Computer cryptography provides building blocks for constructing network security protocols. These building blocks include symmetric-key encryption algorithms, public-key encryption algorithms, key-generation and key-exchange algorithms, cryptographic hash functions, authentication algorithms, digital signatures, and public-key infrastructures. We call these building blocks cryptographic algorithms.
To protect network communications, one may deploy cryptographic algorithms at any layer in the network architecture. The use of cryptographic algorithms at different layers offers different degrees of protection. This technique of placing algorithms within the different network layers is the first issue discussed in this chapter.
We then introduce common network security protocols used in practice. These protocols include the X.509 public-key infrastructure (PKI), the IP security protocol at the network layer (IPsec), the Secure Sockets Layer protocol at the transport layer (SSL/TLS), and several application-layer security protocols, including Pretty Good Privacy (PGP), Secure/Multipurpose Internet Mail Extension (S/MIME), Kerberos, Secure Shell (SSH), and an electronic voting protocol.
5.1 Crypto Placements in Networks
TCP/IP is the dominant networking technology today. It is a five-layer architecture. These layers are, from top to bottom, the application layer, the transport layer (TCP), the network layer (IP), the data-link layer, ...