beautypg.com

Technical overview, Data encryption – Allied Telesis AT-S62 User Manual

Page 495

background image

AT-S62 User’s Guide

Section VII: Management Security

495

Technical Overview

The encryption feature provides the following data security services:

❑ data encryption

❑ data authentication

❑ key exchange algorithms

❑ key creation and storage

Data

Encryption

Data encryption for switches is driven by the need for organizations to
keep sensitive data private and secure. Data encryption operates by
applying an encryption algorithm and key to the original data (the
plaintext) to convert it into an encrypted form (the ciphertext). The
ciphertext produced by encryption is a function of the algorithm used
and the key. Since it is easy to discover what type of algorithm is being
used, the security of an encryption system relies on the secrecy of its key
information. When the ciphertext is received by the remote router, the
decryption algorithm and key are used to recover the original plaintext.
Often, a checksum is added to the data before encryption. The
checksum allows the validity of the data to be checked on decryption.

There are two main classes of encryption algorithm in use: symmetrical
encryption and asymmetrical encryption.

Symmetrical Encryption

Symmetrical encryption refers to algorithms in which a single key is used
for both the encryption and decryption processes. Anyone who has
access to the key used to encrypt the plaintext can decrypt the
ciphertext. Because the encryption key must be kept secret to protect
the data, these algorithms are also called private, or secret key
algorithms. The key can be any value of the appropriate length.

DES Encryption Algorithms

The most common symmetrical encryption system is the Data Encryption
Standard (DES) algorithm (FIPS PUB 46). The DES algorithm has
withstood the test of time and proved itself to be a highly secure
encryption algorithm. To fully conform to the DES standard, the actual
data encryption operations must be carried out in hardware. Software
implementations can only be DES-compatible, not DES-compliant. The
DES algorithm has a key length of 56 bits and operates on 64-bit blocks
of data. DES can be used in the following modes:

See also other documents in the category Allied Telesis Computer hardware: