Основные понятия
Adaptively optimizing TLS configurations based on real-time resource constraints and security needs is crucial for enabling secure and efficient wireless communication in critical infrastructure.
Аннотация
Bibliographic Information:
Bodenhausen, J., Grote, L., Rademacher, M., & Henze, M. (2024). Adaptive Optimization of TLS Overhead for Wireless Communication in Critical Infrastructure. In Proceedings of the 2024 8th Cyber Security in Networking Conference (CSNet). IEEE.
Research Objective:
This paper investigates the potential for optimizing TLS overhead in resource-constrained wireless networks within critical infrastructure to enable secure and efficient communication.
Methodology:
The authors propose a two-step approach:
- Comprehensive measurement of TLS overhead across various dimensions (bandwidth, CPU, memory, latency, power consumption) under different configurations (TLS versions, authentication mechanisms, elliptic curves).
- Design and implementation of a profile selector that dynamically adapts TLS parameters based on real-time resource constraints and security requirements.
Key Findings:
- TLS overhead is not static and significantly varies depending on configuration parameters, highlighting the potential for optimization.
- Bandwidth overhead is particularly significant in bandwidth-constrained wireless networks like LTE-M, impacting overall performance.
- Preliminary measurements demonstrate a trade-off between security, bandwidth, and other dimensions like energy consumption.
Main Conclusions:
- Adaptive optimization of TLS configurations based on real-time resource constraints and security needs is crucial for enabling secure and efficient wireless communication in critical infrastructure.
- The proposed profile selection mechanism, utilizing pre-computed profiles tailored to specific devices and networks, promises near-optimal utilization of TLS optimization potential.
Significance:
This research addresses the challenge of securing resource-constrained wireless communication in critical infrastructure, where traditional security mechanisms like TLS can introduce significant overhead.
Limitations and Future Research:
- The paper focuses on bandwidth overhead as a case study; further research is needed to explore trade-offs with other dimensions like energy consumption and latency.
- The proposed approach requires comprehensive measurements and profile generation, which can be resource-intensive; efficient methods for profile generation and management are crucial for practical deployment.
Статистика
A full TLS handshake with mutual authentication and exchange of two 128-byte messages was performed.
30 runs were conducted for each parameter combination.
OpenSSL 3.2.1, wolfSSL 5.6.6, and Mbed TLS 3.6.0 were used.
The 450 MHz LTE-M network was used as the primary network.
5G was used as a backup network.
The IEC 60870-5-104 protocol was used to emulate polling of electrical substations.
A 38-byte request followed by a 282-byte reply was used in the emulation.
The polling interval was one second.
Цитаты
"The most promising approach to address resulting security concerns is end-to-end security, even if other security mechanisms are in place [7]."
"However, besides all advantages such as flexibility and interoperability, the use of TLS can constitute significant overhead for resource-constrained devices and networks [8]."
"Still, and providing the main motivation for this work, this overhead is not static as it depends on concrete parameterization, opening the potential to optimize the TLS overhead for specific scenarios."