Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key Link End-to-End Traffic-Analysis Key Distribution Random Number Generation. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Signature, Public-key • Link• End-to-End• Traffic-Analysis• Key Distribution• Random Number Generation
2
Points of Vulnerability
L A N
C omm sSer ver
W orkstation
W ir ingC loset
F r ame R elayor A T MN etwor k
T elcoC entr alO ffice
F igur e 7.1 P oints of V ulner abil ity
3
Link / End-to-End
P acket-switchingnetwork
P SN P SN
P SN
P SN
= end-to-end encryption device
= link encryption device
P SN = packet sw itching node
F igur e 7.2 E ncr yption A cr oss a P ack et-Sw itching N etwork
• Link - both ends of link - many encryps / decryps - all links use it - decrypt at packet switch (read addr.) - unique key / node pair• End- to-End - only at ends - data encrypted, not address (header) - one key pair - traffic pattern insecure - authentication from sender
ConfidentialityConfidentiality
Table 7.1
Characteristics ofCharacteristics of Link and End-to-End Link and End-to-End
F igur e 7.4 E ncr yption C over age I mplications of Stor e-and-F or war d C ommunications
E mail
P resentation
Session
T ranspor t
N etwor k
Data L ink
P hysical
P resentation
Session
T ranspor t
N etwor k
Data L ink
P hysical
Scope of link -levelencryption
Scope of end-to-end encryption below application layer
E mail
T C P
I P
Data L ink
P hysical
E mail
T C P
I P
Data L ink
P hysical
E mail
O SI E ndSystem
M ail G ateway T C P /I P E ndSystem
Scope of A pplication-L ayer E nd-to-E nd E ncryption
I nternetwork Internetwork
OSI email gateway TCP
• no end-to-end protocol below appl. layer• networks terminate at mail gateway• mail gateway sets up new transport/network connections• need end-to-end encryp. at appl. Layer - disadvantage: many keys
E-mail GatewayE-mail Gateway
Various Encryption StrategiesL ink -H Net-H I P -H T C P -H Data L ink -T
(a) A pplication-L evel E ncryption (on link s and at routers and gateways)
F igur e 7.5 R elationship between E ncr yption and P r otocol L evels
T C P -HShading indicates encryption. = T C P headerIP-H = IP headerN et-H = N etw ork- level header (e.g., X .25 packet header, L L C header)L ink-H = D ata link control protocol headerL ink-T = D ata link control protocol trailer