Network security
Network security

This free course is available to start right now. Review the full course description and key learning outcomes and create an account and enrol if you want a free statement of participation.

Free course

Network security

5.4 Link layer encryption and end-to-end encryption compared and combined

Activity 9

Comparing end-to-end encryption with link layer encryption, which do you think is better?


It would be tempting to believe that end-to-end encryption is the more secure method since the user data is encrypted for the entire journey of the data packets. However, the addressing information is transmitted in the clear and this allows, at the least, traffic analysis to take place.

Much useful information can be gleaned by learning where messages come from and go to, when they occur, and for what duration and frequency, as described in Section 3.3.

In contrast, with a link layer encryption system the data is at risk in each node since that is where the unencrypted data is processed. Furthermore, link layer encryption is expensive because each node has to be equipped with the means to carry out encryption and decryption.

An effective way of securing a network is to combine end-to-end with link layer encryption. The user data portion of a packet is encrypted at the host using an end-to-end encryption key. The packet is then transported across the nodes using link layer encryption, allowing each node to read the header information but not the user data. The user data is secure for the entire journey and only the packet headers are in the clear during the time the packet is processed by any node.


A network security manager in an organisation has overall responsibility for ensuring that networks are operated in a secure manner. From the manager's perspective, what level of encryption would be most suitable and why?


Link layer encryption may be viewed as disadvantageous because of the possible vulnerability of nodes outside the organisation. Application layer encryption can be implemented directly and individually by users of applications, but is not necessarily under the control of a network manager. A network layer approach, however, allows implementation of organisational security policies in terms of IP addressing for example, and is also transparent to users.

In considering the application of any encryption scheme, the cost in terms of network delay, increased overheads and finance must be weighed against the need for protection. As always, there is a need to balance the advantages of a more secure network against the disadvantages of implementing security measures and the potential costs of data interception and network attack.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has over 40 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to university level study, find out more about the types of qualifications we offer, including our entry level Access courses and Certificates.

Not ready for University study then browse over 900 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus