Integrating end-to-end encryption and authentication technology into broadband networks
BISDN services will involve the integration of high speed data, voice, and video functionality delivered via technology similar to Asynchronous Transfer Mode (ATM) switching and SONET optical transmission systems. Customers of BISDN services may need a variety of data authenticity and privacy assurances, via Asynchronous Transfer Mode (ATM) services Cryptographic methods can be used to assure authenticity and privacy, but are hard to scale for implementation at high speed. The incorporation of these methods into computer networks can severely impact functionality, reliability, and performance. While there are many design issues associated with the serving of public keys for authenticated signaling and for establishment of session cryptovariables, this paper is concerned with the impact of encryption itself on such communications once the signaling and setup have been completed. Network security protections should be carefully matched to the threats against which protection is desired. Even after eliminating unnecessary protections, the remaining customer-required network security protections can impose severe performance penalties. These penalties (further discussed below) usually involve increased communication processing for authentication or encryption, increased error rate, increased communication delay, and decreased reliability/availability. Protection measures involving encryption should be carefully engineered so as to impose the least performance, reliability, and functionality penalties, while achieving the required security protection. To study these trade-offs, a prototype encryptor/decryptor was developed. This effort demonstrated the viability of implementing certain encryption techniques in high speed networks. The research prototype processes ATM cells in a SONET OC-3 payload. This paper describes the functionality, reliability, security, and performance design trade-offs investigated with the prototype.
- Research Organization:
- Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
- Sponsoring Organization:
- USDOE, Washington, DC (United States)
- DOE Contract Number:
- AC04-94AL85000
- OSTI ID:
- 120001
- Report Number(s):
- SAND-95-2285C; CONF-9510189-4; ON: DE96002012; TRN: AHC29527%%144
- Resource Relation:
- Conference: Phototonics East `95, Philadelphia, PA (United States), 22-26 Oct 1995; Other Information: PBD: [1995]
- Country of Publication:
- United States
- Language:
- English
Similar Records
Scalable ATM encryption
Scalable end-to-end encryption technology for supra-gigabit/second networking