Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat
|
|
- Gyles Austin
- 5 years ago
- Views:
Transcription
1 Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat
2 Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries Studied Comparison Library to Implementation Supported Features Algorithm/Ciphers Supported Performance for libraries Conclusion
3 Transport Layer Security(TLS), why is it needed? Communication security on internet Secure - , VOIP, Web browsing, Bank transactions Provides Privacy and Integrity of data Prevent Eavesdropping and Tampering
4 Introduction Application protocol independent TLS versions (Implementations) evolved as SSL1.0->SSL2.0->SSL3.0 ->TLS1.0->TLS1.1->TLS1.2->TLS1.3 (draft) Less Secure Each suite contains authentication, message authentication code (MAC), key exchange and encryption algorithms Datagram TLS (DTLS) TLS with packet lost and reordering implementation DTLS1.0 and DTLS 1.2
5 Libraries Under Consideration Primary OpenSSL - Robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) GnuTLS Portable ANSI C based library with Lesser General Public license (GPL) Other Network Security Services (NSS) - Library designed to support crossplatform development of security-enabled client and server applications Cryptlib - Open source cross-platform software security toolkit library for SSL/TLS and SSH secure sessions, CA services
6 Library to Implementation comparison Library SSL3.0 TLS1.0 TLS1.1 TLS1.2 TLS1.3 DTLS1.0 DTLS1.2 OpenSSL Yes Yes Yes Yes Yes Yes Yes GnuTLS Yes Yes Yes Yes No Yes Yes NSS Yes Yes Yes Yes Yes Yes Yes Cryptlib Yes Yes Yes Yes No No No
7 General Comparison OpenSSL GnuTLS NSS Languages C C C or C++ Cryptographic Token Not Present natively * Present Present Interface- PKCS #11 Thread safety CPU Assisted Crypt. With AES-NI Languages Two callback function with POSIX or Win Threads Yes Use POSIX or Win Thread Yes (+VIA Padlocks) Cryptographic Token Interface - Hardware security module Platform independent API for Hardware Security Modules (HSM) and smart cards Thread Safety Safe shared data manipulation CPU assisted Cryptography Use of hardware acceleration for cryptographic functions with supported instruction set *engine needs to be added externally through patch Yes Yes
8 Performance Comparisons Criteria Literature survey of Speedtest and Comparison of Open-Source Cryptography Libraries by Timo Bingmann Public key performance results for NSS Installing OpenSSL and running hashing algorithms Installing GnuTLS and running benchmarking for hashes/ciphers
9 OpenSSL and GnuTLS Comparison Each speed test consists of one encryption pass directly followed by a decryption pass Ciphers Tested OpenSSL - AES, Blowfish,CAST5,3DES, XTEA GnuTLS AES, Blowfish, CAST5,3DES, Serpent, Twofish Average of KB of data processed per unit time with different distributions 35,000 30,000 25,000 20,000 15,000 10,000 5,000 0 Throughput KB/s Ubuntu-hardy Debian-lenny Ubuntu-Gutsy Fedora8 Debian-etch GnuTLS OpenSSL
10 Problems Ciphers compared are not same average values could have been shifted Varying Buffer size values were calculated and only ran once should have ran multiple times until results avg. out Only Symmetric ciphers are tested
11 NSS The SSL_RSA_WITH_RC4_128_MD5 (SSL3) cipher is used Restart runs utilize cache which results in higher throughput Full runs handshake every connection which introduce overhead Type Ops/sec CPU-usage(%) Full Full-zones Restart Restart-zones
12 Throughput and CPU usage Full Full-zones Restart Restart-zones Throughput (Ops/sec) CPU-usage(%) CPU utilization is near about same for each run So varying throughput is a function of Memory access speed Depending the use of cache, throughput can be vastly increased
13 Performance Tests Comparison based OS running natively vs in Virtual machine Libraries compared OpenSSL and GnuTLS Native machine and VM both are running equal environments Ubuntu CPU Intel core i5 2.20GHz RAM 4GB Disk 25GB
14 OpenSSL Throughput (KB/s) Comparison Buffer Size (Bytes) Native VM SHA256 with varying buffer size (16,64,256,1024,8192 Bytes) Buffer size above 1000 bytes, starts to saturate throughput 330MB/s In VM, low throughput is observed because of overhead of running inside VM After increasing buffer value by certain value bottleneck can occur
15 GnuTLS Hashing algorithms checked for fixed payload size (16384 bytes) MACs - SHA1, SHA256,SHA512 Throughput around 300MB/s In VM low throughput Throughput KB/s SHA1 SHA256 SHA512 Native VM
16 Conclusion Best library? Depends on criteria Higher Throughput and simple OpenSSL (32MB/s) Portable and lightweight - GnuTLS Cross Platform support NSS License compatibility - Apache License (used by OpenSSL) are incompatible with the GPL, GnuTLS or NSS Novice TLS developer OpenSSL Wide Support Simple to use Single platform and no compatibility required
