Skip to main content

Multiple-Channel Security Architecture and its Implementation over SSL


This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. In contrast to SSL, which provides a single end-to-end secure channel, MC-SSL enables applications to employ multiple channels, each with its own cipher suite and data-flow direction. Our approach also allows for several partially trusted application proxies. The main advantages of MC-SSL over SSL are (a) support for end-to-end security in the presence of partially trusted proxies, and (b) selective data protection for achieving computational efficiency important to resource-constrained clients and heavily loaded servers.



  1. Dierks T, Allen C: The TLS Protocol Version 1.0. RFC 2246, January 1999

  2. Schneier B: Applied Cryptography. 2nd edition. John Wiley & Sons, New York, NY, USA; 1996.

    Google Scholar 

  3. Rhee MY: Internet Security : Cryptographic Principles, Algorithms and Protocols. John Wiley & Sons, New York, NY, USA; 2003.

    Google Scholar 

  4. WAP Forum WAP 2.0 Specifications,

  5. Ravi S, Raghunathan A, Potlapally N: Securing wireless data: system architecture challenges. Proceedings of the International Symposium on System Synthesis, October 2002, Kyoto, Japan 195-200.

    Google Scholar 

  6. Lee J, Leung VCM, Beznosov K: Analysis of scalable security–MC-SSL savings. In Tech. Rep. LERSSE-TR-2005-02. Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University of British Columbia, Vancouver, BC, Canada; October 2005.

    Google Scholar 

  7. Portmann M, Seneviratne A: Selective security for TLS. Proceedings of the 9th IEEE International Conference on Networks (ICON '01), October 2001, Bangkok, Thailand 216-221.

    Google Scholar 

  8. Kennedy DJ: An architecture for secure, client-driven deployment of application-specific proxies, M.S. thesis. University of Waterloo, Waterloo, Ontario, Canada; 2000.

    Google Scholar 

  9. Kwon EK, Cho YG, Chae KJ: Integrated transport layer security: end-to-end security model between WTLS and TLS. Proceedings of 15th International Conference on Information Networking, January-February 2001, Oita, Japan 65-71.

    Chapter  Google Scholar 

  10. W3C XML Signature Recommendations, February 2002,

  11. W3C XML Encryption Recommendations, December 2002,

  12. OASIS Open : Web Services Security: SOAP Message Security. , August 2003

  13. OASIS Open : Web Services Security X.509 Certificate Token Profile. working draft 11, October 2003,

  14. OASIS Open : Web Services Security Kerberos Certificate Token Profile. working draft 03, January 2003,

  15. OASIS Open : Web Services Security Username Token Profile. working draft 04, October 2003,

  16. Lesniewski-Laas C, Frans Kaashoek M: SSL splitting: securely serving data from untrusted caches. Proceedings of the 12th USENIX Security Symposium, August 2003, Washington, DC, USA 187-200.

    Google Scholar 

  17. W3C HTML 4.01, December 1999,

  18. W3C XHTML 2.0, July 2004,

  19. Kiczales G, Lamping J, Mendhekar A, et al.: Aspect-oriented programming. Proceedings of the 11th European Conference on Object-Oriented Programming, June 1997, Jyvaskyla, Finland 220-242.

    Google Scholar 

  20. Song Y: Multiple-channel security model and its implementation over SSL, M.S. thesis. University of British Columbia, Vancouver, BC, Canada; 2004.

    Google Scholar 

  21. OpenSSL Project 2004.

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Konstantin Beznosov.

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 2.0 International License ( ), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Reprints and permissions

About this article

Cite this article

Song, Y., Beznosov, K. & Leung, V.C.M. Multiple-Channel Security Architecture and its Implementation over SSL. J Wireless Com Network 2006, 085495 (2006).

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: