Change search
ReferencesLink to record
Permanent link

Direct link
Toward Adjustable Lightweight Authentication for Network Access Control
Responsible organisation
2005 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The increasing use of Internet access networks raises the demand for secure and reliable communication for both users and businesses. Traditionally, the aim has been to provide the strongest possible security. However, with the demand for low-power computing it has become desirable to develop security mechanisms which efficiently utilize available resources. The tradeoff between performance and security plays an important role. In general, strong security is added even if there is no attack. The implementation of strong and resource demanding security often implies more than a secure system; it may deteriorate the performance of a device with limited resources and pave the way for new threats such as resource exhaustion. It is, therefore, unwise to use strong cryptographic algorithms for devices with limited resources in the absence of an adversary. It is more efficient to begin with lightweight security, taking further measures when an attack is detected. The overall focus of this thesis is on adjustable and lightweight authentication protocols for network access control. The thesis studies the performance degradation of strong security using empirical tests on IP security (IPSec) with a visual bottleneck indicator based on the time-discrete fluid flow model and throughput histogram differences. The results emphasize the possibility of a Denial of Service (DoS) attack against IPSec itself. The redundant authentication performed in a Wireless Local Area Network (WLAN) also motivates the development and evaluation of novel lightweight authentication protocols for the link and network layer. The developed authentication protocols are resource efficient, per-packet based, and robust in terms of handling packet loss. The protocols are further used as part of a hierarchical defense structure, which has been implemented and evaluated in order to mitigate protocol based DoS attacks. Finally, this thesis presents the concept of Always Best Security (ABS) and a practical decision making model based on the Analytic Hierarchy Process. The model takes a number of factors into consideration, including subjective and objective aspects of security in order to select an adequate authentication level. It is a flexible model which formalizes quantitative and qualitative considerations of a defined set of criteria, keeping Quality of Service in mind.

Place, publisher, year, edition, pages
Karlskrona: Blekinge Institute of Technology , 2005. , 205 p.
Blekinge Institute of Technology Doctoral Dissertation Series, ISSN 1653-2090 ; 9
National Category
Computer Science Telecommunications
URN: urn:nbn:se:bth-00310Local ID: 91-7295077-3OAI: diva2:838207
Available from: 2012-09-18 Created: 2006-01-13 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(3100 kB)37 downloads
File information
File name FULLTEXT01.pdfFile size 3100 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Johnson, Henric
Computer ScienceTelecommunications

Search outside of DiVA

GoogleGoogle Scholar
Total: 37 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 46 hits
ReferencesLink to record
Permanent link

Direct link