Limitations and Future Work

We discuss below some of the limitations of the efficacy of the experiments conducted and the results obtained, and how future work may address these concerns.

• Hardware Analysis

  We have seen that the relative cost of encrypting a bit of data is an order of magnitude higher in terms of the power consumed as compared to transmitting it over the network. However, this result only goes so far as to rule out the incorporation of a software encryption module in power critical devices. The question of feasibility of encrypting all data, allowing for a separate hardware encryption unit is still open.

• Devices used in the experiments In our study, the only representative devices of the personal environment considered was a PalmPilot Professional running at a ``screaming'' 16MHz and the smartcard processor. We hope to extend our study to include other categories of devices such as a cell phone. However tiny devices of the future could be expected to have similar capability as the PalmPilot we worked on, in fact state-of-the-art PDAs are as powerful as a PentiumPro. Hence we believe that the range of devices we considered forms a representative subset of the future devices forming a personal environment.

• Accuracy of the experiments

  In our analysis we have assumed that all the CPU is devoted entirely for encryption/decryption. This is a reasonable assumption considering some devices in a personal environment. However, in a case where this is not true, some numbers, especially latencies could show higher values than normally expected.

• Authentication and key-setup protocols

  In all our analysis, we have assumed that the key setup is already complete and the only overheads to be considered are those introduced by encryption alone. However, to have encrypted communication between two devices in place, the devices need to authenticate themselves to each other and exchange a secret key to be used for future communication (or at least till the lifetime of the key). This process of authentication and key setup could be very expensive, since it involves public key encryption (like RSA) that is computationally much more complex than secret key encryption. They also typically involve exchanges of several messages, adding to the latency. In an environment where we do not have devices entering and exiting the network often, (which may be the case in a personal environment), we do not need to bother about authentication and key setup overheads since they would be a one-time expense and be sustained for a long period.

  However, when we consider transmission of secure data over the web this certainly makes a big difference. A typical web server may have at any given time hundreds of new connections being created by different users. To ensure secure communication of data for all of these independent users we need to run the authentication and key setup protocol for every user. This will slow down the speed of the web server significantly. by more than an order of magnitude which is quite unacceptable. Thus, a study of universal should include a comprehensive analysis of overheads incurred by authentication and key setup. This is an important direction of future research.