Accession Number:

AD1013646

Title:

Maintaining High Assurance in Asynchronous Messaging

Descriptive Note:

Technical Report

Corporate Author:

Institute for Defense Analyses Alexandria United States

Personal Author(s):

• Foltz,Kevin E.
• Simpson,William R.

Report Date:

2015-10-24

Pagination or Media Count:

10.0

Abstract:

Asynchronous messaging is the delivery of a message without waiting for the intended recipient to respond or acknowledge the message. This solution works for distributed systems communication, in which different systems may or may not be available at the same time. Asynchronous messaging solutions often use a message queue that holds messages to be picked up by the recipient. Although communication with the queue can be secured using lower layer protocols, such as Transport Layer Security TLS, this does not provide end-to-end security for the sender and receiver. The queuing system acts as a man-in-the-middle, negating authentication, integrity, and confidentiality guarantees. End-to-end security for asynchronous messaging must be provided by the asynchronous messaging layer itself. This paper discusses current asynchronous messaging models and proposes methods for providing end-to-end asynchronous messaging security in a high assurance environment.

Descriptors:

• text messaging
• MESSAGE SYSTEMS
• network protocols
• ASYNCHRONOUS SYSTEMS
• Communications networks
• Computer security
• Encryption
• computer communications
• cryptography
• security

Subject Categories:

Distribution Statement:

APPROVED FOR PUBLIC RELEASE