Shen Security Enhancements to HTTP

Main Concerns

Appropriateness

It is important to understand the costs of maintaining a security scheme. No security system can or should be expected to be maintenance free. The original goals should always be kept in sight. In a copyright protection scheme, for example, the most usual goal is to maximise revenue, preventing unauthorised access being the means of achieving this..

Provide Confidence

To gain acceptance the security scheme must be comprehensible and provide the non-technical user with confidence that the system is secure.

Prevent Overconfidence

The system should not claim a level of security it cannot provide. An unsafe channel that is believed to be safe is the most serious security problem possible.

Performance

Security measures should not seriously impact performance.

Areas Requiring a Security Scheme.

• Home Shopping via credit card and forms capable browser.
• Orders processing within organisation.
• Document transport (authentication and encryption).
• Conferencing systems.
• Product licensing.

Security Mechanisms

Authentication

Guarantee the identity of the originator.

Privacy

Prevent dissemination of confidential information to third parties.

Access Auditing

Record identity of persons handling information.

Break-In Auditing

Record access failures and take acction accordingly.

Shen Design Principles

• Apply existing IETF standards such as PEM wherever possible.
• Must be extensible, allowing employment of new algorithms.
• Must work efficiently through proxies
• Must work with realtime extensions such as continuous connections.
• Must be applicable within organisations where authorisation is a multiple party operation and not bipartisan.
• Must have low maintenance overhead within an organisation.