SECURITY OF COMMUNICATION IN COMPUTER NETWORKS (KEY MANAGEMENT, VERIFICATION).

Persistent Link:
http://hdl.handle.net/10150/183922
Title:
SECURITY OF COMMUNICATION IN COMPUTER NETWORKS (KEY MANAGEMENT, VERIFICATION).
Author:
LU, WEN-PAI.
Issue Date:
1986
Publisher:
The University of Arizona.
Rights:
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.
Abstract:
This dissertation concerns investigations on two of the most important problems in establishing communication security in computer networks: (1) developing a model which precisely describes the mechanism that enforces the security policy and requirements for a secure network, and (2) designing a key management scheme for establishing a secure session for end-to-end encryption between a pair of communicants. The security mechanism attempts to ensure secure flow of information between entities assigned to different security classes in different computer systems attached to a computer communication network. The mechanism also controls the accesses to the network devices by the subjects (users and processes executed on behalf of the users). The communication security problem is formulated by using a mathematical model which precisely describes the security requirements for the network. The model integrates the notions of access control and information flow control to provide a Trusted Network Base (TNB) for the network. The demonstration of security of the network when the security mechanism is designed following the present model is given by using mathematical induction techniques. The problem of designing key management schemes for establishing end-to-end encrypted sessions between source-destination pairs when the source and the destination are on different networks interconnected via Gateways and intermediate networks is examined. In such an internet environment, the key management problem attains a high degree of complexity due to the differences in the key distribution mechanisms used in the constituent networks and the infeasibility of effecting extensive hardware and software changes to the existing networks. A hierarchical approach for key management is presented which utilizes the existing network specific protocols at the lower levels and protocols between Authentication Servers and/or Control Centers of different networks at the higher levels. Details of this approach are discussed for specific illustrative scenarios to demonstrate the implementational simplicity. A formal verification of the security of the resulting system is also conducted by an axiomatic procedure utilizing certain combinatory logic principles. This approach is general and can be used for verifying the security of any existing key management scheme.
Type:
text; Dissertation-Reproduction (electronic)
Keywords:
Computer networks -- Security measures.
Degree Name:
Ph.D.
Degree Level:
doctoral
Degree Program:
Electrical and Computer Engineering; Graduate College
Degree Grantor:
University of Arizona
Advisor:
Sundareshan, Malur K.

Full metadata record

DC FieldValue Language
dc.language.isoenen_US
dc.titleSECURITY OF COMMUNICATION IN COMPUTER NETWORKS (KEY MANAGEMENT, VERIFICATION).en_US
dc.creatorLU, WEN-PAI.en_US
dc.contributor.authorLU, WEN-PAI.en_US
dc.date.issued1986en_US
dc.publisherThe University of Arizona.en_US
dc.rightsCopyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.en_US
dc.description.abstractThis dissertation concerns investigations on two of the most important problems in establishing communication security in computer networks: (1) developing a model which precisely describes the mechanism that enforces the security policy and requirements for a secure network, and (2) designing a key management scheme for establishing a secure session for end-to-end encryption between a pair of communicants. The security mechanism attempts to ensure secure flow of information between entities assigned to different security classes in different computer systems attached to a computer communication network. The mechanism also controls the accesses to the network devices by the subjects (users and processes executed on behalf of the users). The communication security problem is formulated by using a mathematical model which precisely describes the security requirements for the network. The model integrates the notions of access control and information flow control to provide a Trusted Network Base (TNB) for the network. The demonstration of security of the network when the security mechanism is designed following the present model is given by using mathematical induction techniques. The problem of designing key management schemes for establishing end-to-end encrypted sessions between source-destination pairs when the source and the destination are on different networks interconnected via Gateways and intermediate networks is examined. In such an internet environment, the key management problem attains a high degree of complexity due to the differences in the key distribution mechanisms used in the constituent networks and the infeasibility of effecting extensive hardware and software changes to the existing networks. A hierarchical approach for key management is presented which utilizes the existing network specific protocols at the lower levels and protocols between Authentication Servers and/or Control Centers of different networks at the higher levels. Details of this approach are discussed for specific illustrative scenarios to demonstrate the implementational simplicity. A formal verification of the security of the resulting system is also conducted by an axiomatic procedure utilizing certain combinatory logic principles. This approach is general and can be used for verifying the security of any existing key management scheme.en_US
dc.typetexten_US
dc.typeDissertation-Reproduction (electronic)en_US
dc.subjectComputer networks -- Security measures.en_US
thesis.degree.namePh.D.en_US
thesis.degree.leveldoctoralen_US
thesis.degree.disciplineElectrical and Computer Engineeringen_US
thesis.degree.disciplineGraduate Collegeen_US
thesis.degree.grantorUniversity of Arizonaen_US
dc.contributor.advisorSundareshan, Malur K.en_US
dc.identifier.proquest8702350en_US
dc.identifier.oclc697836514en_US
All Items in UA Campus Repository are protected by copyright, with all rights reserved, unless otherwise indicated.