An analysis of two layers of encryption to protect network traffic

Abstract

In this thesis, we attempt to analyze the effectiveness of defense-in-depth mechanisms. As an example of defense-indepth, we study two layers of encryption to protect network traffic. At a quick glance, two layers of encryption appear to provide some strong security benefits including increased host- and network-level security, increased cryptographic strength, and a backup layer of encryption. However, intuition and quick glances should not be relied upon in the field of Information Assurance. The intent of this thesis is to quantitatively show the increase in security the extra layer of encryption provides and to compare this information with the cost of the extra security. This thesis proposes two architectures with one layer of encryption and and several architectures with two layers of encryption. It quickly compares these architectures and then starts a more in-depth analysis of the best two-layer architecture using Fault Tree Analysis. The thesis presents the results from the study, provides some recommendations based on the results, and discusses future work in this field