Affiliation:
1. Department of Electrical and Computer Engineering, Western University, London, ON N6A 5B9, Canada
Abstract
In a world where digitization is rapidly advancing, the security and privacy of intra-domain communication within organizations are of critical concern. The imperative to secure communication channels among physical systems has led to the deployment of various security approaches aimed at fortifying networking protocols. However, these approaches have typically been designed to secure protocols individually, lacking a holistic perspective on the broader challenge of intra-domain communication security. This omission raises fundamental concerns about the safety and integrity of intra-domain environments, where all communication occurs within a single domain. As a result, this paper introduces HSM4SSL, a comprehensive solution designed to address the evolving challenges of secure data transmission in intra-domain environments. By leveraging hardware security modules (HSMs), HSM4SSL aims to utilize the Secure Socket Layer (SSL) protocol within intra-domain environments to ensure data confidentiality, authentication, and integrity. In addition, solutions proposed by academic researchers and in the industry have not addressed the issue in a holistic and integrative manner, as they only apply to specific types of environments or servers and do not utilize all cryptographic operations for robust security. Thus, HSM4SSL bridges this gap by offering a unified and comprehensive solution that includes certificate management, key management practices, and various security services. HSM4SSL comprises three layers to provide a standardized interaction between software applications and HSMs. A performance evaluation was conducted comparing HSM4SSL with a benchmark tool for cryptographic operations. The results indicate that HSM4SSL achieved 33% higher requests per second (RPS) compared to OpenSSL, along with a 13% lower latency rate. Additionally, HSM4SSL efficiently utilizes CPU and network resources, outperforming OpenSSL in various aspects. These findings highlight the effectiveness and reliability of HSM4SSL in providing secure communication within intra-domain environments, thus addressing the pressing need for enhanced security mechanisms.
Funder
Natural Sciences and Engineering Research Council
Reference35 articles.
1. Zhang, M. (2016). On the State of the Inter-Domain and Intra-Domain Routing Security, University of Oregon.
2. Schulze, H. (2024, April 22). 2020 Insider Threat Report. Available online: https://www.cybersecurity-insiders.com/wp-content/uploads/2019/11/2020-Insider-Threat-Report-Gurucul.pdf.
3. Bourke, T. (2001). Server Load Balancing, O’Reilly. [1st ed.].
4. Membrey, P., Hows, D., and Plugge, E. (2012). Practical Load Balancing, Apress.
5. SectigoStore (2024, April 22). SSL Certificate for IP Address—An Expert Guide on SSL for IP Address. Available online: https://sectigostore.com/page/ssl-certificate-for-ip-address/.