In this chapter, we've examined the various mechanisms that our
secret lovers, Bob and Alice, can use to communicate "securely."
We've seen that Bob and Alice are interested in secrecy (so that they alone
are able to understand the contents of a transmitted message), authentication
(so that they are sure that they are talking with each other), and message
integrity (so that they are sure that their messages are not altered in
transit). Of course, the need for secure communication is not confined
to secret lovers. Indeed, we saw in section 7.1 that security is needed
at various layers in a network architecture to protect against "bad guys"
who may sniff packets, remove packets from the network, or inject falsely
addressed packets into the network.
The first part of this chapter presented various principles underlying secure communication. We covered cryptographic techniques for coding and decoding data in Section 7.2, including both symmetric key cryptography and public key cryptography. DES and RSA were examined as specific case studies of these two major classes of cryptographic techniques in use in today's networks. In section 7.3 we turned our attention to authentication, and developed a series of increasingly sophisticated authentication protocols to ensure that a conversant is indeed who he/she claims to be, and is "live." We saw that both symmetric key cryptography and public key cryptography can play an important role not only in disguising data (encryption/decryption), but also in performing authentication. Techniques for "signing" a digital document in a manner that is verifiable, non-forgible, and non-repudiable were covered in Section 7.4. Once again, the application of cryptographic techniques proved essential. We examined both digital signatures and message digests - a shorthand way of signing a digital document. In section 7.5 we examined key distribution protocols. We saw that for symmetric key encryption, a key distribution center - a single trusted network entity - can be used to distribute a shared symmetric key among communicating parties. For public key encryption, a certification authority distributes certificates to validate public keys.
Armed with the techniques covered in sections 7.2 through 7.5, Bob and
Alice can communicate securely (one can only hope that they are networking
students who have learned this material and can thus avoid having their
tryst uncovered by Trudy!). In the second part of this chapter we
thus turned our attention to the use of various security techniques in
networks. In section 7.6, we used e-mail as a case study for application-layer
security, designing an e-mail system that provided secrecy, sender
authentication and message integrity. We also examined the use of
pgp as a public-key e-mail encryption scheme. Our cases studies continued
as we headed down the protocol stack and examined
the secure sockets layer (SSL) and secure electronic transactions,
the two primary protocols in use today for secure electronic commerce.
Both are based on public key techniques. Finally, in section 7.8
we examined a suite of security protocols for the IP layer of the Internet
- the so-called IPsec protocols. These can be used to provide secrecy,
authentication and message integrity between two communication IP devices.