17 Thank You!
18 References [1] Timo Bingmann,(14th July 2008), Speedtest and Comparison of Open-Source Cryptography Libraries and Compiler Flags, [online]. Available: [2] OpenWrt Oraganisation (n.d). OpenSSL Benchmarks tool. [online]. Availble: [3] GNU TLS, Transport Layer Security Library for the GNU system, for version 2.0.2, 17 October Available: /doc/gnutls.pdf [4] Mozilla Developer Network. Network Security Services. Available: Accessed: Sep. 8,2017.
Performance implication of elliptic curve TLS
MSc Systems & Network Engineering Performance implication of elliptic curve TLS Maikel de Boer - maikel.deboer@os3.nl Joris Soeurt - joris.soeurt@os3.nl April 1, 2012 Abstract During our research we tested
More informationSSL/TLS. How to send your credit card number securely over the internet
SSL/TLS How to send your credit card number securely over the internet The security provided by SSL SSL is implemented at level 4 The transport control layer In practice, SSL uses TCP sockets The underlying
More informationComparing TCP performance of tunneled and non-tunneled traffic using OpenVPN. Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef
Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef Outline Introduction Approach Research Results Conclusion
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationOpen Source Internet Security
Open Source Internet Security Company / Product Overview October, 2016 http://www.wolfssl.com (425) 245-8247 ABOUT US Founded: 2004 Location: Bozeman, MT Seattle, WA Portland, OR Our Focus: Open Source
More informationThe Case For Crypto Protocol Awareness Inside The OS Kernel
The Case For Crypto Protocol Awareness Inside The OS Kernel Matthew Burnside Angelos D. Keromytis Department of Computer Science, Columbia University {mb,angelos}@cs.columbia.edu Abstract Separation of
More informationThe Case For Crypto Protocol Awareness Inside The OS Kernel
The Case For Crypto Protocol Awareness Inside The OS Kernel Matthew Burnside Angelos D. Keromytis Department of Computer Science, Columbia University mb,angelos @cs.columbia.edu Abstract Separation of
More informationOpenSSH. 24th February ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) 1 / 12
OpenSSH ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) http://www.csrrt.org/ 24th February 2006 1 / 12 SSH - History 1995 Tatu Ylonen releases ssh-1.0.0 (Forms SSH Communications
More informationAnand Raghunathan
ECE 695R: SYSTEM-ON-CHIP DESIGN Module 2: HW/SW Partitioning Lecture 2.26: Example: Hardware Architecture Anand Raghunathan raghunathan@purdue.edu ECE 695R: System-on-Chip Design, Fall 2014 Fall 2014,
More informationASPERA HIGH-SPEED TRANSFER. Moving the world s data at maximum speed
ASPERA HIGH-SPEED TRANSFER Moving the world s data at maximum speed ASPERA HIGH-SPEED FILE TRANSFER 80 GBIT/S OVER IP USING DPDK Performance, Code, and Architecture Charles Shiflett Developer of next-generation
More informationProgressively Securing RIOT-OS!
+ Progressively Securing RIOT-OS! USABILITY AND NECESSITY OF SSL / TLS Slide 1 / 33 We re going to talk about: 1. Why is security important? 2. What is SSL? 3. Where is SSL being used? 4. Features: What
More informationThe case for ubiquitous transport-level encryption
1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazières, and Dan Boneh Stanford and UCL November 18, 2010 Goals 2/25 What would it take to encrypt
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationApache Commons Crypto: Another wheel of Apache Commons. Dapeng Sun/ Xianda Ke
Apache Commons Crypto: Another wheel of Apache Commons Dapeng Sun/ Xianda Ke About us Dapeng Sun @Intel Apache Commons Committer Apache Sentry PMC Xianda Ke @Intel Apache Commons Crypto Apache Pig(Pig
More informationSSH Bulk Transfer Performance. Allan Jude --
SSH Bulk Transfer Performance Allan Jude -- allanjude@freebsd.org Introduction 15 Years as FreeBSD Server Admin FreeBSD src/doc committer (ZFS, bhyve, ucl, xo) FreeBSD Core Team (July 2016-2018) Co-Author
More informationOpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.
