| Performance, in terms of user response time and the utilization of processing and communications resources, is an important factor to be considered when designing security authentication protocols. The mix of public key and secret key encryption algorithms typically included in these protocols makes it difficult to model performance using conventional analytical methods. In this dissertation, we develop a validated modeling procedure as a part of a methodology for analyzing authentication protocol features, and use two examples to illustrate the methodology. Both examples are based on public-key-enabled variants of the Kerberos authentication protocol. We construct software “skeleton implementations” of the protocols to support performance parameter measurement and model validation. We use a multiple class, closed queuing network model with class switching to accurately represent resource consumption resulting from a mix of public and secret key computation. In the first example, we analyze the environmental parameters that favor one proposed Kerberos variant over another in the context of a large, multiple-realm network. Our analysis demonstrates that improved user performance can be achieved by selecting among the variants while considering the number of remote realm application servers to which the user would like to authenticate. In the second example, we propose a public-key-enabled Kerberos variant for a mobile computing environment and analyze the performance benefits realized by introducing a proxy to offload processing and communications workload. Our modeling analysis demonstrates that a proxy server can be employed to lower authentication response times on current wireless networks. We also show that with future anticipated wireless network throughput, the proxy becomes a performance burden. Finally, we demonstrate that the results hold over a wide range of mobile processor capacity. These two examples illustrate the effectiveness of the proposed methodology in helping designers evaluate the performance impact of decisions about security protocol structure and features. |
