Differentiating Data Security and Network Security

Data security, since antiquity, relies on cryptography. Cryptography is as good as the inability of a person or a computing machine to "break" the generated cipher code. It has been demonstrated that this inability is temporary because some strong cryptographic methods that were believed to be unbreakable have been broken. Thus, as cryptography is seeking new and more difficult cryptographic venues, cryptoanalysts become increasingly sophisticated in breaking codes. However, both ciphertext and secret keys are transported over the communications network from where, with proper means, they can be harvested for analysis, and furthermore to impersonate a source, or cause service denial. Thus, in addition to hard ciphers for data encryption and sophisticated distribution methods, the network itself needs to be attack-hard and attack-smart. That is, the network should have appropriate mechanisms that monitor and detect attacks, intelligence that discriminates between degradations/failures and attacks, and also protocols for robust countermeasure strategies to outsmart the attacker. Thus, although "data security" deals with ciphering client-originating payload, "network security" deals with the secure transport of data. Because the latter is a relatively new topic, it requires more insight and particularly a thorough understanding of fault/degradation mechanisms and attack scenarios and how they distinguished. In this paper we outline data security and differentiate from network security. Additionally, we describe a method for detecting the channel signature and how it is used to discriminate between degradation/failure and attacks and thus enhance network security. Moreover, we describe a method for attack detection and countermeasure strategies.