Abstract

Providing authentication is essential to network security. Conventional authentication mechanisms, however, cannot operate at speeds fast enough to meet the demands of ultra-fast networks. The Adaptive Cryptographically Synchronized Authentication (ACSA) project2 is exploring an effective solution to the dilemma of wanting fast networks and strong network authentication. As with conventional authentication methods, a sender constructs an authentication tag from an authentication key and a packet of network data. The authentication tag and network data are sent to and verified by a receiver. The choice of which of various methods of constructing authentication tags is first determined when a security association is established between the sender and receiver. However, unlike conventional methods, the ACSA model provides a novel performance-security tradeoff in which the network adaptively varies the level of authentication assurance based on processor load and authentication errors. The proposed method provides acceptable communication speed and authentication by changing the probability of detecting malicious activity, but in a manner such that an adversary cannot determine the current, cryptographically controlled security level.

Date

December 7, 1998

Authors

D Balenson, D Carman, M Heyman, A Sherman

Journal

Revision

Volume

1

Pages

55