Secure information exchange - A security quantification approach

Quantification of security offers tremendous potential in improving the understanding, specification, and management of the security of a system. We propose a novel systematic approach to quantify security of a system based on the analysis of inter-dependence of security attributes and the impact of security guidelines and policies on system security. This paper presents proof-of-concept and initial investigations into the quantification of secure information exchange used as a safeguard over insecure public networks. A case study is presented to model and validate appropriate key sizes for crypto-ciphers used in a secure session based on the inter-relationship between asymmetric and symmetric key ciphers and the impact of key and session refreshes