Subtransport Level: The Right Place for End-to-End Security Mechanisms

David P. Anderson and Domenico Ferrari and P. Venkat Rangan

EECS Department, University of California, Berkeley

Technical Report No. UCB/CSD-87-346

, 1987

http://www2.eecs.berkeley.edu/Pubs/TechRpts/1987/CSD-87-346.pdf

We argue that end-to-end authentication and privacy in loosely-coupled distributed systems are not only achievable by mechanisms at the host-to-host (i.e., subtransport) level under generally satisfiable conditions, but that this solution can be more advantageous than those based on security mechanisms at higher levels of the protocol hierarchy in terms of both functionality and performance. We introduce a model of communication security and a subtransport-level protocol called ADP (the Authenticated Datagram Protocol), which provides end-to-end authentication and privacy consistently with the definitions of the model. We then discuss the advantages of the subtransport approach, and present some experimental results from the measurement of a prototype of ADP that confirm the expected performance benefits of this approach.

BibTeX citation:

@techreport{Anderson:CSD-87-346,
    Author= {Anderson, David P. and Ferrari, Domenico and Rangan, P. Venkat},
    Title= {Subtransport Level: The Right Place for End-to-End Security Mechanisms},
    Year= {1987},
    Month= {Mar},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/1987/5580.html},
    Number= {UCB/CSD-87-346},
    Abstract= {We argue that end-to-end authentication and privacy in loosely-coupled distributed systems are not only achievable by mechanisms at the host-to-host (i.e., subtransport) level under generally satisfiable conditions, but that this solution can be more advantageous than those based on security mechanisms at higher levels of the protocol hierarchy in terms of both functionality and performance. We introduce a model of communication security and a subtransport-level protocol called ADP (the Authenticated Datagram Protocol), which provides end-to-end authentication and privacy consistently with the definitions of the model. We then discuss the advantages of the subtransport approach, and present some experimental results from the measurement of a prototype of ADP that confirm the expected performance benefits of this approach.},
}

EndNote citation:

%0 Report
%A Anderson, David P. 
%A Ferrari, Domenico 
%A Rangan, P. Venkat 
%T Subtransport Level: The Right Place for End-to-End Security Mechanisms
%I EECS Department, University of California, Berkeley
%D 1987
%@ UCB/CSD-87-346
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/1987/5580.html
%F Anderson:CSD-87-346