Quality of Protection (QoP)

An approach that separates the development of security

services from the application development partitions security services into different

security levels so that appropriate security services are deployed to best trade of the needs of security and performance preferences.

allows application developers to seamlessly integrate tunable security services with their application.

QoP Model

Extension of existing QoS models

Define security operations that check the access privileges via authentication,

authorization and other access control operations ensure the integrity, copyright, confidentiality of data

via encryption, watermarking and other security operations at the source and other important security points

adjust security levels according to the security requirements.

QoP Model (Authentication Phase)

our QoP model considers the user authentication operation during the

setup phase

a feedback edge to indicate that a proper response from the user is required

QoP Model (Transmission Phase) data encryption operation during the

transmission phase

example of a VoD application

QoP Model (Transmission Phase)

Each pair of security points carries QoP meta-data that represent a set of QoP attributes to determine the needed security services for that segment of data transmission path.

Security points act as decision engines that decide the most suitable QoP level of security to be executed and thus forward them to the appropriate security operation tasks

QoP Meta DataDefined in terms of: Security services to

be performed (authentication/encryption)

QoP parameters for required security levels (keylength, etc)

Reward profile for each security specification (low, medium, high)

QoP Architecture I

The Application QoS Specifier obtains the desired QoS parameters from the application.

The QoP Specifier determines the QoP parameters .

The resource manager obtains the specified QoP and QoS parameters and determines the set of values that will be feasible given the available resources.

QoP Architecture II

The QoP customizer defines additional application specific rules and limitations, such as requiring QoS to have a higher priority over QoP.

The QoP Service Coordinator extracts the security requirements from the QoP meta file and relays the information to the various security points.

The QoP-enabling entity is composite component that provides the core set of QoP services such as authentication and encryption to the applications.

CryptLib is a cryptographic library to provide key generation, encryption and decryption functions.

QoP Architecture III

QoP service components such as the Authenticator and Secure Sockets are built on top of CryptLib.

The Authenticator is responsible for authentication services. The SecureSockets simulates security points and is responsible for data encryption services specified in its security attributes.

Communications between the QoP-enabling entities are governed by security protocols.

The system can be easily upgraded with the latest cryptographic standards by changing CryptLib only.

QoP Component Communication Protocol

QoP easily provided by including the QoP-enabling entity as a middleware component in the applications. Middleware components manage all the QoP communications without interfering with other parts of the application.

Implementation on Mobile Multimedia Player

Denote security points; colors reflect different QoP requirements for different application component

QoP-enabled Mobile Multimedia PlayerMPEG Video and audio are streamed to the desktop player. Bitmap video and decoded-MP3 audio are streamed to the handheld deviceThe desktop player selects a “high” level of security that uses signature authentication and AES data encryption with a 256bits key.The handheld player selects a “low” level of security that uses password authentication and no data encryption. This allows the handheld player to maintain the audio and video playback quality.As the data stream is handoff-ed from one device to another, the security level for each device is preserved.