What is hop-by-hop encryption? Can you explain what some of the pros and cons would be for an enterprise to utilize this type of email encryption?
It's probably easier to explain hop-by-hop encryption if I first explain what end-to-end encryption is. End-to-end encryption is when Alice sends data that is encrypted to Bob via John, so John can't read it or modify it. If Alice sends the encrypted data to John, who decrypts it and then encrypts it again for delivery to Bob, this is termed hop-by-hop encryption, as the data is decrypted and encrypted at each stage of its journey. Since John can read the message as plaintext during the decryption encryption process, you have to trust John as a relaying party.
You may wonder what the advantage of doing this is, particularly as the data is susceptible to a man-in-the-middle attack by John. Although hop-by-hop encryption is not specifically designed for use with email systems, let's use this scenario in a simple example. An organization has several mail servers spread across the country and its security policy states all internal emails have to be encrypted. This is quite a complex policy to enforce using end-to-end encryption. Each employee would need the digital signature of every colleague they wished to email – an impractical undertaking for the CEO who wants to send a seasonal greeting to every member of the staff!
By using hop-by-hop encryption between the enterprise's email servers -- server-to-server encryption -- the policy can easily be implemented as all email traffic between them will be encrypted. Only the servers need to share encryption keys. This approach also allows each mail server to inspect the contents of incoming and outgoing emails to ensure local information security policies are being followed, since the traffic passing through them is decrypted before being forwarded.
The IEEE MAC Security standard, known as 802.1AE or MACSec, and the more recently adopted 802.1x REV, which automates 802.1AE authentication and key management requirements, defines a set of protocols for protecting data traversing Ethernet LANs using hop-by-hop encryption. It operates at Layer 2 -- the data link layer -- and provides data confidentiality, data integrity and data origin authentication and allows unauthorized connections to be identified and excluded from communication within a network. By assuring data came from the device that claimed to send it, MACSec can mitigate against man-in-the-middle attacks.
MACSec complements Layer 3 end-to-end security technologies such as IPSec and TLS, as it is transparent to higher-layer protocols and can protect any type of traffic carried over Ethernet, whereas IPSec can only handle IP traffic. It also eliminates the complexities of creating Layer 3 security policies, which can get overly complex in terms of configuration. It also reduces the processing overhead required by IPSec, ideal when low-latency, high-volume data transmission is required, such as VoIP or high-speed data transmission between data centers.
This was first published in August 2011