Open Access

Multiple-Channel Security Architecture and its Implementation over SSL

EURASIP Journal on Wireless Communications and Networking20062006:085495

Received: 2 October 2005

Accepted: 21 April 2006

Published: 25 June 2006


This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. In contrast to SSL, which provides a single end-to-end secure channel, MC-SSL enables applications to employ multiple channels, each with its own cipher suite and data-flow direction. Our approach also allows for several partially trusted application proxies. The main advantages of MC-SSL over SSL are (a) support for end-to-end security in the presence of partially trusted proxies, and (b) selective data protection for achieving computational efficiency important to resource-constrained clients and heavily loaded servers.


Authors’ Affiliations

Department of Electrical and Computer Engineering, Faculty of Applied Sciences, University of British Columbia


  1. Dierks T, Allen C: The TLS Protocol Version 1.0. RFC 2246, January 1999Google Scholar
  2. Schneier B: Applied Cryptography. 2nd edition. John Wiley & Sons, New York, NY, USA; 1996.Google Scholar
  3. Rhee MY: Internet Security : Cryptographic Principles, Algorithms and Protocols. John Wiley & Sons, New York, NY, USA; 2003.Google Scholar
  4. WAP Forum WAP 2.0 Specifications,
  5. Ravi S, Raghunathan A, Potlapally N: Securing wireless data: system architecture challenges. Proceedings of the International Symposium on System Synthesis, October 2002, Kyoto, Japan 195-200.Google Scholar
  6. Lee J, Leung VCM, Beznosov K: Analysis of scalable security–MC-SSL savings. In Tech. Rep. LERSSE-TR-2005-02. Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University of British Columbia, Vancouver, BC, Canada; October 2005.Google Scholar
  7. Portmann M, Seneviratne A: Selective security for TLS. Proceedings of the 9th IEEE International Conference on Networks (ICON '01), October 2001, Bangkok, Thailand 216-221.Google Scholar
  8. Kennedy DJ: An architecture for secure, client-driven deployment of application-specific proxies, M.S. thesis. University of Waterloo, Waterloo, Ontario, Canada; 2000.Google Scholar
  9. Kwon EK, Cho YG, Chae KJ: Integrated transport layer security: end-to-end security model between WTLS and TLS. Proceedings of 15th International Conference on Information Networking, January-February 2001, Oita, Japan 65-71.View ArticleGoogle Scholar
  10. W3C XML Signature Recommendations, February 2002,
  11. W3C XML Encryption Recommendations, December 2002,
  12. OASIS Open : Web Services Security: SOAP Message Security. , August 2003
  13. OASIS Open : Web Services Security X.509 Certificate Token Profile. working draft 11, October 2003,
  14. OASIS Open : Web Services Security Kerberos Certificate Token Profile. working draft 03, January 2003,
  15. OASIS Open : Web Services Security Username Token Profile. working draft 04, October 2003,
  16. Lesniewski-Laas C, Frans Kaashoek M: SSL splitting: securely serving data from untrusted caches. Proceedings of the 12th USENIX Security Symposium, August 2003, Washington, DC, USA 187-200.Google Scholar
  17. W3C HTML 4.01, December 1999,
  18. W3C XHTML 2.0, July 2004,
  19. Kiczales G, Lamping J, Mendhekar A, et al.: Aspect-oriented programming. Proceedings of the 11th European Conference on Object-Oriented Programming, June 1997, Jyvaskyla, Finland 220-242.Google Scholar
  20. Song Y: Multiple-channel security model and its implementation over SSL, M.S. thesis. University of British Columbia, Vancouver, BC, Canada; 2004. Scholar
  21. OpenSSL Project 2004.


© Yong Song et al. 2006

This article is published under license to BioMed Central Ltd. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.