Skip to main content

Multiple-Channel Security Architecture and its Implementation over SSL

Abstract

This paper presents multiple-channel SSL (MC-SSL), an architecture and protocol for protecting client-server communications. In contrast to SSL, which provides a single end-to-end secure channel, MC-SSL enables applications to employ multiple channels, each with its own cipher suite and data-flow direction. Our approach also allows for several partially trusted application proxies. The main advantages of MC-SSL over SSL are (a) support for end-to-end security in the presence of partially trusted proxies, and (b) selective data protection for achieving computational efficiency important to resource-constrained clients and heavily loaded servers.

[123456789101112131415161718192021]

References

  1. 1.

    Dierks T, Allen C: The TLS Protocol Version 1.0. RFC 2246, January 1999

  2. 2.

    Schneier B: Applied Cryptography. 2nd edition. John Wiley & Sons, New York, NY, USA; 1996.

    Google Scholar 

  3. 3.

    Rhee MY: Internet Security : Cryptographic Principles, Algorithms and Protocols. John Wiley & Sons, New York, NY, USA; 2003.

    Google Scholar 

  4. 4.

    WAP Forum WAP 2.0 Specifications, http://www.openmobilealliance.org/

  5. 5.

    Ravi S, Raghunathan A, Potlapally N: Securing wireless data: system architecture challenges. Proceedings of the International Symposium on System Synthesis, October 2002, Kyoto, Japan 195-200.

    Google Scholar 

  6. 6.

    Lee J, Leung VCM, Beznosov K: Analysis of scalable security–MC-SSL savings. In Tech. Rep. LERSSE-TR-2005-02. Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University of British Columbia, Vancouver, BC, Canada; October 2005.

    Google Scholar 

  7. 7.

    Portmann M, Seneviratne A: Selective security for TLS. Proceedings of the 9th IEEE International Conference on Networks (ICON '01), October 2001, Bangkok, Thailand 216-221.

    Google Scholar 

  8. 8.

    Kennedy DJ: An architecture for secure, client-driven deployment of application-specific proxies, M.S. thesis. University of Waterloo, Waterloo, Ontario, Canada; 2000.

    Google Scholar 

  9. 9.

    Kwon EK, Cho YG, Chae KJ: Integrated transport layer security: end-to-end security model between WTLS and TLS. Proceedings of 15th International Conference on Information Networking, January-February 2001, Oita, Japan 65-71.

    Google Scholar 

  10. 10.

    W3C XML Signature Recommendations, February 2002, http://www.w3.org/Signature/

  11. 11.

    W3C XML Encryption Recommendations, December 2002, http://www.w3.org/Encryption/

  12. 12.

    OASIS Open : Web Services Security: SOAP Message Security. , August 2003 http://www.oasis-open.org/committees/documents.php?wg_abbrev=wss

  13. 13.

    OASIS Open : Web Services Security X.509 Certificate Token Profile. working draft 11, October 2003, http://www.oasis-open.org/committees/documents.php?wg_abbrev=wss

  14. 14.

    OASIS Open : Web Services Security Kerberos Certificate Token Profile. working draft 03, January 2003, http://www.oasis-open.org/committees/documents.php?wg_abbrev=wss

  15. 15.

    OASIS Open : Web Services Security Username Token Profile. working draft 04, October 2003, http://www.oasis-open.org/committees/documents.php?wg_abbrev=wss

  16. 16.

    Lesniewski-Laas C, Frans Kaashoek M: SSL splitting: securely serving data from untrusted caches. Proceedings of the 12th USENIX Security Symposium, August 2003, Washington, DC, USA 187-200.

    Google Scholar 

  17. 17.

    W3C HTML 4.01, December 1999, http://www.w3.org/TR/html4/

  18. 18.

    W3C XHTML 2.0, July 2004, http://www.w3.org/TR/xhtml2/

  19. 19.

    Kiczales G, Lamping J, Mendhekar A, et al.: Aspect-oriented programming. Proceedings of the 11th European Conference on Object-Oriented Programming, June 1997, Jyvaskyla, Finland 220-242.

    Google Scholar 

  20. 20.

    Song Y: Multiple-channel security model and its implementation over SSL, M.S. thesis. University of British Columbia, Vancouver, BC, Canada; 2004. http://lersse-dl.ece.ubc.ca/search.py?recid=94

    Google Scholar 

  21. 21.

    OpenSSL Project 2004.http://www.openssl.org/

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Konstantin Beznosov.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Song, Y., Beznosov, K. & Leung, V.C.M. Multiple-Channel Security Architecture and its Implementation over SSL. J Wireless Com Network 2006, 085495 (2006). https://doi.org/10.1155/WCN/2006/85495

Download citation

Keywords

  • Information System
  • System Application
  • Computational Efficiency
  • Data Protection
  • Multiple Channel