TAILIEUCHUNG - A Study of the Relative Costs of Network Security Protocols

When data confidentiality is compromised, the consequence to an enterprise is not always immediate but it can be costly. For example, if a hacker gains access to an organization's e-mail system, proprietary information that provides competitive advantage might be stolen resulting in a loss of research and development dollars spent in gaining that advantage. When data integrity is compromised, an organization must often incur prohibitive costs to correct the consequences of attacks. For instance, a malicious hacker might modify a Web site, replacing relevant information with nonsensical or offensive content. This compels the proprietor of the site to spend money not only to fix the. | A Study of the Relative Costs of Network Security Protocols Stefan Miltchev Sotiris Ioannidis miltchev@ sotiris@ University of Pennsylvania University of Pennsylvania Angelos D. Keromytis angelos@ Columbia University Abstract While the benefits of using IPsec to solve a significant number of network security problems are well known and its adoption is gaining ground very little is known about the communication overhead that it introduces. Quantifying this overhead will make users aware of the price of the added security and will assist them in making well-informed IPsec deployment decisions. In this paper we investigate the performance of IPsec using micro- and macro-benchmarks. Our tests explore how the various modes of operation and encryption algorithms affect its performance and the benefits of using cryptographic hardware to accelerate IPsec processing. Finally we compare against other secure data transfer mechanisms such as SSL scp 1 and sftp 1 . 1 Introduction The increasing need for protecting data communications has led to the development of several protocols that provide very similar services most notably data se-crecy integrity and origin authentication. Examples of such protocols include IPsec SSL TLS and SSH 8 2 11 . While each of the protocols is based on a different set of assumptions with respect to its model of use implementation characteristics and supporting applications they all fundamentally address the same problem namely to protect the secrecy and integrity of data transferred over an untrustworthy network such as the Internet. Securing the data while in transit is not sufficient by itself in building a secure network data storage key management user interface and backup security must also be addressed to provide a comprehensive security posture. These are often overlooked yet are an essential This work was supported by DARPA under Contract F39502-99-1-0512-MOD P0001. part of a secure system. .

• An ninh - Bảo mật
• Bahia State
• Functional Equilibrium
• Promoter
• Early Detection
• Clinical Setting
• Prevention and Early Detection
• Drivers of Parasitoid
• Wasps Community
• Composition
• Cacao Agroforestry
• Government intends
• improve access to medicines
• publishing patient
• Federal Constitution
• Law Regulations
• biological and medical