TRUST REQUIREMENTS AND PERFORMANCE OF A FAST SUBTRANSPORT-LEVEL PROTOCOL FOR SECURE COMMUNICATION

Computing systems are evolving into very large global networks that in terconnect competing individuals, organizations, and even countries. W e present a secure network protocol called Authenticated Datagram Prot ocol (ADP) that optimizes performance by establishing host-to-host sec ure channels and building agent-to-agent channels on top of host-to-ho st channels. However, the performance advantages of ADP come with an a ccompanying set of trust requirements that are noticeably stringent fo r a network spanning mutually distrustful organizations. We identify t he cause for this stringency to be propagation of trust relationships in ADP and present methods to break their propagation, thereby accompl ishing a significant reduction in ADP's trust requirements. ADP, being a protocol for establishing host-to-host channels, can be handled at the subtransport level of the protocol hierarchy. A prototype of ADP h as been implemented on Sun workstations connected by an Ethernet. Expe rimental measurements confirm that both the average latency of message s and the maximum throughput are substantially better than other secur e protocols.