1 OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications. The toolkit offers a series of command-line tools to perform
More informationCOSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS
COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationPlaintext-Recovery Attacks Against Datagram TLS
Information Security Group Royal Holloway, University of London 6th Feb 2012 Contents 1 Results 2 3 4 Padding Oracle Realisation Against OpenSSL 5 Attacking the GnuTLS Implementation of DTLS 6 Results
More informationSharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer
SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer
More informationVirtual Private Networks (VPN)
CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationAbout FIPS, NGE, and AnyConnect
About FIPS, NGE, and AnyConnect, on page 1 Configure FIPS for the AnyConnect Core VPN Client, on page 4 Configure FIPS for the Network Access Manager, on page 5 About FIPS, NGE, and AnyConnect AnyConnect
More informationEnd-to-End Java Security Performance Enhancements for Oracle SPARC Servers Performance engineering for a revenue product
End-to-End Java Security Performance Enhancements for Oracle SPARC Servers Performance engineering for a revenue product Luyang Wang, Pallab Bhattacharya, Yao-Min Chen, Shrinivas Joshi and James Cheng
More informationAdvanced Computer Systems 2018 Final project
Advanced Computer Systems 2018 Final project Submitted by: Eyal Golombek Date: 19/3/18 Project Idea and Goal: The goal of the project was to create a secure authentication token that will allow users to
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationSecurity Policy Document Version 3.3. Tropos Networks
Tropos Control Element Management System Security Policy Document Version 3.3 Tropos Networks October 1 st, 2009 Copyright 2009 Tropos Networks. This document may be freely reproduced whole and intact
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationFindings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
More informationImplementing Cryptography: Good Theory vs. Bad Practice
Implementing Cryptography: Good Theory vs. Bad Practice Viet Pham Information Security Group, Department of Mathematics Royal Holloway, University of London Outline News report What is cryptography? Why
More informationTransport Layer Security
Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols
More informationSystem Requirements. Things to Consider Before You Install Foglight NMS. Host Server Hardware and Software System Requirements
System Requirements This section contains information on the minimum system requirements for Foglight NMS. Before you can begin to download Foglight NMS, you must make sure that your computer meets the
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationTechnical / Community Update! FOSDEM
Technical / Community Update! FOSDEM 2012 http://www.yassl.com info@yassl.com About Me Chris Conlon So#ware Developer at yassl Bozeman, MT Copyright 2012 FishEyeGuyPhotography Who Else is Here? Rod Weaver
More informationRelease note Tornaborate
Release note 1.2.6 Tornaborate 2015-09-10 Contents 1 Summary 4 2 Additional important information about this release 5 3 Upgrade 6 3.1 Prerequisites................................... 6 3.2 How to apply
More information1. OVERVIEW RELEASE ITEMS HOW TO APPLY ADDITIONAL FUNCTIONS AND CHANGE FUNCTIONS FROM PREVIOUS EDITION...
RZ/G Series Release notes for RZ/G Security Solution R01TU0212EJ0100 Document Version 1.00 Table of Contents 1. OVERVIEW... 2 2. RELEASE ITEMS... 4 3. HOW TO APPLY... 6 4. ADDITIONAL FUNCTIONS AND CHANGE
More informationPolarSSL. Open Source crypto / SSL & Government accreditations
PolarSSL Open Source crypto / SSL & Government accreditations Me (Paul Bakker) IT Security Cryptography Software developer Angel investor @PaulBakkerNL PolarSSL Cryptography and SSL / TLS library in C
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationOracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.3 2014-01-08 Copyright 2014 Oracle Corporation Table
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationINTERNET PROTOCOL SECURITY (IPSEC) GUIDE.
