Measured interference of security mechanisms with network performance

k claffy and hans-werner braun
National Laboratory for Applied Network Research - NLANR
San Diego Supercomputer Center,
University of California, San Diego

andrew gross
San Diego Supercomputer Center,
University of California, San Diego

We illustrate the measured interference of network security mechanisms with network performance. In particular, using encryption, such as that offered by Kerberos for interactive rlogin sessions, can have a significant adverse impact in situations where lower network layers (e.g., modems) try to perform compression to optimize transmission performance. Such interaction between network layers poses an acute problem for low-speed (e.g., dial-up) lines. Although it is no surprise that encryption precludes the ability to perform subsequent compression, it is worth examining its implication for the recent popularity of adding network security mechanisms to extant applications. The example we show is symbolic of a more general issue in distributed system engineering: if both security and performance are design goals, security cannot be an afterthought without expecting a significant loss in performance. We must thus design security as well as performance into the architecture, rather than on top of it.