On design tradeoffs between security and performance in wireless group communicating systems

Abstract

While security is of prime concern in secure group communicating systems in wireless networks, security mechanisms employed often have implication on the performance of the system. Recently model-based qualitative evaluation has been used for the evaluation of security protocols to quantify security properties in terms of intrusion tolerance using quantitative modeling techniques. However, most of the prior work focused only on measuring security properties, largely ignoring the performance impact of the security mechanisms introduced into the system. In this paper, we analyze the tradeoff between security and performance properties of an intrusion detection system (IDS) in a wireless group communicating setting. In particular, we analyze how often the IDS should perform intrusion detection to effectively trade security off for performance, or vice versa, for the system to satisfy the application security and performance requirements. Given the mean time to security failure (MTTSF) for the system to reach a failure state, and the response time per rekey operation for the wireless group communicating system as metrics, we identify the optimal intrusion detection rate under which the MTTSF metric can be best traded off for the response time metric.