Link Encryption occurs independently on every link, which could be done at Physical Layer# or Data Link Layer#. This means that the devices should encrypt and decrypt the traffic using paired keys. It encrypts not only the user data but also the header, routing information and destination address, which harden the internal communication channel from monitoring and eavesdropping. Thus, it is recommended as a solution to traffic flow protection#
Link Encryption
- TNS3131 Chapter 2: Conventional Encryption and Message Confidentiality
-
Remote Access Dial-In User Service (RADIUS)
RADIUS is a #User Datagram Protocol (UDP) developed by Livingston Enterprises in mid-1990s which provides centralised #Triple A (AAA) services to their network access server (NAS) devices. It supports Link Encryption# and maximum attribute data size of 255 octets (8 bit). It has implicit support of agent support, meaning the agent behaviours might be implemented in a RADIUS server. RADIUS protocol is standardised by RFC 2138, RFC 2139, RFC 2865, RFC 2866 and RFC 2869.
-
End-to-end Encryption (e2e)
It doesn’t protect the traffic flow as in Link Encryption.
-
Diameter
Diameter is a new #Triple A (AAA) protocol standardised by RFC3588 and RFC4005. It is derived from and aim to replace Remote Access Dial-In User Service (RADIUS) (also provides the transition support) with enhancements such as error handling and message delivery reliability. Instead of relying on a central AAA server, it employs a peer-to-peer architecture, which means that every host or node that implements Diameter could act as either a server or client, with additional support of peer discovery via static configuration or dynamic lookup. The protocols in used by Diameter are connection-oriented protocols such as #Transmission Control Protocol (TCP) and Stream Control Transmission Protocol (SCTP) with a maximum attribute data size of 16,777,215 octets (8 bit). It supports both Link Encryption# and End-to-end Encryption (e2e)#.