D-Link DFL-2500 User Guide - Page 217
Authentication & Integrity
![]() |
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 217 highlights
198 Chapter 20. VPN Basics the critical keying information is not transmitted through the insecure connection. 20.2.2 Authentication & Integrity In addition to encryption, Authentication methods are necessary to ensure the integrity and authenticity of encrypted data. One might easily think that encryption provides good enough protection; it does after all ensure that the information is transferred in unreadable ciphertext. However, encryption does not provide any sort of protection against alteration of the encrypted data and nothing about the user's identity. If someone can intercept the encrypted data stream and modify it, the result on the receiving end, after decryption, would also be altered. The end result of the modifications would certainly be unpredictable to the person intercepting the data stream, but if his goal is to harm in subtle ways, modification of the encrypted data may certainly be enough. What if, for instance, a document is sent for printing in hundreds of thousands of copies, and the text is garbled on every tenth page? Another undesired case is the so called man-in-the-middle attack, where a third party intercepts the public keys from the exchange of 2 sides and reply by bogus keys. This way, the man in the middle establishes 2 secured connections to both sides, and can decrypt their conversations freely. These cases are where authentication mechanism comes into play. Authentication serves to prove to the recipient that the data was actually sent by the person claiming to have sent it. And more importantly, it proves that the data has not been altered after leaving the sender. The mechanism is accomplished by the use of Digital Signature and Certificate. Digital Signature A digital signature is a stamp that is used to prove the identity of one person, and to ensure the integrity of the original message. The signature is created using the asymmetric encryption scheme; it cannot be imitated by someone else, and the sender cannot easily repudiate the message that has been signed. The procedure of producing a digital signature works as follows: D-Link Firewalls User's Guide
![](/manual_guide/products/dlink-dfl2500-user-guide-83bdca9/217.png)