Encryption
Encryption is probably the most important and
versatile tool for a network security expert. We have seen in earlier chapters
that encryption is powerful for providing privacy, authenticity, integrity, and
limited access to data. Because networks often involve even greater risks, they
often secure data with encryption, perhaps in combination with other controls.
In network applications, encryption can be
applied either between two hosts (called link encryption) or between two
applications (called end-to-end encryption). We consider each below. With
either form of encryption, key distribution is always a problem. Encryption
keys must be delivered to the sender and receiver in a secure manner. In this
section, we also investigate techniques for safe key distribution in networks.
Finally, we study a cryptographic facility for a network computing environment.
Link Encryption
In link encryption,
data are encrypted just before the system places them on the physical
communications link. In this case, encryption occurs at layer 1 or 2 in the OSI
model. (A similar situation occurs with TCP/IP protocols.) Similarly,
decryption occurs just as the communication arrives at and enters the receiving
computer. A model of link encryption is shown in Figure 2.
Figure 2 Link Encryption.
Encryption protects the message in transit
between two computers, but the message is in plaintext inside the hosts. (A
message in plaintext is said to be "in the clear.") Notice that
because the encryption is added at the bottom protocol layer, the message is
exposed in all other layers of the sender and receiver. If we have good
physical security, we may not be too concerned about this exposure; the
exposure occurs on the sender's or receiver's host or workstation, protected by
alarms or locked doors, for example. Nevertheless, you should notice that the
message is exposed in two layers of all intermediate hosts through which the
message may pass. This exposure occurs because routing and addressing are not
read at the bottom layer, but only at higher layers. The message is in the
clear in the intermediate hosts, and one of these hosts may not be especially
trustworthy.
Link encryption is invisible to the user. The
encryption becomes a transmission service performed by a low-level network
protocol layer, just like message routing or transmission error detection. Figure 3shows a typical link encrypted message, where the shaded fields
are encrypted. Because some of the data link header and trailer is applied
before the block is encrypted, part of each of those blocks is shaded. As the
message M is handled at each layer, header and control information is added on
the sending side and removed on the receiving side. Hardware encryption devices
operate quickly and reliably; in this case, link encryption is invisible to the
operating system as well as to the operator.
Figure 3 Message Under Link Encryption.
Link encryption is especially appropriate when
the transmission line is the point of greatest vulnerability. If all hosts on a
network are reasonably secure but the communications medium is shared with
other users or is not secure, link encryption is an easy control to use.
End-to-End Encryption
As its name implies, end-to-end encryption provides security from one end of a transmission
to the other. The encryption can be applied by a hardware device between the
user and the host. Alternatively, the encryption can be done by software
running on the host computer. In either case, the encryption is performed at
the highest levels (layer 7, application, or perhaps at layer 6, presentation)
of the OSI model. A model of end-to-end encryption is shown in Figure 4.
Figure 4 End-to-End Encryption.
Since the encryption precedes all the routing
and transmission processing of the layer, the message is transmitted in
encrypted form throughout the network. The encryption addresses potential flaws
in lower layers in the transfer model. If a lower layer should fail to preserve
security and reveal data it has received, the data's confidentiality is not
endangered. Figure 5 shows a typical message with end-to-end encryption, again with the
encrypted field shaded.
Figure 5 End-to-End Encrypted Message.
When end-to-end encryption is used, messages
sent through several hosts are protected. The data content of the message is
still encrypted, as shown in Figure 6, and the message is encrypted (protected against disclosure)
while in transit. Therefore, even though a message must pass through
potentially insecure nodes (such as C through G) on the path between A and B,
the message is protected against disclosure while in transit.
Figure 6 Encrypted Message Passing Through a Host.