Skip to content

Connection Establishment

Key Exchange Mechanisms**

1. Key Exchange Methods

Key exchange mechanisms are used to securely exchange cryptographic keys between parties to enable encrypted communication. They allow secure key agreement over insecure channels using mathematical operations.

2. Diffie-Hellman (DH)

  • Establishes a shared secret key without prior communication.
  • Used in TLS and other secure communication protocols.
  • Vulnerable to Man-in-the-Middle (MITM) attacks unless authenticated.
  • Requires high computational power, making it less suitable for low-power devices.

3. Rivest–Shamir–Adleman (RSA)

  • Uses large prime numbers for key generation.
  • Commonly used for encryption, authentication, and digital signatures (SSL/TLS, PKINIT, etc.).
  • Computationally intensive but widely trusted.

4. Elliptic Curve Diffie-Hellman (ECDH)

  • A more secure and efficient variant of DH using elliptic curve cryptography (ECC).
  • Provides forward secrecy, ensuring past communications remain secure even if private keys are compromised.
  • Used in TLS and VPN authentication.

5. Elliptic Curve Digital Signature Algorithm (ECDSA)

  • Uses ECC for digital signatures to authenticate key exchange participants.
  • More secure and efficient than traditional RSA signatures.

6. Internet Key Exchange (IKE)

  • Protocol for establishing secure communication in VPNs and network security.
  • Uses Diffie-Hellman, RSA, and AES for key exchange and encryption.
  • Operates in two modes:
    • Main Mode: More secure but slower.
    • Aggressive Mode: Faster but offers less identity protection.

7. Pre-Shared Keys (PSK)

  • A secret key shared between parties for authentication in IKE.
  • Provides an additional security layer but requires secure initial distribution.
  • If compromised, the session security is at risk.

Authentication Protocols

1. Importance of Authentication Protocols

Authentication protocols are essential for verifying the identity of users and devices in a network. They prevent unauthorized access, protect sensitive data, and ensure secure communication.

2. Common Authentication Protocols

Protocol Description
Kerberos Uses a Key Distribution Center (KDC) and ticket-based authentication for secure access in domain environments.
SRP (Secure Remote Password) Password-based authentication protocol resistant to eavesdropping and MITM attacks.
SSL (Secure Sockets Layer) Legacy cryptographic protocol for encrypted communication.
TLS (Transport Layer Security) Successor to SSL, providing secure internet communication.
OAuth Open standard for secure third-party authorization without sharing passwords.
OpenID Decentralized authentication protocol allowing single identity sign-in across multiple websites.
SAML (Security Assertion Markup Language) XML-based authentication and authorization protocol used in enterprise environments.
2FA (Two-Factor Authentication) Uses two different factors (e.g., password + OTP) for identity verification.
FIDO (Fast IDentity Online) Standard for strong authentication without relying on passwords.
PKI (Public Key Infrastructure) Uses public-private key pairs for encryption and digital signatures.
SSO (Single Sign-On) Enables access to multiple applications with one set of credentials.
MFA (Multi-Factor Authentication) Uses multiple authentication factors (e.g., password, device, biometrics) for stronger security.
PAP (Password Authentication Protocol) Sends passwords in plain text; highly insecure.
CHAP (Challenge Handshake Authentication Protocol) Uses a three-way handshake for secure authentication.
EAP (Extensible Authentication Protocol) Framework supporting multiple authentication methods.
SSH (Secure Shell) Secure protocol for remote access and command execution.
HTTPS (Hypertext Transfer Protocol Secure) Secure version of HTTP using SSL/TLS encryption.
LEAP (Lightweight Extensible Authentication Protocol) Wireless authentication protocol by Cisco, vulnerable to dictionary attacks.
PEAP (Protected Extensible Authentication Protocol) Secure wireless authentication using TLS encryption, more secure than LEAP.

3. Security Considerations

  • TLS and SSL are commonly used for secure communication.
  • SSH and HTTPS encrypt authentication data, preventing interception and tampering.
  • PEAP is more secure than LEAP due to stronger encryption methods.
  • OAuth and OpenID facilitate secure access without exposing passwords.

TCP/UDP Connections

TCP (Transmission Control Protocol) is a connection-oriented protocol that ensures reliable data delivery with error checking, making it suitable for web pages and emails. UDP (User Datagram Protocol) is a connectionless protocol optimized for speed, commonly used for video streaming and online gaming.

IP Packet & Header

An IP packet consists of a header (containing metadata such as source/destination addresses, protocol type, and error-checking fields) and a payload (the actual data). Key header fields include Version, Time to Live (TTL), Protocol (e.g., TCP/UDP), and Checksum for error detection.

Network Sniffing & IP Identification

Network sniffing tools (like tcpdump) analyze network traffic. The IP ID field helps identify packets from the same host, even if different IP addresses are used. Continuous ID sequences in captured packets can indicate the same source device.

IP Record-Route Field & Traceroute

The Record-Route field in an IP header logs the path taken by a packet across the network. Traceroute maps the route to a destination by sending packets with incrementally increasing TTL values, identifying each router along the path.

IP Payload (TCP vs. UDP)

  • TCP Packets: Include headers (with fields like source/destination port, sequence number, acknowledgment number, and error-checking checksum) and payloads (data being transmitted).
  • UDP Packets: Connectionless, containing minimal header information and no error correction, prioritizing speed over reliability.

Blind Spoofing Attack

Blind spoofing is a cyberattack where an attacker forges IP packets with fake source/destination addresses and manipulated sequence numbers to disrupt or hijack network connections. This technique can be used for denial-of-service attacks or network traffic interception.

Cryptography**

Encryption Overview

Encryption protects sensitive data (e.g., payment info, emails, personal data) from unauthorized access and manipulation using cryptographic algorithms. Encryption transforms data into an unreadable format using symmetric or asymmetric encryption. Modern cryptographic methods with long key lengths provide strong security.

Symmetric Encryption

  • Uses a single key for both encryption and decryption.
  • Fast and efficient for encrypting large data sets.
  • Examples: AES (Advanced Encryption Standard), DES (Data Encryption Standard).
  • Challenge: Secure key distribution.

Asymmetric Encryption

  • Uses two keys: a public key for encryption and a private key for decryption.
  • More secure but slower than symmetric encryption.
  • Examples: RSA, PGP, ECC.
  • Uses: Digital signatures, SSL/TLS, VPNs, SSH, PKI.

Data Encryption Standard (DES)

  • 56-bit key with block cipher encryption.
  • Triple DES (3DES) enhances security with three encryption rounds.
  • Replaced by AES due to security vulnerabilities.

Advanced Encryption Standard (AES)

  • Key lengths: 128-bit, 192-bit, or 256-bit.
  • Faster and more secure than DES.
  • Used in WLAN IEEE 802.11i, IPsec, SSH, VoIP, PGP, OpenSSL.

Cipher Modes

Encryption modes determine how plaintext is processed:

  • ECB (Electronic Code Book) – Weak due to pattern leaks.
  • CBC (Cipher Block Chaining) – Used in TLS, SSL, and disk encryption.
  • CFB (Cipher Feedback) – Suitable for real-time encryption (e.g., network traffic).
  • OFB (Output Feedback) – Encrypts continuous data streams.
  • CTR (Counter Mode) – Used in IPsec and disk encryption.
  • GCM (Galois/Counter Mode) – Ensures both confidentiality and integrity (e.g., VPNs, wireless security).

Each mode has unique advantages and is chosen based on security needs and application requirements.