Integrating end-to-end encryption and authentication technology into broadband networks
Conference
·
OSTI ID:120001
BISDN services will involve the integration of high speed data, voice, and video functionality delivered via technology similar to Asynchronous Transfer Mode (ATM) switching and SONET optical transmission systems. Customers of BISDN services may need a variety of data authenticity and privacy assurances, via Asynchronous Transfer Mode (ATM) services Cryptographic methods can be used to assure authenticity and privacy, but are hard to scale for implementation at high speed. The incorporation of these methods into computer networks can severely impact functionality, reliability, and performance. While there are many design issues associated with the serving of public keys for authenticated signaling and for establishment of session cryptovariables, this paper is concerned with the impact of encryption itself on such communications once the signaling and setup have been completed. Network security protections should be carefully matched to the threats against which protection is desired. Even after eliminating unnecessary protections, the remaining customer-required network security protections can impose severe performance penalties. These penalties (further discussed below) usually involve increased communication processing for authentication or encryption, increased error rate, increased communication delay, and decreased reliability/availability. Protection measures involving encryption should be carefully engineered so as to impose the least performance, reliability, and functionality penalties, while achieving the required security protection. To study these trade-offs, a prototype encryptor/decryptor was developed. This effort demonstrated the viability of implementing certain encryption techniques in high speed networks. The research prototype processes ATM cells in a SONET OC-3 payload. This paper describes the functionality, reliability, security, and performance design trade-offs investigated with the prototype.
- Research Organization:
- Sandia National Labs., Albuquerque, NM (United States)
- Sponsoring Organization:
- USDOE, Washington, DC (United States)
- DOE Contract Number:
- AC04-94AL85000
- OSTI ID:
- 120001
- Report Number(s):
- SAND---95-2285C; CONF-9510189--4; ON: DE96002012
- Country of Publication:
- United States
- Language:
- English
Similar Records
Scalable end-to-end ATM encryption test results
Scalable ATM encryption
Scalable end-to-end encryption technology for supra-gigabit/second networking
Conference
·
Sun Oct 01 00:00:00 EDT 1995
·
OSTI ID:113987
Scalable ATM encryption
Conference
·
Fri Mar 31 23:00:00 EST 1995
·
OSTI ID:48621
Scalable end-to-end encryption technology for supra-gigabit/second networking
Technical Report
·
Thu May 01 00:00:00 EDT 1997
·
OSTI ID:10110788