Information Technology Reference
In-Depth Information
used only by authorized users. Most encryption algorithms require the user to have
knowledge of the secret keys. IPsec is an example of a security protocol framework that
uses encryption algorithms to hide the IP packet payload during transmission.
Encryption Keys
An encryption session between two endpoints needs a key to encrypt the traffic and a
key to decrypt the traffic at the remote endpoint. There are two ways to send a key to the
remote endpoint:
Shared secrets
■
Key
To p i c
Both sides can use the same key or use a transform to create the decryption key.
■
The key is placed on the remote endpoint out of band.
■
This is a simple mechanism, but it has security issues because the key does not
change frequently enough.
■
PKI
■
It relies on asymmetric cryptography, which uses two different keys for encryption.
■
Public keys are used to encrypt and private keys to decrypt.
■
PKI requires a certificate to be issued by a certificate authority (CA) and is used
by many e-commerce sites on the Internet.
■
Figure 12-11 shows what occurs during the encryption process using shared secret keys.
Protect Me, Please!
Protect Me, Please!
Data Is Secured
!@#@!>@>#$@?
Encrypt (Lock) with
Secret Key
Decrypt (Unlock)
with Secret Key
Figure 12-11
Encryption Keys
VPN Protocols
There are several VPN protocols to choose from, each with varying benefits and uses:
Standard IPsec
■
Key
■
secure data.