INTERNET PROTOCOL SECURITY (IPSEC) GUIDE www.insidesecure.com INTRODUCING IPSEC NETWORK LAYER PACKET SECURITY With the explosive growth of the Internet, more and more enterprises are looking towards building
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationWhite Paper for Wacom: Cryptography in the STU-541 Tablet
Issue 0.2 Commercial In Confidence 1 White Paper for Wacom: Cryptography in the STU-541 Tablet Matthew Dodd matthew@cryptocraft.co.uk Cryptocraft Ltd. Chapel Cottage Broadchalke Salisbury Wiltshire SP5
More informationSicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017
Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution
More informationHACL* in Mozilla Firefox Formal methods and high assurance applications for the web
HACL* in Mozilla Firefox Formal methods and high assurance applications for the web B. Beurdouche K. Bhargavan J. Protzenko J-K. Zinzindohoué (Project Everest) F. Kiefer E. Rescorla T. Taubert M. Thomson
More informationUsing SSL Public Key Security with Titan FTP Server
2018 Using SSL Public Key Security with Titan FTP Server Instructions for configuring and maintaining Public Key Certificate based security in conjuntion with FTP, HTTP, and WebDAV services on Titan FTP
More informationOracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.2 12/12/2013 Copyright 2013 Oracle Corporation Table of
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationAuthenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas
Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationUsing SSL Public Key Security with Cornerstone MFT Server
2018 Using SSL Public Key Security with Cornerstone MFT Server Instructions for configuring and maintaining Public Key Certificate based security in conjunction with FTP, HTTP, and WebDAV services on Cornerstone
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationSoftware-defined Storage: Fast, Safe and Efficient
Software-defined Storage: Fast, Safe and Efficient TRY NOW Thanks to Blockchain and Intel Intelligent Storage Acceleration Library Every piece of data is required to be stored somewhere. We all know about
More informationA User-level Secure Grid File System
A User-level Secure Grid File System Ming Zhao, Renato J. Figueiredo Advanced Computing and Information Systems (ACIS) Electrical and Computer Engineering University of Florida {ming, renato}@acis.ufl.edu
More informationNetwork Security Platform 8.1
8.1.7.91-8.1.7.44 Manager-Virtual IPS Release Notes Network Security Platform 8.1 Revision B Contents About this release New features Enhancements Resolved issues Installation instructions Known issues
More informationz/tpf OpenSSL Support Dan Yee IBM Software Engineer August 10, 2016
z/tpf OpenSSL Support Dan Yee IBM Software Engineer August 10, 2016 1 Disclaimer Any reference to future plans are for planning purposes only. IBM reserves the right to change those plans at its discretion.
More informationSSL Accelerating Test Bench SSL accelerating Test Method
SSL Accelerating Test Bench SSL accelerating Test Method Stefan Deelen & Maurits van der Schee (master students SNE at the UvA) Supervised by: Jan Meijer (Surfnet) Contents Objectives Test Method Scope
More informationAuthentication CHAPTER 17
Authentication CHAPTER 17 Authentication Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources. getting entrance
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
NET1343BU NSX Performance Samuel Kommu #VMworld #NET1343BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no
More informationState of TLS usage current and future. Dave Thompson
State of TLS usage current and future Dave Thompson TLS Client/Server surveys Balancing backward compatibility with security. As new vulnerabilities are discovered, when can we shutdown less secure TLS
More informationPerformance Implications of Security Protocols
Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies, Joint Work with Paul Reeser 5th INFORMS Telecom Conference
More informationTLS. RFC2246: The TLS Protocol. (c) A. Mariën -
TLS RFC2246: The TLS Protocol What does it achieve? Confidentiality and integrity of the communication Server authentication Eventually: client authentication What is does not do Protect the server Protect
More informationLeveraging Intel SGX to Create a Nondisclosure Cryptographic library
CS 2530 - Computer and Network Security Project presentation Leveraging Intel SGX to Create a Nondisclosure Cryptographic library Mohammad H Mofrad & Spencer L Gray University of Pittsburgh Thursday, December
More informationThere are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has
1 There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has unpatched buffer-overflow vulnerabilities. New projects should
