In this chapter, we've examined the various mechanisms that our secret
lovers, Bob and Alice, can use to communicate "securely." We've seen that
Bob and Alice are interested in secrecy (so that they alone are able to
understand the contents of a transmitted message), authentication (so that they
are sure that they are talking with each other), and message integrity (so that
they are sure that their messages are not altered in transit). Of course, the
need for secure communication is not confined to secret lovers. Indeed, we saw
in section 7.1 that security is needed at various layers in a network
architecture to protect against "bad guys" who may sniff packets, remove packets
from the network, or inject falsely addressed packets into the network.
The first part of this chapter presented various principles underlying secure communication. We covered cryptographic techniques for coding and decoding data in Section 7.2, including both symmetric key cryptography and public key cryptography. DES and RSA were examined as specific case studies of these two major classes of cryptographic techniques in use in today's networks. In section 7.3 we turned our attention to authentication, and developed a series of increasingly sophisticated authentication protocols to ensure that a conversant is indeed who he/she claims to be, and is "live." We saw that both symmetric key cryptography and public key cryptography can play an important role not only in disguising data (encryption/decryption), but also in performing authentication. Techniques for "signing" a digital document in a manner that is verifiable, non-forgible, and non-repudiable were covered in Section 7.4. Once again, the application of cryptographic techniques proved essential. We examined both digital signatures and message digests - a shorthand way of signing a digital document. In section 7.5 we examined key distribution protocols. We saw that for symmetric key encryption, a key distribution center - a single trusted network entity - can be used to distribute a shared symmetric key among communicating parties. For public key encryption, a certification authority distributes certificates to validate public keys.
Armed with the techniques covered in sections 7.2 through 7.5, Bob and Alice
can communicate securely (one can only hope that they are networking students
who have learned this material and can thus avoid having their tryst uncovered
by Trudy!). In the second part of this chapter we thus turned our
attention to the use of various security techniques in networks. In
section 7.6, we used e-mail as a case study for application-layer security,
designing an e-mail system that provided secrecy, sender authentication
and message integrity. We also examined the use of pgp as a public-key
e-mail encryption scheme. Our cases studies continued as we headed down
the protocol stack and examined
the secure sockets layer (SSL) and secure
electronic transactions, the two primary protocols in use today for secure
electronic commerce. Both are based on public key techniques.
Finally, in section 7.8 we examined a suite of security protocols for the IP
layer of the Internet - the so-called IPsec protocols. These can be used
to provide secrecy, authentication and message integrity between two
communication IP devices.