Title :
Trading off strength and performance in network authentication: experience with the ACSA project
Author :
Adcock, Jamison M. ; Balenson, David M. ; Carman, David W. ; Heyman, Michael ; Sherman, Alan T.
Author_Institution :
Network Associates Inc., USA
fDate :
6/22/1905 12:00:00 AM
Abstract :
The Adaptive Cryptographically Synchronized Authentication (ACSA) Project offers a new approach to data authentication in networks by trading off authentication strength and performance. In ACSA, the communicants select among various authentication gears to balance their performance and security needs. These gears include three basic groups: (1) conventional mechanisms that are computationally intensive but considered highly secure; (2) higher-speed, lower-strength mechanisms including Universal Message Authentication Codes (UMACs) and our novel inner-function group (IFG) with bit scattering; and (3) Partial MACs (PMACs) that calculate the authentication tag on only a subset of the message. We are implementing a prototype ACSA System based on the popular IPsec protocols and are demonstrating its effectiveness on high-speed network applications
Keywords :
computer network management; message authentication; ACSA project; Adaptive Cryptographically Synchronized Authentication; IPsec protocols; Partial MACs; Universal Message Authentication Codes; bit scattering; conventional mechanisms; data authentication; inner-function group; network authentication; Authentication; Computer science; Computer security; Contracts; Cryptography; Electrical capacitance tomography; Forgery; Gears; Intelligent networks; Prototypes;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings
Conference_Location :
Hilton Head, SC
Print_ISBN :
0-7695-0490-6
DOI :
10.1109/DISCEX.2000.824971