- Layer 1: No common encryption done at this layer
- Layer 2: A common Place for encryption use proprietary encryption devices. These boxes scramble all of the data in an Ethernet frame except the MAC address information. Devices or programs encode and decode the information on-the-fly at each end.
- Layer 3: Only one common protocol encrypts at lyaer 3: IPsec. IP sec is typically done via software that takes the IP packet and encrypts everything insdie the packet, leaving only the IP addresses and a few other fields unencrypted.
- Layer 4: Neither TCP nor UDP offers any encryption methods
- Layers 6 and 6: Not common layers for encryption
- Layer 7: many applications use their own encryption, placing them squarely in layer 7.
Nonrepudiation
- simple means that the receiver of information is confident the sender is authentic
Hash
- Cyrptographic Hash Function: a mathematical function that you run on a string of binary digits of any length that results in a value of some fixed length
- Also known as a hash
- output is known as a checksum or a digest
- it is a one-way function which means it is irreversible
- should not be able to re-create the data
- should have a unique checksum for any two different input streams
- used most commonly to encrypt files
- Message-Digest Algorithm version 5 (MD5)
- Challenge-Response Authentication Mechanism-Message Digest 5(CRAM-MD5)
- a tool for server authentication
Digital Signatures
- Digital Signature: a string of ones and zeroes that can only be generated by the sender
PKI
- certifcate: a standardized type of digital signature that includes the digital signature of a third party
- public-key certificate: an electronic document that uses a digital signature to bind a public key with an identity
No comments:
Post a Comment