Dynamic Selection of Cryptographic Algorithms in Runtime Environment Using the Weighted Metric Method

• Main Author: Raissi, Jalal
• Published: NSUWorks 2007
• Subjects: Computer Sciences
• Online Access: http://nsuworks.nova.edu/gscis_etd/786

Information technology is faced with a growing demand for stronger security and more speed at minimum cost in real-time, performance-sensitive, and high-volume applications. There is also disjoint between high-level quality-of-service requirements and low-level cryptographic service providers, between the user and the engineer. The challenge is to enforce security while maintaining fast speed at minimum cost and to bring the low-level security to the high-level application. This research was founded on the notion that current practice of "defensive security" results in adoption of static provider service provisioning schemes, in which a "magic" cipher is selected with static key size, block size, and encryption mode for cryptographic services. Research illustrated that while defensive security is easy to implement, it often results in bottlenecks, performance degradations, mismatches of cryptographic services, and waste of energy. The hypothesis of this research was that a dynamically selected cryptographic algorithm provides suitable and often more efficient cryptographic service than a statically assigned cipher can, regardless of the strength of the latter. The goal of this research was to provide empirical data in support of dynamic-provider service provisioning of cryptographic services by outlining a framework, theorem, and algorithm for dynamic selection of cryptographic algorithms in a runtime environment using the weighted metric method. Toward that goal, the author developed a proof-of-concept simulator and a full-scale prototype using Java and C#/VB. The simulator was used to provide theoretical evidence in support of the dynamic-provider service-provisioning theorem in general. The full scale prototype was used to perform empirical data collection, selection, and reporting functions. The data collection function included running cipher performance benchmarks and storing the results in data repositories located on servers and end-hosts. A runtime cryptographic algorithm selection process was used to select suitable ciphers for an assorted array of cryptographic service requests. Analysis of the test data collected in this investigation reaffirms the notion that a dynamically selected cipher provides suitable and often more efficient cryptographic service than a statically-assigned magic cipher can. The empirical data presented in this report supports the hypothesis of author's dissertation research.