| 1. |
|
|
| 2. |
- Faigl, Zoltán, et al.
(författare)
-
Experimental Evaluation of the Performance Costs of Different IKEv2 Authentication Methods
- 2008
-
Konferensbidrag (refereegranskat)abstract
- This paper presents an experimental evaluation of the costs of different IKEv2 authentication methods. The studied methods are pre-shared keys (PSK), extensible authentication protocol (EAP) using MD5 and TLS, which are typically referred to as EAP-MD5 and EAP-TLS, respectively. For the EAP-based methods RADIUS is used as AAA server. Different lengths of certification chains are studied in the EAP-TLS case. The paper first presents a brief overview of the considered authentication methods. Then, an experimental comparison of the costs for computations and messages transfers associated with the authentication methods are provided. The measurement results illustrate the practical costs involved for IKEv2 authentication, and show the performance implications of using different authentication methods. EAP-TLS is several times more demanding than both PSK and EAP-MD5. When EAP-TLS is used, the length of certificate chains also has a notable impact on performance
|
|
| 3. |
- Faigl, Zoltán, et al.
(författare)
-
IKEv2 Performance when Protecting Mobile IPv6 Signaling
- 2007
-
Konferensbidrag (refereegranskat)abstract
- This paper describes an analysis of the performance overheads caused by the processing and space requirements of the IKEv2 protocol using Diameter and EAP-TLS authentication when protecting Mobile IPv6 signaling. IKEv2 negotiation between mobile nodes, the home agent, and the AAA server in a large-scale reference scenario is considered. The analysis is based on queuing theory and focuses on the overall utilization of the home agent and the AAA server by the IKEv2 reauthentication processes as well as the total mean response time for such a process in the network
|
|
| 4. |
- Faigl, Zoltán, et al.
(författare)
-
Performance Analysis of IPsec in MIPv6 Scenarios
- 2007
-
Konferensbidrag (refereegranskat)abstract
- This paper describes an analysis of the performance overheads caused by the processing and space requirements of IPsec when protecting Mobile IPv6 (MIPv6) signaling. Signaling between the Mobile Nodes and the Home Agent (HA) in a large-scale reference scenario is considered. The analysis is based on queuing theory and focuses on the overall utilization of the HA by the MIPv6 signaling processes as well as the total mean response time for a mobility process in the network. The results can assist network designers in finding the most appropriate security configuration for their specific network and mobility scenario
|
|
| 5. |
- Faigl, Zoltán, et al.
(författare)
-
Providing Tunable Security in IEEE 802.11i Enabled Networks
- 2006
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- The basic idea of QoS is to provide mechanisms that can offer different service levels, which are expressed through well-defined parameters that are specified at run-time on the basis of need. Bit rate, throughput, delay, jitter, and packet loss rate are all examples of common QoS parameters suggested for packet networks. These parameters are all aimed to express(and guarantee) a certain service level with respect to reliability and/or performance. In this report, we investigate how security can be treated as yet another QoS parameter through the use of tunable security services. The main idea with this work is to let users specify a trade-off between security and performance through the choice of available security configuratio (s). The performance metric used is latency. The concept is illustrated using the IEEE 802.11i wireless local area networking standard.
|
|
| 6. |
- Lindskog, Stefan, et al.
(författare)
-
A Conceptual Model for Analysis and Design of Tunable Security Services
- 2008
-
Ingår i: Journal of Networks. - : Academy Publisher.
-
Tidskriftsartikel (refereegranskat)abstract
- Security is an increasingly important issue for networked services. However, since networked environments may exhibit varying networking behavior and contain heterogeneous devices with varying resources tunable security services are needed. A tunable security service is a service that provides different security configurations that are selected, and possibly altered, at run-time. In this paper, we propose a conceptual model for analysis and design of tunable security services. The proposed model can be used to describe and compare existing tunable security services and to identify missing requirements. Five previously proposed services are analyzed in detail in the paper. The analysis illustrates the powerfulness of the model, and highlights some key aspects in the design of tunable security services. Based on the conceptual model, we also present a high-level design methodology that can be used to identify the most appropriate security configurations for a particular scenario
|
|
| 7. |
- Lindskog, Stefan, 1967-, et al.
(författare)
-
A Conceptual Model of Tunable Security Services
- 2006
-
Ingår i: Wireless Communication Systems, 2006.. - Piscataway, NJ : IEEE. - 9781424403981 ; , s. 531-535
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we propose a conceptual model for tunable security services. The aim of the model is to provide a tool that can be used to describe and analyze such services in a structured and consistent way. The proposed model can thus serve as a basis to examine the possibilities available for constructing tunable security services based on current and future networking standards and to identify missing requirements. It can also be used to describe and compare previous research results. In the paper, four different use cases are presented that illustrates the powerfulness of the proposed model.
|
|
| 8. |
- Lindskog, Stefan, et al.
