2.2
Security protocols used at the application layer.
Interesting
The application layer is the topmost in the Open Systems Interconnection (OSI) model [10], as depicted in Figure 7. It provides different methods for handling data, allowing users to easily access the network. This layer interacts directly with applications, offering standard web application services. It plays a critical role by performing essential functions needed for any communication or application process.
+
Figure 7. OSI layers.
Figure 7. OSI layers.
Application layer protocols operate at this top layer within both the OSI and TCP/IP models. They enable seamless communication and data exchange between software applications across different network devices. These protocols establish the rules and standards that allow applications to connect, communicate, and share information efficiently over a network. Common application protocols include: TELetype NETwork (TELNET), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Hypertext Transfer Protocol (HTTP) and Domain Name System (DNS). They are presented in table 3.
Table 3. Application layer protocols
Protocol
Description
TELNET
It assists with terminal emulation and is commonly used for managing files over the internet, such as during the initial setup of network devices like switches.
FTP
It facilitates file transfers by enabling the sharing of files between remote computers, ensuring reliable and efficient data transmission.
SMTP
It facilitates the exchange of emails across the internet. It ensures that messages are delivered to the recipient's mail server.
HTTP
It is enables data transferring on the World Wide Web. It defines how messages are formatted and transmitted, and it establishes the rules for communication between web browsers (clients) and web servers.
DNS
It enables computers to identify each other on the internet, by translating human-readable domain names into IP addresses
Application layer protocols were originally designed without robust security in mind. However, various security enhancements and equivalent secure protocols have been introduced over the time, to protect data integrity, confidentiality, and authentication.
Some of the widely used security protocols [12] at the application layer include:
Definition
Secure Shell (SSH), replacing TELNET, is a protocol for securely accessing remote servers, providing encrypted communication, and preventing eavesdropping or man-in-the-middle attacks.
Definition
FTP Secure (FTPS) secures data transmission adding Secure Sockets Layer/ Transport Layer Security (SSL/TLS) encryption to FTP.
SSL/TLS are cryptographic protocols that provide secure communication over a network by encrypting data and ensuring both parties' authenticity. FTPS uses standard FTP ports, but wraps the communication in an encrypted layer.
Definition
STARTTLS (SMTP SSL/TLS) is an extension to SMTP that encrypts plain text connections using SSL/TLS.
Definition
SMTPS, referring to SMTP over SSL, secures email transactions. It uses SSL/TLS from the start of the connection to secure the entire communication
Definition
Hypertext Transfer Protocol Secure (HTTPS) is a secure version of HTTP that encrypts communication between a browser (client) and a web server using SSL/TLS. This ensures that sensitive data, such as passwords or financial information, is transmitted securely.
Definition
Domain Name System Security Extensions (DNSSEC) adds a layer of security to DNS by providing authentication of DNS responses. It uses digital signatures to verify that the DNS data being received is from a trusted source and has not been tampered with.