Private and/or sensitive data is being transmitted electronically over various media with increasing frequency. As the frequency of these transmissions increase, the need for security for this data likewise increases. For this reason, various security measures have been developed to defeat attempts to intercept and/or tamper with such data. As known in the art, the stronger (and therefore potentially more effective) these measures are, the more computing overhead that is required and, therefore, the more computing power that is needed to send and receive the secured information.
Due to the ever increasing demands on sending and receiving hosts, the security operations required by either the sender or the receiver can overtax system resources. For instance, if a stream of video packets is sent over the Internet to a receive host with strong security, data (e.g., individual video frames) can be lost if the receive host lacks the computing power to process the stream and its accompanying security, resulting in a choppy video sequence and/or the loss of some measure of security.
As a result of the increase in complexity of such security measures, a large body of work is currently being performed in an effort to shift the emphasis of connection management from static allocation to more dynamic methods. The development of connection-oriented platforms such as asynchronous transfer mode (ATM) has driven many of these efforts. For example, the Tenet group's Dynamic Connection Management (DCM) scheme provides dynamic modification of the service parameters using network support.
Also participating in the movement toward more dynamic allocation are Bansal et al. who developed an ATM Service Manager (ASM), which is intended to provide dynamic renegotiation, traffic behavior characterization, and communication with other ASM's. The ASM is designed specifically for use over ATM, however, does not include algorithms to determine when to renegotiate, nor performance results to evaluate the system.
Another recent development is SECMPEG which has some parallels with Authenticast in that it offers varied levels of security for encrypted MPEG. SECMPEG includes the capability to encrypt only the most important and significant data in order to obtain improved performance. However, SECMPEG does not address both when and how to apply security, as well as the general issue of asymmetric end host processing loads. In addition, the SECMPEG security levels are based on the types of MPEG frames encrypted and therefore are somewhat limited in application.
Varied levels of security are also employed an the MPEG player described by Campbell et al. This player weighs security versus performance, yet only focuses on encryption to the exception of authentication.
One application which is particularly challenging in terms of providing security for data transmissions is wireless transmissions such as air traffic control (ATC) transmissions. Providing strong security for such transmissions can be difficult in that the communication channels, and therefore the available bandwidth for transmissions, frequently changes. If the only channel available to a particular stream of data is of a higher bandwidth than can be maintained by the current security status, an increased security risk can occur if the computation resources are not used more efficiently through some resource reallocation or application of adaptive security techniques. Therefore, an adaptive data security system operating in such a context must be able to adapt quickly to such bandwidth fluctuations, or risk the loss of data and/or security levels.
The provision of security for ATC transmissions is also difficult because data exchange in this context is often more sporadic and typically involves shorter messages. Where fixed-size security headers are used, these shorter message sizes result in greater amounts of security that must be processed. This, in turn, increases the amount of computing power needed to send the data to the receive host (e.g., plane or control tower). Unfortunately, the computing power of the send host and receive host is limited. Again, this can lead to lost and/or unsecured data. Therefore, an adaptive data security system ideally is dynamic enough to adapt in instances in which the computing power alone is not sufficient, even after resource reallocation, to provide the necessary computing power.
From the foregoing, it can be appreciated that it would be desirable to have adaptive data security systems and methods which do not possess the drawbacks described above.