This preview shows page 1. Sign up to view the full content.
Unformatted text preview: erconnect) communications model. (See the OSI security architecture standard for more information .) In practice, it takes place either at the lowest layers (one and two) or at higher layers. If it takes place at the lowest layers, it is called link-by-link encryption; everything going through a particular data link is encrypted. If it takes place at higher layers, it is called end-to-end encryption; the data are encrypted selectively and stay encrypted until they are decrypted by the intended final recipient. Each approach has its own benefits and drawbacks. Table 10.1 Classes of Algorithms Algorithm Key Confidentiality Authentication Integrity Management Symmetric encryption algorithms Public-key encryption algorithms Digital signature algorithms Key-agreement algorithms One-way hash functions Message authentication codes Yes No No Yes Yes No No Yes No Yes Yes No Yes No No Optional No Yes No Yes Yes Yes No No Link-by-Link Encryption
The easiest place to add encryption is at the physical layer (see Figure 10.1). This is called link-by-link encryption. The interfaces to the physical layer are generally standardized and it is easy to connect hardware encryption devices at this point. These devices encrypt all data passing through them, including data, routing information, and protocol information. They can be used on any type of digital communication link. On the other hand, any intelligent switching or storing nodes between the sender and the receiver need to decrypt the data stream before processing it. This type of encryption is very effective. Because everything is encrypted, a cryptanalyst can get no information about the structure of the information. He has no idea who is talking to whom, how long the messages they are sending are, what times of day they communicate, and so on. This is called traffic-flow security: the enemy is not only denied access to the information, but also access to the knowledge of where and how much information is flowing. Security does not depend on any traffic management technique...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10