Advertisement

Security versus performance requirements in data communication systems

  • Vasilios Zorkadis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)

Abstract

The research activities in secure computer networks have paid little attention to the tradeoff between security and other quality requirements of the communication service. This paper aims to introduce performance aspects regarding secure computer networks. First, we attempt to quantify the tradeoff between security and performance in secure data communication systems by means of queueing theory. Our second target is to reduce the performance degradation caused by the security mechanisms and protocols. For this purpose, optimization concepts are proposed. The key points in the optimization concepts are: preprocessing, message segmenting and compression. They have to be integrated or considered in secure communication protocols to improve their performance characteristics. Preprocessing aims to exploit the idle periods of the system (e.g., computer or special crypto-chip), to take the stochastic nature of such communication processes into consideration, e.g., using the OFB-mode for generating (pseudo) random bit sequences after connection establishment. Segmenting is proposed for long messages in order to better exploit the pipeline nature of communication systems. Also, compression is discussed as a means to further improve the performance measures of secure communication.

Keywords

Access Control Service Time Security Service Security Mechanism Idle Period 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    D. Chaum: Security Without Identification: Transaction Systems to Make Big Brother Obsolete, Communications of the ACM, Oct. 1985, V. 28, No. 10, pp. 1030–1044.CrossRefGoogle Scholar
  2. 2.
    D. W. Davies, W. L. Price: Security for Computer Networks, John Willey & Sons, Inc., Second Edition, 1989.Google Scholar
  3. 3.
    D. Gollmann, T. Beth, F. Damm: Authentication services in distributed systems, Computers & Security, 12 (1993), pp. 753–764.Google Scholar
  4. 4.
    M. J. Johnson: Using high-performance networks to enable computational aerosciences applications, Proc. of the IFIP WG6.1/WG6.4 Third International Workshop on Protocols for High-Speed Networks, Stockholm, Sweden, 13–15 May, 1992, pp. 137–152.Google Scholar
  5. 5.
    R. R. Jueneman: Analysis of Certain Aspects of Output Feedback Mode, Proc. of CRYPTO 1982, Advances in Cryptology, Plenum Press 1983, pp. 99–127.Google Scholar
  6. 6.
    L. Kleinrock: Queueing Systems, Volume I: Theory, John Willey & Sons, Inc. 1975.Google Scholar
  7. 7.
    A. Pfitzmann, M. Waidner: Networks without User Observability, Computers & Security, 6 (1987), pp. 158–166.Google Scholar
  8. 8.
    W. Stallings: SNMP, SNMPv2 and CMIP: the practical guide to network management standards, Addison-Wesley Publishing Company, Inc., 1993.Google Scholar
  9. 9.
    J. J. Tardo, K. Alagappan: SPX: Global Authentication Using Public Key Certificates, Proc. 1991 IEEE Computer Society Symposium on Research in Security and Privacy, May 20–22, 1991, pp. 232–244.Google Scholar
  10. 10.
    A. S. Tanenbaum: Computer Networks, Prentice-Hall International Editions, Second Edition, 1989.Google Scholar
  11. 11.
    ISO 7498-2: Security Architecture.Google Scholar
  12. 12.
    CCITT 509: Authentication Framework.Google Scholar
  13. 13.
    ANS CO+RE Systems, Inc.: Interlock 2.1 and ANSKeyRing, (18.08.1993).Google Scholar
  14. 14.
    D. Bertsekas, R. Gallager: Data Netwotks, Prentice-Hall International Editions, 1987.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Vasilios Zorkadis
    • 1
  1. 1.FZI Forschungszentrum Informatik an der Universität KarlsruheGermany

Personalised recommendations