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationScaling Acceleration Capacity from 5 to 50 Gbps and Beyond with Intel QuickAssist Technology
SOLUTION BRIEF Intel QuickAssist Technology Scaling Acceleration Capacity from 5 to 5 Gbps and Beyond with Intel QuickAssist Technology Equipment manufacturers can dial in the right capacity by choosing
More informationHP OO 10.x Network Architecture
Technical white paper HP OO 10.x Network Architecture Table of Contents Overview 2 Advancing to a Scalable Model 2 The Old Model 2 The New Model 3 Configuring the New Model 4 Firewall Configuration 4 Worker
More informationKernel Transport Layer Security
Kernel Transport Layer Security A TLS socket Dave Watson davejwatson@fb.com TLS implemented as a socket int tls_fd = socket(af_tls, SOCK_STREAM SOCK_DGRAM, 0); 2 Why TLS? Security for the web The S in
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationIBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S)
IBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S) 1 Copyright IBM Corporation 1994, 2015. IBM Corporation Marketing Communications, Server Group Route 100 Somers, NY
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More informationFIPS Non-Proprietary Security Policy
Quantum Corporation Scalar Key Manager Software Version 2.0.1 FIPS 140-2 Non-Proprietary Security Policy Document Version 1.4 Last Update: 2010-11-03 8:43:00 AM 2010 Quantum Corporation. May be freely
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationThe Design, Implementation, and Performance Evaluation of Secure Socket SCTP 2.0
The Design, Implementation, and Performance Evaluation of Secure Socket SCTP 2.0 Nicklas Hasselström, Gunnar Hjern, Richard Hoorn, Marcus Hult, Johan Häger, Jens Syrén, Stefan Alfredsson & Stefan Lindskog
More informationState of the Linux Kernel
State of the Linux Kernel Timothy D. Witham Chief Technology Officer Open Source Development Labs, Inc. 1 Agenda Process Performance/Scalability Responsiveness Usability Improvements Device support Multimedia
More informationLegacy-Compliant Data Authentication for Industrial Control System Traffic
Legacy-Compliant Data Authentication for Industrial Control System Traffic John Henry Castellanos, Daniele Antonioli, Nils Ole Tippenhauer and Martín Ochoa Singapore University of Technology and Design
More informationInitial connection setup. Adding subflow setup. Three-way handshake with MP_CAPABLE Exchange 64 bit key(key-a, Key-B)
- 2 - Despite the short history, Multipath TCP(MPTCP) prevails drastically As MPTCP was deployed, security concerns increase There have been multiple attempts at verifications to security of MPTCP Initial
More informationOverview of Cryptography
18739A: Foundations of Security and Privacy Overview of Cryptography Anupam Datta CMU Fall 2007-08 Is Cryptography A tremendous tool The basis for many security mechanisms Is not The solution to all security
More informationMcAfee Network Security Platform 8.1
Revision C McAfee Network Security Platform 8.1 (8.1.7.91-8.1.3.124 Manager-M-series Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known
More informationTransparent Multi-core Cryptographic Support on Niagara CMT Processors
Transparent Multi-core Cryptographic Support on Niagara CMT Processors James Hughes, Gary Morton, Jan Pechanec, Christoph Schuba, Lawrence Spracklen, and Bhargava Yenduri Sun Microsystems, Inc. 10 Network
More informationPerformance and overhead evaluation of OSCOAP and DTLS
Performance and overhead evaluation of OSCOAP and DTLS Martin Gunnarsson 1, Tobias Andersson 1, Ludwig Seitz 1 1 RISE SICS AB Box 1263, Kista 16429, Sweden {martin.gunnarsson, tobias.andersson, ludwig.seitz}@ri.se
More informationLecture 08: Networking services: there s no place like
Lecture 08: services: there s no place like 127.0.0.1 Hands-on Unix system administration DeCal 2012-10-15 1 / 22 About Common records Other records 2 / 22 About About Common records Other records Domain
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationSecuring Your Wireless LAN
Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP
More informationA New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOH and more LACNIC 29 - Panamá May 2018 Jordi Palet (jordi.palet@theipv6company.com) -1 Internet is Changing More and more, Internet traffic is moving
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationPublic Key Infrastructure. What can it do for you?
Public Key Infrastructure What can it do for you? What is PKI? Centrally-managed cryptography, for: Encryption Authentication Automatic negotiation Native support in most modern Operating Systems Allows
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More information