A user-focused security service architecture for communication networks

This paper discusses how to include security into existing communication se rvices in a way that increases the users' trust. Throughout this paper, we discuss a security architecture that enables secure communication services to both satisfy the users' security needs and protect investments into exis ting network infrastructure. Adding security implies penalties in cost, qua lity of service, or usage pattern. Thus, our proposal aims at optional secu rity services that are activated by users on demand. We accomplish this by exploiting existing service interfaces to plug-in security services call-by -call. Communication services offer many benefits and become essential in people's business and private lives. Therefore, architects of communication network s need to address the users' security requirements more carefully than in t he past. By including open security interfaces throughout the communication system design, users gain flexibility in choosing those security solutions that satisfy their requirements most efficiently. As the whole is no more secure than the weakest of its parts, separating security sensitive functio ns from highly complex communication functions promotes security. Additiona lly, this approach leads to security services that are mostly independent o f the communication services they protect. Thus, these security services ca n be universally used and implemented in highly secure runtime environments . These portable and secure runtime environments can accompany the users wh erever they go.