Toward Designing an Adaptive Communication Security for the Next-generation Mobile Computing A. M. Rashwan 1 , A-E M. Taha 2 , H. S. Hassanein 1 and A. Radwan 3 1 Telecommunications Research Lab School of Computing Queen’s University Kingston, ON, Canada K7L 3N6 {arashwan, hossam}@cs.queensu.ca 2 Electrical Engineering Department Alfaisal University P.O. Box 5092 Riyadh 11533 KSA ataha@alfaisal.edu 3 Instituto de Telecomunicações Campus Universitário de Santiago 3810-193 Aveiro, Portugal aradwan@av.it.pt Abstract— Mobile computing proved to be essential in today’s cyber communications. However, entities in mobile computing are known of having limited energy, physical, and logical resources. This imposes various challenges that greatly affect communication quality and performance of those mobile entities, especially when applying computationally-intensive security measures that are essential for protecting the communication sessions. Therefore, it becomes vital to seek suitable security techniques that balance between the communication performance and the resource context of those mobile entities. This paper investigates some possible options toward implementing an adaptive security measures that work with various mobile and next generation Internet entities. The paper basically studies the communication performance of mobile entities when security functions are running on them with and without operating adaptations. While the focus in this paper is about the Message Authentication Code group of security functions, the work can be generalized to include any resource-intensive security measures including both other cryptographic (such as encryption) and non- cryptographic measures (such as challenges). Keywords-component; adaptive security; dynamic resource management; message authentication code; message hashing; mobile computing security; next generation Internet security. I. INTRODUCTION The success of the Next generation Internet (NGI), including Internet-of-Things (IoT), is based on having entrusted communications between its entities. Therefore, all entities within the NGI must incorporate some sort of security measures that at least ensure the validity and authenticity of the transmitted information. With NGI entities operating on various capabilities and requirements, it is essential to design the prospective security measures to be able to scale and adapt to the communication context and without sacrificing the protection levels they intend to provide. Achieving a feasible prospective security measure for the NGI means that it should not put a huge burden on the availability of the prospective NGI entities, their hosting entities, and/or the intermediate NGI nodes. Therefore, security measures should only implement the necessary functions to ensure proper communication entrustment (for example, leaving encryption optional for applications). In addition, security measures should utilize mechanisms that ensure lightweight resource demands of the communicating entities. Ensuring lightweight demands will reduce the chances of having resource exhaustion attacks on future entities due to the increased overhead coming from the applied security measure. While today’s communicating entities vary in resource capabilities and requirements, many of the popular security protocol implementations used today are based on non-adaptive functionality that does not consider their context. Examples of such protocols include TLS, IPSec, PGP, and Kerberos, to name a few [1]. With these protocols, there is no mechanism of adapting the data integrity strength or the encryption strength in accordance with the communicating entities context; putting weaker and resource-limited entities into huge burden, and increasing the risk for those entities to go down. In addition, the dynamicity of today’s mobile computing environments may cause such security protocols to impact the possibility to achieve acceptable Quality of Experience (QoE) levels due to the inability to adapt the security strength in correlation with the available resources. Therefore, it becomes important to work into designing a security protocol that adapts its security strength based on the context of the communicating entities and within acceptable security sacrifices. This paper investigates the design requirements toward having an adaptive security measure/protocol that can work with the variety of the NGI entities. Our work focuses on a group of security functions, known as Message Authentication Code (MAC), which are used to ensure communication data integrity between entities. In this paper, we study the effect of using MAC functions, with and without adaptations, on the performance of the communication sessions that utilize them. We introduce an adaptive strategy, named Authentication-Trim, to adjust the security strength based on processing latency context in reference with lookup tables representing pre- evaluated resource demands. We show the performance of different adaptation schemes and withdraw conclusions of open research challenges and issues. The remainder of this paper is organized as follows. Section II refers to the background and motivations for investigating possible options toward designing an adaptive security measure. Section III describes the design considerations and recommendations toward having an adaptive security measure. A proposed design for the authentication-trim strategy, with design assumptions and limitations, is illustrated in Section IV. Section V presents the performance comparison when running the proposed adaptive strategy verses non-adaptive and randomly adaptive ones. Open issues and concepts are discussed in Section VI. Finally, conclusion and future directions are mentioned in Section VII. IEEE ICC 2016 - Next-Generation Networking and Internet Symposium 978-1-4799-6664-6/16/$31.00 ©2016 IEEE Authorized licensed use limited to: Queen's University. Downloaded on December 10,2021 at 18:09:15 UTC from IEEE Xplore. Restrictions apply.