Link encryption (sometimes called link level or link layer encryption) is the data security process of encrypting information at the data link level as it is transmitted between two points within a network. Data, which is plaintext in the host server, is encrypted when it leaves the host, decrypted at the next link (which may be a host or a relay point), and then reencrypted before it continues to the next link. Each link may use a different key or even a different algorithm for data encryption. The process is repeated until the data has reached the recipient.
Link encryption takes place in the lowest protocol layers (layers 1 and 2 in the OSI model). Because the process protects the message in transit, link encryption is very useful in situations where the security of the transmission line is not assured. However, because the message is decrypted at each host in the transmission path, vulnerability can arise at a link when the message must be transmitted between hosts that are not known to be secure.
Link encryption has been used successfully within organizations, including the military, where the security of each link can be assured. It isn't feasible over the Internet, because intermediate links are neither accessible nor secure.
This was first published in March 2001