[Help] Last update at http://inet.nttam.com : Mon Aug 7 21:40:35 1995
Abstract -- Post-NSFNET Statistics Collection
N6: High Speed Wide Area Networks
Post-NSFNET Statistics Collection
- Claffy, K.
( kc@upeksa.sdsc.edu)
- Braun, Hans-Werner
( hwb@upeksa.sdsc.edu)
Abstract
We illustrate the measured interference
of network security mechanisms with
network performance. In particular,
using encryption, such as that offered by
Kerberos for interactive rlogin sessions,
can have a significant adverse impact in
situations where lower network layers
(e.g., modems) try to perform
compression to optimize transmission
performance. Such interaction between
network layers poses an acute problem for
low-speed (e.g., dial-up) lines.
Although it is no surprise that
encryption precludes the ability to
perform subsequent compression, it
is worth examining its implication
for the recent popularity of
adding network security mechanisms to
extant applications. The example we
show is symbolic of a more general issue
in distributed system engineering:
if both security and performance
are design goals, security cannot be an
afterthought without expecting a significant
loss in performance. We must thus
design security as well as performance
into the architecture,
rather than on top of it.