Cost-aware Internet Security Decision Model

The current implementation of Internet Security services leaves users, especially those with limited computing skills, out of the security decision-making process. This is because security configuration parameters are often either hidden from the user or the security decisions are centralised by Internet Service Providers (ISPs). As a result, many users do not configure the required level of Internet security to meet the required level of protection. This lack of sufficient security configuration provides a fertile environment for Internet attacks. In the cases where the ISPs implement security services, the user is not provided with the associated cost information, such as monetary, privacy leakage or performance degradation. Such information would enable the user to make an informed decision on the right level of security configuration to enjoy a good Internet browsing experience.  The Internet Engineering Task Force (IETF) recommends that the user should be involved in security and privacy decisions. The challenge, however, is that there are many security and privacy protocols that achieve different security goals and these differences may add extra cost to the user due to the configuration complexity overhead, leading to poor Quality of Experience.

This study, therefore, aims at investigating the use of a security decision model to allow users to easily configure cost-aware security options that can map to complex cryptography-based Internet security mechanisms to achieve Confidentiality, Integrity, Authentication and Privacy (CIAP). Furthermore, this study investigates a decentralised internet security configuration framework to enable users to decide on the appropriate security level based on acceptable performance and privacy costs.