Figure
shows the
methods of protection implemented on different layers. With implementation of
encryption on one layer, this layer and all layers above it are automatically
protected. Network layer protection offers one of the most flexible solutions.
It is media independent as well as application independent.
Providing
privacy and other cryptographic services at the application layer was also very
popular in the past. In some situations, it is still heavily used today.
However, application layer security is application specific and protection
methods need be reimplemented in every application.
Some standardization
has been successful at Layer 4 of the OSI model with protocols such as Secure
Socket Layer (SSL) providing privacy, authenticity, and integrity to TCP-based
applications. SSL is used heavily in modern e-commerce sites. However, SSL
fails to address the issues of flexibility, ease of implementation, and
application independence. One of the latest technologies available, Transport
Layer Security (TLS), can be used to address many of the limitations of
SSL.
Protection at lower levels of the OSI stack, especially the Data
Link layer, was also used in communication systems of the past. This provided
protocol independent protection on specific untrusted links. However, Data Link
layer protection is expensive to deploy on a large scale because there is a
need to protect every single link separately. Data Link layer protection allows
for man-in-the-middle attacks on intermediate stations, or routers, and is
usually proprietary.
Layer 3 is currently the most popular level to apply
cryptographic protection to network traffic.