In the next subsections we will examine them
briefly.
2.1 Application Layer Protocols
Many different protocols, such as SSH, Secure FTP,
were developed to accomplish secure data transfer.
As an example SSH, the Secure Shell(Saito, et.al.,
2002), is widely used as a secure remote terminal
software. The SSH can make one login to a remote
computer over insecure networks, execute
commands, and transfer files between a remote
computer and a local computer(Saito, et.al., 2002). It
is very clear that SSH can only satisfy remote login
procedures securily, likewise SecureFTP can only
handle secure transmission of FTP protocol
commands and data. Other secure applications can
command only for secure data created by them. All
these applications have individual solutions for
secure communication that prevents standardization
and centric management.
Secure Socket Layer (SSL) is another application
layer protocol and compatible with applications
running only over TCP, but some modifications are
required for the applications to run over SSL. It can
not handle UDP, ICMP, etc. packets. SSL protocol
needs some negotiation data to be exchanged
between client/server applications. Although it
ensures message integrity and packet authentication,
the created overhead and hash algorithms (MD5,
SHA1) slow down the data transfer(Alshamsi and
Saito, 2005) (see Table 1).
Table 1: SSL Handshake Time (Alshamsi and Saito,
2005).
Mode Establishing
Servet Authentication 41.7 msec
Client Authentication 74.8 msec
2.2 Transport Layer Protocols
Internet Engineering Task Force (IETF) has
standardized SSL under the name Transport Layer
Security (TLS)(Yasinsac and Childs, 2001). Any
application that runs over TCP can also run over
TLS. There are many examples of applications such
as TELNET and FTP running transparently over
TLS. However, TLS is most widely used secure
transport layer below
HTTP(http://searchsecurity.techtarget.com)(RFC
2402). TLS is still insufficient to solve problems of
SSL.
TLS uses a handshake mechanism to exchange
public keys. However, data items exchanged during
TLS handshake increase the latency of HTTP
transactions(Apostoloupos, et.al., 1999).
2.3 Network Layer Protocols
IPSec (Internet Protocol Security) is a framework for
a set of protocols for security at the network or
packet processing layer of network
communication(http://searchsecurity.techtarget.com)
. IPSec provides security at network layer between
two applications independent of the protocol being
used. We can say that it is the only protocol
independent solution for secure communication.
IPsec provides two choices of security service:
AH (Authentication Header), which essentially
allows authentication of the sender of data, and ESP
(Encapsulating Security Payload), which supports
both authentication of the sender and encryption of
data as well. The specific information associated
with each of these services is inserted into the packet
in a header that follows the IP packet header
(http://searchsecurity.techtarget.com)(RFC2402)(RF
C 2406).
IPSec uses extra header information during the
secure data transfer. Its goal is to support
authenticity. However, extra data causes extra time
for the transmitted secure information as in
SSL/TLS. IPSec protocols must cope with reliability
and fragmentation issues, adding their complexity
and processing overhead
. SSL/TLS, in contrast, rely
on a higher level layer TCP (OSI Layer 4) to
manage reliability and fragmentation
(http://en.wikipedia.org).
A main disadvantage of IPSec is its hardly
configurable structure. Although IPSec supports
encryption for all IP protocols, its handshake
mechanism is slower than SSL handshake
mechanism (see Table 1, 2). In most cases IPSec
does not interoperate well, so both sides of
connection are required to have the same vendor’s
devices(Alshamsi and Saito, 2005).
Table 2: IPSec Handshake Time.
Mode Establishing
Main Mode (PSK) 97 msec
Aggresive Mode (PSK) 56 msec
Main Mode (RSA) 170 msec
SECRYPT 2006 - INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY
212