Security Protocols & Applications

An overview of the standard security protocols and applications that make use of cryptographic systems and cipher suites, and their current state of PQC integration.

Protocol/Application	Description	Security Aspect	Mechanism	Usage	OSI-Layer
Data Link Layer
MACsec	Media Access Control Security	Confidentiality	Pre-Shared Keys	Ethernet	2
CHAP	Challenge-Handshake Authentication Protocol	User Authentication	Hash, Challenge & Pre-Shared Secret	PPP (Point-to-Point)	2
PAP	Password Authentication Protocol	User Authentication	Username & Password	PPP (Point-to-Point)	2
Network Layer
AH	Authentication Header	Data Authentication & Integrity	Hash & Pre-Shared Secret	IPsec	3-4
ESP	Encapsulating Security Payload	Data Authentication, Integrity & Confidentiality	Hash, Pre-Shared Secret & Encryption	IPsec	3-4
IKEv2	Internet Key Exchange	User Authentication and Confidentiality	Diffie-Hellman Key Agreement & X.509 Certificates	IPsec	3-4
Transport Layer
TLS/SSL	Transport Layer Security/Secure Sockets Layer	User Authentication & Confidentiality	Diffie-Hellman Key Agreement & X.509 Certificates	TCP	4-7
DTLS	Datagram Transport Layer Security	User Authentication & Confidentiality	Diffie-Hellman Key Agreement & X.509 Certificates	UDP	4
SRTP/ZRTP	(Secure) Real-Time Transport Protocol	Data Authentication, Integrity & Confidentiality	Diffie-Hellman and Hash Key Agreement, Encryption & MAC	RTP	4-7
Application Layer
SSH	Secure Shell Protocol	User Authentication, Integrity & Confidentiality	Diffie-Hellman Key Agreement, X.509 Certificates, MAC, Password or Public Key Authentication & Encryption	-	7
OpenVPN	Open Virtual Private Network	User Authentication, Integrity, Confidentiality	Pre-Shared Keys, Diffie-Hellman Key Agreement (TLS), X.509 Certificates, Username & Password, MAC, Encryption	VPN	2-7
WireGuard	WireGuard Virtual Private Network	Data Authentication, Integrity, Confidentiality	Diffie-Hellman Key Agreement, MAC & Encryption	VPN	2-7
X.509	International Telecommunications Union (ITU) Standard	User Authentication, Integrity, Confidentiality	Digital Signatures & Certificates	Public Key Infrastructure (PKI)	7
DNSSEC	Domain Name System Security Extensions	Data Authentication & Integrity	Digital Signatures & Certificates	IP	7
S-MIME/PGP-MIME	Secure Multipurpose Internet Mail Extension	Data Authentication, Integrity & Confidentiality	Hybrid Encryption & Digital Signatures	E-Mail	7
PGP/GPG	Pretty Good Privacy/GNU Privacy Guard	Data Authentication, Integrity & Confidentiality	Hybrid Encryption & Digital Signatures	E-Mail	7
Kerberos/PKINIT	Authentication Service	User Authentication	Username, Password & Encryption	Network Communication	7
SSO (OAuth/LDAP/SAML/RADIUS)	Single Sign-on	User Authentication	Depends on Used Protocol	Network Communication	7
SFTP	SSH File Transfer Protocol	User Authentication and Confidentiality	SSH & Encryption	File Transfer	7
eIDs	Electronic Identification Documents	Data / User Authentication, Integrity & Confidentiality	Diffie-Hellman Key Agreement, Certificates & Encryption	Secure eCard / Terminal Communication	7
Signal	Signal Protocol	Data / User Authentication, Integrity & Confidentiality	Diffie-Hellman Key Agreement & Encryption	Secure Instant Messaging Protocol	7
Blockchain	DLTs (Distributed Ledgers)	Data / User Authentication, Integrity & Confidentiality	Hash, Digital Signatures, & Encryption	Peer-to-Peer Distributed Networks	2-7
TOR	Tor Network	Data / User Authentication, Integrity & Confidentiality	Diffie-Hellman Key Agreement & Encryption	Onion Routing	2-7

Wireless Networks

WPA/IEEE 802.x1/EAP
UMTS/LTE/5G
Bluetooth/IR/ZigBee
WSN

Others

PKCS (Public Key Cryptography Standards)
CMS (Cryptographic Message Syntax)
OPC UA (Open Platform Communication Unified Architecture)
L2TP (Layer 2 Tunneling Protocol)
SSTP (Secure Socket Tunneling Protocol)
GRE (Generic Routing Encapsulation)
QUIC (Quick)
S-RPC (Secure Remote Procedure Call)
FinTS/HBCI
PCT
SET
Telnet

Last modified November 29, 2021