The importance of communication security is increasing, because more and more valuable information is being transferred over computer networks. As of now, the provision of security (namely confidentiality, integrity, and authenticity) is an all-or-nothing issue: security is either provided to the maximum extent possible, or not at all. Offering security can be very expensive in terms of ease of use, management requirements, and computing overhead. As a consequence, security is often regarded as bad, not worth the benefits it provides. Currently, there are no mechanisms to fine-tune the strength of offered security and have applications use just the right amount of security to deter attackers. In this thesis, dynamic aspects of security are explored. This covers Quality of Service (QoS) models and requirements for security, secure multimedia protocols, and peer and component authentication. Each of these issues is examined, and its dynarnic properties are shown. The experimental platforms Da CaPo and WaveVideo are used to prototype some of the results. In essence, it is shown that it is possible to provide fine-grained, scalable security to applications and aIlow them to select at runtime the required amount of processing overhead necessary to achieve sufficient security. The work first demonstrates the need for dynamic security and defines and discusses the fundamental properties of different aspects of security. These include the available cryptographic mechanisms and their properties, and where to place security functionality in a communication system. In conclusion, a coarse-grained system model is proposed. The then following exarnination of the state of the art clearly shows that the concept of merging security and QoS is novel. The same is true for protocols that provide a dynamically configurable amount of security, and for dynamically composable peer-authentication protocols with different properties. In the next part, the focus is placed on QoS and security: the goal is to model dedicated security QoS parameters and to integrate them with
[1]
S. O'Malley,et al.
THE ROAD TO NETWORK SECURITY OR THE VALUE OF SMALL COBBLESTONES
,
1994
.
[2]
Carl Pomerance,et al.
The Development of the Number Field Sieve
,
1994
.
[3]
Thomas Beth,et al.
TESS: A security system based on discrete exponentiation
,
1994,
Comput. Commun..
[4]
Arjen K. Lenstra,et al.
A World Wide Number Field Sieve Factoring Record: On to 512 Bits
,
1996,
ASIACRYPT.
[5]
Taher ElGamal,et al.
A public key cyryptosystem and signature scheme based on discrete logarithms
,
1985
.
[6]
David D. Clark,et al.
Architectural considerations for a new generation of protocols
,
1990,
SIGCOMM '90.
[7]
Ralf Steinmetz,et al.
Evaluation of Different Video Encryption Methods for a Secure Multimedia Conferencing Gateway
,
1997,
COST 237 Workshop.
[8]
Whitfield Diffie,et al.
New Directions in Cryptography
,
1976,
IEEE Trans. Inf. Theory.
[9]
Sun Microsystems,et al.
RPC: Remote Procedure Call Protocol specification
,
1988,
RFC.
[10]
Michel Barlaud,et al.
Image coding using wavelet transform
,
1992,
IEEE Trans. Image Process..
[11]
Thomas Plagemann,et al.
A model for dynamic configuration of light-weight protocols
,
1992,
Proceedings of the Third Workshop on Future Trends of Distributed Computing Systems.
[12]
Erik Wilde,et al.
Group and session management for collaborative applications
,
1997
.
[13]
Colin Boyd,et al.
On Strengthening Authentication Protocols to Foil Cryptanalysis
,
1994,
ESORICS.
[14]
Alfred Menezes,et al.
Elliptic curve public key cryptosystems
,
1993,
The Kluwer international series in engineering and computer science.
[15]
G. T. Gangemi,et al.
Computer Security Basics
,
2006
.
[16]
Markus Jakobsson,et al.
Abuse-Free Optimistic Contract Signing
,
1999,
CRYPTO.
[17]
Oded Goldreich,et al.
A randomized protocol for signing contracts
,
1985,
CACM.