Three technologies of network data encryption

Source: Internet
Author: User
As a basic technology, data encryption is the cornerstone of all communication security. The process of data encryption is implemented by various encryption algorithms, which provide great security protection at a very small cost. In most cases, data encryption is the only way to ensure information confidentiality. According to incomplete statistics, so far, the public has published a variety of encryption algorithms up to hundreds of kinds. These encryption algorithms can be divided into conventional cryptographic algorithms and public-key cryptography if they are classified according to the same key. In a regular password, the recipient and originator use the same key, that is, the encryption key and the encryption key are identical or equivalent. The more well-known conventional cryptography algorithms are: The United States Des and its various variants, such as Triple DES, Gdes, New des and Des, the predecessor of Lucifer; Idea in Europe, Fealn, loki91, skipjack, RC4, RC5, as well as the substitution of the password and the runner password for the representative of the classical password. The most important influence in many common passwords is the des password. The advantage of a regular password is that it has a strong confidentiality strength and withstands time testing and attacks, but its key must be transmitted in a secure way. Therefore, its key management becomes the important factor of system security. In a public key password, the recipient and originator use different keys, and it is almost impossible to deduce the decryption key from the encryption key. The most famous public key cryptography algorithms are: RSA, backpack cipher, mceliece cipher, Diffehellman, Rabin, Ongfiatshamir, 0 knowledge proof algorithm, elliptic curve, eigamal algorithm and so on. The most influential public-key cryptography algorithm is RSA, which resists all password attacks known to date. The advantage of public key cryptography is that it can adapt to the open requirement of the network, and the key management problem is simple, especially it can realize digital signature and verification conveniently. But its algorithm is complex, the rate of encrypting data is low. However, with the development of modern electronic technology and cryptography technology, public-key cryptography will be a promising network security encryption system. Of course, in practical applications, people usually combine regular passwords with public-key passwords, such as using DES or idea to encrypt information and using RSA to pass session keys. If you classify the bits processed by each encryption, you can divide the encryption algorithm into a sequence cipher and a grouped cipher. The former encrypts only one bit at a time, and the latter groups the information sequence at a time. Cryptography technology is one of the most effective technologies for network security. A cryptographic network that not only prevents unauthorized users from tapping and accessing the Internet, but is also one of the most effective ways to deal with malicious software. General data encryption can be implemented at three levels of communication: Link encryption, node encryption, and End-to-end encryption. Link encryption for a communication link between two network nodes, link encryption can provide security for the data transmitted on the Internet. For link PlusSecret (also known as online encryption), all messages are encrypted before being transmitted, decrypted at each node, and then encrypted with the next link key, then transmitted. A message may pass through many communication links before it reaches its destination. All data on the link, including routing information, appears in ciphertext, as each intermediate transmission node message is decrypted and encrypted again. This way, link encryption masks the source and end of the message being transmitted. Because of the use of padding techniques and the fact that the padding characters can be encrypted without the need to transmit data, the frequency and length characteristics of the message are masked, thus preventing the analysis of the communication business. Although link encryption is used fairly widely in the computer network environment, it is not without problems. Link encryption is typically used on point-to-point synchronous or asynchronous lines, which require that the cryptographic devices at both ends of the link be synchronized, and then use a chain pattern to encrypt the data transmitted on the link. This brings a side effect to the performance and manageability of the network. In the line/signal often impassability overseas or satellite networks, the link encryption devices need to synchronize frequently, the result is data loss or retransmission. On the other hand, even a small fraction of the data needs to be encrypted, which makes all transmitted data encrypted. In a network node, link encryption only provides security on the communication link, the message exists in clear text, so all nodes must be physically secure, otherwise the plaintext content will be leaked. However, ensuring the security of each node requires a higher cost, the cost of providing encryption hardware devices and a secure physical environment for each node consists of the following parts: The employee cost of securing node physical security, and the cost of auditing to ensure proper execution of security policies and procedures, And the cost of taking part in insurance to prevent damage to security. In traditional encryption algorithms, the key used to decrypt a message is the same as the key used for encryption, which must be kept secret and changed according to certain rules. In this way, key allocation is a problem in the link encryption system, because each node must store the encryption key of all the links to which it is connected, which requires physical transfer of the key or establishment of a dedicated network facility. The geographical distribution of network nodes makes the process complex and increases the cost of the key continuous distribution. Node encryption Although node encryption can provide high security for network data, it is similar to link encryption in operation mode: both provide security for message transmission on the communication link; The message is decrypted before the middle node, and then encrypted. Because all transmitted data is encrypted, the encryption process is transparent to the user. However, unlike link encryption, node encryption does not allow messages to exist in plaintext in network nodes, which firstThe message is decrypted and then encrypted with another different key, which is done in a security module on the node. Node encryption requires that headers and routing information be transmitted in clear text so that intermediate nodes can get information about how messages are processed. This approach is therefore vulnerable to preventing attackers from analyzing the communications business. End-to-end encryption allows data to remain in ciphertext throughout the transmission from source to endpoint. With End-to-end encryption (also known as Off line encryption or packet encryption), messages are not decrypted until they are transmitted, because messages are protected throughout the transmission, so even if a node is corrupted, the message is not compromised. End-to-end encryption systems are cheaper and more reliable and easier to design, implement, and maintain than link encryption and node encryption. End-to-end encryption also avoids the synchronization problems inherent in other cryptographic systems, because each packet is encrypted independently, so a packet transmission error does not affect subsequent packets. In addition, End-to-end encryption is more natural from a user's intuitive sense of security requirements. This method of encryption may be used by a single user so that it does not affect other users on the network, only the source and destination nodes are confidential. An End-to-end encryption system usually does not allow the destination address of the message to be encrypted, because every message that passes through the node uses this address to determine how the message is transmitted. Since this encryption method cannot conceal the source and endpoint of the transmitted message, it is vulnerable to preventing an attacker from analyzing the communications business. To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original text: Network data encryption three technology return to network security home

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.