A Conceptual Model for Analysis and Design of Tunable Security Services

Security is an increasingly important issue for networked services. However, since networked environments may exhibit varying networking behavior and contain heterogeneous devices with varying resources tunable security services are needed. A tunable security service is a service that provides different security configurations that are selected, and possibly altered, at run-time. In this paper, we propose a conceptual model for analysis and design of tunable security services. The proposed model can be used to describe and compare existing tunable security services and to identify missing requirements. Five previously proposed services are analyzed in detail in the paper. The analysis illustrates the powerfulness of the model, and highlights some key aspects in the design of tunable security services. Based on the conceptual model, we also present a high-level design methodology that can be used to identify the most appropriate security configurations for a particular scenario.

[1]  A. Brunstrom,et al.  A Conceptual Model of Tunable Security Services , 2006, 2006 3rd International Symposium on Wireless Communication Systems.

[2]  P. Keeratiwintakorn,et al.  Energy Efficient Security Services for Limited Wireless Devices , 2006, 2006 1st International Symposium on Wireless Pervasive Computing.

[3]  Andreas Uhl,et al.  SELECTIVE BITPLANE ENCRYPTION FOR SECURE TRANSMISSION OF IMAGE DATA IN MOBILE ENVIRONMENTS , 2002 .

[4]  Prashant Krishnamurthy,et al.  On a framework for energy-efficient security protocols in wireless networks , 2004, Comput. Commun..

[5]  Marc Van Droogenbroeck,et al.  Techniques for a selective encryption of uncompressed and compressed images , 2002 .

[6]  Daniel A. Menascé,et al.  A methodology for analyzing the performance of authentication protocols , 2002, TSEC.

[7]  Todd M. Austin,et al.  Architectural support for fast symmetric-key cryptography , 2000, SIGP.

[8]  K. Schwan,et al.  Dynamic authentication for high-performance networked applications , 1998, 1998 Sixth International Workshop on Quality of Service (IWQoS'98) (Cat. No.98EX136).

[9]  Anantha Chandrakasan,et al.  Low power scalable encryption for wireless systems , 1998, Wirel. Networks.

[10]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Public Key Cryptography.

[11]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[12]  E. Bruce Lee,et al.  Ciphers and their products: group theory in private key cryptography , 1999 .

[13]  Frank Gadegast Securitymechanisms for Multimedia-Data with the Example MPEG-I-Video , 1998 .

[14]  Hesham H. Ali,et al.  Impact of Employing Different Security Levels on QoS Parameters in Virtual Private Networks , 2006, Parallel and Distributed Computing and Networks.

[15]  Henric Johnson,et al.  Toward Adjustable Lightweight Authentication for Network Access Control , 2005 .

[16]  E. Spyropoulou,et al.  Quality of security service : adaptive security , 2005 .

[17]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[18]  Stefan Lindskog,et al.  Using Guesswork as a Measure for Confidentiality of Selectively Encrypted Messages , 2006, Quality of Protection.

[19]  T. Saaty,et al.  Why the magic number seven plus or minus two , 2003 .

[20]  Yongcheng Li,et al.  Security enhanced MPEG player , 1996, Proceedings International Workshop on Multimedia Software Development.

[21]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[22]  Lazaros F. Merakos,et al.  A generic characterization of the overheads imposed by IPsec and associated cryptographic algorithms , 2006, Comput. Networks.

[23]  Bruce Schneier,et al.  Performance Comparison of the AES Submissions , 1999 .

[24]  Tim Wright,et al.  Transport Layer Security (TLS) Extensions , 2003, RFC.

[25]  Steven Furnell,et al.  Considering the Usability of End-User Security Software , 2006, SEC.

[26]  Douglas C. Sicker,et al.  Selective encryption for consumer applications , 2004, First IEEE Consumer Communications and Networking Conference, 2004. CCNC 2004..

[27]  Matthew J. Fanto,et al.  SP 800-52. Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations , 2005 .

[28]  Debanjan Saha,et al.  Transport layer security: how much does it really cost? , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[29]  Klara Nahrstedt,et al.  Quality of protection for mobile multimedia applications , 2003, 2003 International Conference on Multimedia and Expo. ICME '03. Proceedings (Cat. No.03TH8698).

[30]  Cynthia E. Irvine,et al.  IPsec Modulation for Quality of Security Service , 2002 .

[31]  A. Brunstrom,et al.  Design and implementation of a tunable encryption service for networked applications , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[32]  Stefan Lindskog,et al.  Providing Tunable Security Services: An IEEE 802.11i Example , 2006, 2006 Securecomm and Workshops.

[33]  J. Massey Guessing and entropy , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[34]  Jerome H. Saltzer,et al.  Kerberos authentication and authorization system , 1987 .

[35]  Douglas Sicker,et al.  Selective encryption for consumer applications , 2004, CCNC.

[36]  Creighton Tsuan-Ren Hager,et al.  Context Aware and Adaptive Security for Wireless Networks , 2004 .