Katrina Hensley-Captain, United States Marine Corps
B.A., University of Oklahoma, 1991
Fredrick Ludden-Captain, United States Army
B.S., Virginia Tech, 1989
Master of Science in Computer Science-September 1999
Advisor: Geoffrey G. Xie, Department of Computer Science
Second Reader: Cynthia Irvine, Department of Computer Science
In today’s world of integrating voice, video and data into a single network, Asynchronous Transfer Mode (ATM) networks have become prevalent in the Department of Defense. The Department of Defense’s critical data will have to pass through public networks, which causes concern for security. This study presents an efficient solution aimed at authenticating communications over public ATM networks. The authenticating device, “Stargate,” utilizes a high speed, low level authentication protocol that offers the low cost, flexibility, and extensibility of software, while still capable of yielding performance comparable to hardware-based authentication.
General Area of Research
The goal is to determine the feasibility and efficiency of a software based security scheme for ATM networks, to focus on cell origin authentication and authentication key management of ATM cells to establish secure end-to-end transmissions. The method used will be a device called, “Stargate”.
Research
Questions
1. How can Stargate take ATM cells and frame them with low overhead to the ATM network?
2. How can Stargate authenticate ATM traffic?
3. How will Stargate manage authentication keys for the trusted network?
4. How will Stargate handle multiple sessions for the user?
Discussion
The Department of Defense is continuing to increase its use of the Internet and other unsecure networks to pass data. In the future, the requirement to pass data throughout the world will expand to encompass voice and video as well as data and transaction processing. The emergence of broadband services, such as Asynchronous Transfer Mode (ATM), will allow the same network to support these and other integrated services. However, DoD needs a solution to ensure the authenticity of all types of data over unsecure networks. There exist proven, commercial products on the market today to protect data over unsecure networks, but the cost of these solutions in terms of transmission speed is already high and will only continue to rise.
One
successful solution of protecting data confidentiality over unsecure
networks is to encrypt each ATM cell at the point of presence from a
trusted network to the untrusted network. This encryption is done through
hardware and only encrypts the payload (data) of each ATM cell and not the
header information. This
particular solution costs nearly $450,000 per node
connection to an untrusted network.
We believe that this solution has unnecessary overhead by
encrypting and decrypting every cell, including cells that for various
reasons will be discarded.
Furthermore, this solution does not protect the authenticity of the
data; thus the origin of data could be an unfriendly source.
The goal of this thesis is to demonstrate a low-cost, high-speed method of authentication of ATM cells via a device called Stargate. This device will make use of digital signatures to encrypt “frames” of ATM cells. Additionally, this thesis will demonstrate the cell authentication can be accomplished efficiently through software instead of hardware. We believe a software implementation of this technique will be compatible with all DoD networks.
Scope of Research
The scope of this research is broken into two parts. One part focuses on assembling ATM cells into frames via software and subsequent authentication between nodes. The second part focuses on the key management between Stargates. Of secondary interest is the performance issues involved with Stargate. This thesis will limit its research to a basic ATM network design and will consist of operational testing of the cell authentication between two nodes. This thesis will not address ATM Signaling to setup virtual channels between nodes, as there are current techniques to securely establish them. Additionally, this thesis will not make any assumptions about the encryption of the actual data in the ATM traffic. Thus, the payload of the ATM cell may or may not be encrypted.
Methodology
Since this thesis is a joint effort of two students, specific areas of research and writing responsibility are assigned: HENSLEY:All logos and trademarks in this site are property of their respective owner. FAIR USE NOTICE: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, and for the general purpose of criticism, comment, news reporting, teaching, research and / or educational purposes only. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. If you wish to use this material for purposes other than provided by law. You must obtain permission from the copyright owner. For more information go to: http://fairuse.stanford.edu/Copyright_and_Fair_Use_Overview/chapter9/index.html,