Abstract
The research activities in secure computer networks have paid little attention to the tradeoff between security and other quality requirements of the communication service. This paper aims to introduce performance aspects regarding secure computer networks. First, we attempt to quantify the tradeoff between security and performance in secure data communication systems by means of queueing theory. Our second target is to reduce the performance degradation caused by the security mechanisms and protocols. For this purpose, optimization concepts are proposed. The key points in the optimization concepts are: preprocessing, message segmenting and compression. They have to be integrated or considered in secure communication protocols to improve their performance characteristics. Preprocessing aims to exploit the idle periods of the system (e.g., computer or special crypto-chip), to take the stochastic nature of such communication processes into consideration, e.g., using the OFB-mode for generating (pseudo) random bit sequences after connection establishment. Segmenting is proposed for long messages in order to better exploit the pipeline nature of communication systems. Also, compression is discussed as a means to further improve the performance measures of secure communication.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
D. Chaum: Security Without Identification: Transaction Systems to Make Big Brother Obsolete, Communications of the ACM, Oct. 1985, V. 28, No. 10, pp. 1030–1044.
D. W. Davies, W. L. Price: Security for Computer Networks, John Willey & Sons, Inc., Second Edition, 1989.
D. Gollmann, T. Beth, F. Damm: Authentication services in distributed systems, Computers & Security, 12 (1993), pp. 753–764.
M. J. Johnson: Using high-performance networks to enable computational aerosciences applications, Proc. of the IFIP WG6.1/WG6.4 Third International Workshop on Protocols for High-Speed Networks, Stockholm, Sweden, 13–15 May, 1992, pp. 137–152.
R. R. Jueneman: Analysis of Certain Aspects of Output Feedback Mode, Proc. of CRYPTO 1982, Advances in Cryptology, Plenum Press 1983, pp. 99–127.
L. Kleinrock: Queueing Systems, Volume I: Theory, John Willey & Sons, Inc. 1975.
A. Pfitzmann, M. Waidner: Networks without User Observability, Computers & Security, 6 (1987), pp. 158–166.
W. Stallings: SNMP, SNMPv2 and CMIP: the practical guide to network management standards, Addison-Wesley Publishing Company, Inc., 1993.
J. J. Tardo, K. Alagappan: SPX: Global Authentication Using Public Key Certificates, Proc. 1991 IEEE Computer Society Symposium on Research in Security and Privacy, May 20–22, 1991, pp. 232–244.
A. S. Tanenbaum: Computer Networks, Prentice-Hall International Editions, Second Edition, 1989.
ISO 7498-2: Security Architecture.
CCITT 509: Authentication Framework.
ANS CO+RE Systems, Inc.: Interlock 2.1 and ANSKeyRing, (18.08.1993).
D. Bertsekas, R. Gallager: Data Netwotks, Prentice-Hall International Editions, 1987.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zorkadis, V. (1994). Security versus performance requirements in data communication systems. In: Gollmann, D. (eds) Computer Security — ESORICS 94. ESORICS 1994. Lecture Notes in Computer Science, vol 875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58618-0_54
Download citation
DOI: https://doi.org/10.1007/3-540-58618-0_54
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58618-0
Online ISBN: 978-3-540-49034-0
eBook Packages: Springer Book Archive