice to always use SSL/TLS when hosting websites to ensure user data protection.

OSI Model Security Layers and Vulnerabilities

The OSI model allows each protocol to perform a specific set of purposes. Below are the layers and their associated security risks:

• 1. Physical Layer: Controls bits on the medium. Attack: Physical destruction of hardware.
• 2. Data Link Layer: Controls the interface to the physical medium within frames. Attack: MAC flooding, which inundates the network switch with data packets.
• 3. Network Layer: Controls the routing of packets. Attack: ICMP Flooding, a Layer 3 infrastructure DDoS attack that uses ICMP messages to overload bandwidth.
• 4. Transport Layer: Controls error correction and packetization. Attacks: SYN Flood and Smurf Attack.
• 5. Session Layer: Manages communication sessions.
• 6. Presentation Layer: Handles data formatting and encryption.
• 7. Application Layer: User-centric protocols. Attacks: HTTP GET/POST requests, such as those used in website forms for logins, media uploads, or feedback.

Network Defense Strategies and Mitigation Tactics

1. Practice defense-in-depth tactics; use access controls, accountability, and auditing to track and control physical assets.
2. Allow discovered MAC addresses to be authenticated against an Authentication, Authorization, and Accounting (AAA) server and subsequently filtered.
3. Rate-limit ICMP traffic to prevent attacks from impacting bandwidth and firewall performance.
4. Utilize blackholing, a method typically used by ISPs to stop a DDoS attack on a customer by blocking the malicious traffic.
5. Implement application monitoring using dedicated algorithms and technologies to detect zero-day and application-layer threats.