(författare)
-
A Measurement Study on IKEv2 Authentication Performance in Wireless Networks
- 2009
-
Konferensbidrag (refereegranskat)abstract
- This paper presents an experimental evaluation of the performance costs of a wide variety of authentication methods over IKEv2 in wireless networks. The studied methods are preshared keys (PSK), extensible authentication protocol (EAP) using MD5, SIM, TTLS-MD5, TLS, and PEAP-MSCHAPv2. For the EAP-based methods RADIUS is used as authentication, authorization, and accounting (AAA) server. Two network scenarios, WiFi and UMTS, are considered. The measurement results illustrate the practical costs involved for IKEv2 authentication, and show significant performance differences between the methods
|
|
| 9. |
- Lindskog, Stefan, et al.
(författare)
-
Analyzing Tunable Security Services
- 2006
-
Konferensbidrag (refereegranskat)abstract
- This paper analyzes three existing tunable security services based on a conceptual model. The aim of the study is to examine the tunable features provided by the different services in a structured and consistent way. This implies that for each service user preferences as well as environment and application characteristics that influence the choice of a certain security configuration are identified and discussed
|
|
| 10. |
- Lindskog, Stefan, et al.
(författare)
-
Performance Evaluation of IKEv2 Authentication Methods in Next Generation Wireless Networks
- 2010
-
Ingår i: Journal of Security and Communication Networks. - : Wiley InterScience. - 1939-0122. ; 3:1, s. 83-98
-
Tidskriftsartikel (refereegranskat)abstract
- Secure communications have a key role in future networks and applications. Information security provisions such as authorization, authentication, and encryption must be added to current communications protocols. To accomplish this, each protocol must be reexamined to determine the impact on performance of adding such security services. This paper presents an experimental evaluation of the performance costs of a wide variety of authentication methods over IKEv2 in real and partly emulated scenarios of next generation wireless networks. The studied methods are pre-shared keys (PSKs), extensible authentication protocol (EAP) using MD5, SIM, TTLS-MD5, TLS, and PEAP-MSCHAPv2. For the EAP-based methods, RADIUS is used as the authentication, authorization, and accounting (AAA) server. Different lengths of certificate chains are studied in case of the TLS-based methods, i.e., TTLS-MD5, TLS, and PEAP-MSCHAPv2. The paper first presents a brief overview of the considered authentication methods. Then, a comparison of the costs for message transfers and computations associated with the authentication methods is provided. The measurement results are verified through a simple analysis, and interpreted by discussing the main contributing factors of the costs. The measurement results illustrate the practical costs involved for IKEv2 authentication, and the implications of the use of different methods are discussed
|
|
| 11. |
|
|
| 12. |
- Lindskog, Stefan, et al.
(författare)
-
Providing Tunable Security Services: An IEEE 802.11i Example
- 2006
-
Konferensbidrag (refereegranskat)abstract
- The basic idea of QoS is to provide mechanisms that can offer different service levels, which are expressed through well-defined parameters that are specified at run-time on the basis of need. Bit rate, throughput, delay, jitter, and packet loss rate are all examples of common QoS parameters suggested for packet networks. These parameters are all aimed to express (and guarantee) a certain service level with respect to reliability and/or performance. In this paper, we investigate how security can be treated as yet another QoS parameter through the use of tunable security services. The main idea with this work is to let users specify a trade-off between security and performance through the choice of available security configuration(s). The performance metric used is latency. The concept is illustrated using the IEEE 802.11i wireless local area networking standard
|
|
| 13. |
- Lindskog, Stefan, et al.
(författare)
-
Tunable Security Services for Wireless Networks
- 2008
-
Ingår i: Adaptation and Cross Layer Design in Wireless Networks. - Boca Raton, FL, USA : CRC.
-
Bokkapitel (refereegranskat)abstract
- This chapter introduces the concept of tunable security services for wireless networks. The aim of the chapter is to describe how security can be traded against performance. A survey and analysis of existing tunable services, which have been explicitly designed to offer various security levels during system operation, is provided. In total eight different services are analyzed in detail. The selection of services is made to cover a broad spectrum of services and to illustrate services at different communication layers. Two services from each of the following four layers are described and analyzed: application layer, transport layer, network layer, and, data link layer. Additional tunable security services are also briefly introduced. The analysis illustrates that tunability can be used in many different contexts and achieved through various mechanisms. From the analysis it is also evident that more suitable security and performance metrics are needed
|
|
