Dynamic authentication for high-performance networked applications

Abstract

Focuses on the integrity and protection of information exchanged in high-performance networked computing applications. For these applications, security procedures are often omitted in the interest of performance. Since this may not be acceptable when using public communications media, our research makes explicit and then utilizes the inherent tradeoffs in realizing performance vs. security in communications. Toward this end, we expand the notion of QoS to include the level of security that can be offered within performance and CPU resource availability constraints. To address performance and security tradeoffs in asymmetric and dynamic client-server environments, we developed Authenticast, a dynamically configurable user-level communication protocol offering variable levels of security throughout the execution. Authenticast comprises multiple heuristics to realize dynamic security levels and to decide when and how to apply dynamic security. To demonstrate this protocol, we have implemented a prototype of a high-performance privacy system. This prototype offers a novel security control abstraction with which tradeoffs in security vs. performance may be made explicit and then utilized with dynamic client-server asymmetries. Authenticast uses the "security thermostat" to enable adaptive security processing. The results demonstrate increased scalability and improved performance when adaptive security is applied to the client-server platform with varying numbers of clients and varying resource availabilities at clients.