Context-agile encryption for high speed communication networks
Computer communication review
Different applications have different security requirements for data privacy, data integrity, and authentication. Encryption is one technique that addresses these requirements. Encryption hardware, designed for use in highspeed communications networks, can satisfy a wide variety of security requirements if the hardware implementation is key-agile, key length-agile, mode-agile, and algorithm-agile. Hence, context-agile encryption provides enhanced solutions to the secrecy, interoperability, and
... eroperability, and quality of service issues in high-speed networks. Moreover, having a single context-agile encryptor at an ATM aggregation point (such as a firewall) reduces hardware and administrative costs. While single-algorithm, key-agile encryptors exist, encryptors that are agile in a cryptographic robustness sense, are still research topics. Introduction Different applications have different security requirements for data privacy, data integrity, and authentication. Encryption is one technique that addresses these requirements. Encryption can protect proprietary information as it passes from one end of a complex computer network to the other, even through untrusted intermediate systems, such as on the Internet. Encryption technology has many other uses including encrypting disk files and producing digital signatures. These various applications often have different needs. For example, certain applications may be able to tolerate long times to encrypt/decrypt information, but may also need to protect that information for a long period of time. Other applications, dealing with data that is sensitive while useful, but quickly becomes stale, might benefit from short encryption/decryption times that may accompany a less cryptographically robust algorithm. Digital signature systems typically demand rapid generation or verification of signatures. Depending on how frequently a signature must be verified, the system may need to be optimized for rapid signature generation or rapid signature verification. Efficient high speed communication systems, being of a real-time nature, often require encryption systems that optimize throughput while minimizing network traffic delay. Additional requirements may include minimizing error magnification, deterring message playback attacks, interoperability between faster and slower encryptors/decryptors, and quick recovery from cryptographic synchronization loss. Just as different applications have different security needs, different users and communication sessions can have different needs. Symmetric end-to-end network encryption requires separate keys for each pair of communicating confidants. Each and any pair of communicating confidants can have multiple sessions (file transfer, virtual terminal, interprocess communication, etc.) proceeding simultaneously  . Each of these communication sessions therefore, can have different needs regarding session keys, cryptographic robustness, and other encryption and communication characteristics. This paper discusses context-agile hardware for end-to-end encryption systems designed for use in high speed communications networks, such as those employing Asynchronous Transfer Mode (ATM) technology. Section 2 compares ATM switch designs with ATM encryptor designs and defines three types of agile encryption to meet the varying needs regarding keys, cryptographic robustness, algorithms, and other characteristics. The application area and advantages are outlined for each type of agility. Section 3 discusses implementation issues, such as high-speed context-switching and the potential effects on ATM Quality of Service (QoS). Section 4 briefly covers management and administration issues. Section 5 details a proposed architecture for a context-agile ATM encryptor. Finally section 6 summarizes the work. Context-Agile Encryption Agile is an adjective meaning "moving quickly and easily"  . Hence, a context-agile encryption system can switch between various cryptographic contexts (key, initial variable, present state, key length, algorithm, mode of operation, etc.) quickly and easily. It is important to bound the limits of the available contexts per implementation, since a fully context-agile encryptor could have a nearly limitless combination of parameters. The context-agile ATM encryption process resembles the ATM switching process. In particular, context-agile encryptors are similar to two-port ATM switches. For comparison, ATM switches modify cell headers and switch cells based on the "switching context" associated with each VPI/VCI. The initial association of switching information with a virtual circuit may be a manual operation for Permanent Virtual Circuits (PVCs). The initial association might also occur automatically at connection setup time for Switched Virtual Circuits (SVCs). Then, for each incoming cell, the ATM switch performs an associative lookup, of switching information, based on the VPI/VCI found in each cell's header. This switching information maps the incoming VPI/VCI into the appropriate outgoing VPI/VCI. It also conditions the hardware to switch the cell out the proper port. Context-agile ATM encryptors resemble ATM switches in that encryptors must retrieve information and make decisions based on the cryptographic context associated with each VPI/VCI. The initial association of the cryptographic variables, state, algorithm, etc. with each virtual circuit may be a manual operation or be performed at SVC connection setup time (or later) via the methods invoked for key management  . Once a cryptographic context is established for a virtual circuit, for each incoming cell, the encryptor performs an associative lookup of the cryptographic context, based on the VPI/VCI found in each cell's header. The encryptor then uses that cryptographic context to transform the incoming cell payload (plaintext or ciphertext) into the appropriate outgoing payload (ciphertext or plaintext). Finally, the encryptor typically routes the cell out the opposite port of a two-port device. Hence, in certain aspects regarding context lookup, signaling, and cell I/O, context-agile ATM encryptors resemble a two-port ATM-switch. Key-Agile Encryption Key-agile encryption implementations limit the context parameters to items such as key, initial variable, and present state. Key-agile software-implementations of cryptographic algorithms are usually straightforward. However, software-based encryption can raise both performance and security concerns. Hardware implementations provide higher performance; but, the efficient implementation of high-speed context switching in hardware is not as obvious. Key-agile encryption hardware provides obvious benefits in both computer systems and high-speed communication networks. High-performance computers are often shared resources. Key-agile encryption allows each user on a workstation (or server) to use different key material. This cryptographically separates the users' traffic. High-speed network resources are also often shared resources. Indeed, each session, through a common network interface, may require separate keys. For example, an ATM encryptor may support end-to-end hardware encryption of multiple Asynchronous Transfer Mode Virtual Circuits (VCs) across a network operating at speeds from 155 Mbps (OC-3) to 10 Gbps (OC-192) and beyond. Key-agile encryption also has some limitations. First, different systems may implement different security policies. Hence, a user that communicates with several other end-systems might need access to several different, shared keyagile encryptors. Robustness-agile encryptors (described below) solve this problem. A second problem is that each ATM VPI/VCI (Virtual Path Identifier/Virtual Channel Identifier) combination (virtual circuit) has a different cryptographic context associated with it. Hence, any context-agile encryptor, whether key-agile or robustness-agile, must be able to switch encryption contexts very quickly as the ATM cells associated with various virtual circuits arrive for processing. Section 3 discusses context-switching in more detail. Single algorithm, key-agile encryptors have been prototyped    and several products (CellCase , FASTLANE ) are on the market.