A user-focused security service architecture for communication networks

Abstract

This paper discusses how to include security into existing communication services in a way that increases the users' trust. Throughout this paper, we discuss a security architecture that enables secure communication services to both satisfy the users' security needs and protect investments into existing network infrastructure. Adding security implies penalties in cost, quality of service, or usage pattern. Thus, our proposal aims at optional security services that are activated by users on demand. We accomplish this by exploiting existing service interfaces to plug-in security services call-by-call. Communication services offer many benefits and become essential in people's business and private lives. Therefore, architects of communication networks need to address the users' security requirements more carefully than in the past. By including open security interfaces throughout the communication system design, users gain flexibility in choosing those security solutions that satisfy their requirements most efficiently. As the whole is no more secure than the weakest of its parts, separating security sensitive functions from highly complex communication functions promotes security. Additionally, this approach leads to security services that are mostly independent of the communication services they protect. Thus, these security services can be universally used and implemented in highly secure runtime environments. These portable and secure runtime environments can accompany the users wherever they go.