Performance implication of elliptic curve TLS
|
|
- Alban Payne
- 5 years ago
- Views:
Transcription
1 MSc Systems & Network Engineering Performance implication of elliptic curve TLS Maikel de Boer - maikel.deboer@os3.nl Joris Soeurt - joris.soeurt@os3.nl April 1, 2012 Abstract During our research we tested how much performance increase could be gained by changing from a traditional Ron Rivest, Adi Shamir and Leonard Adleman (RSA) based cipher suite in Transport Layer Security (TLS) to equivalent Elliptic Curve Cryptography (ECC) based cipher suites. We benchmarked Hyper Text Transport Protocol (HTTP) and three di erent TLS cipher suites (RSA ephemeral, ECC ephemeral and non ephemeral) using di erent file sizes and with and without TLS session reuse. Under specific conditions, changing from a traditional RSA cipher suite to a ECC cipher suite can yield 58% lower CPU usage on the web server, increases the throughput by 13% and lowers the latency by 73%. When using a non ephemeral ECC based cipher suite the throughput increases by 21% compared to the ECC ephemeral cipher suite. Overall we can conclude that ECC improves performance under most, but not all conditions. 1 Introduction ECC is emerging as an attractive publickey crypto system for mobile/wireless environments. Compared to traditional crypto systems like RSA, ECC o ers equivalent security with smaller key sizes, which results in faster computations, lower power consumption, as well as memory and bandwidth savings. This is especially useful for mobile devices which are typically limited in terms of their CPU, power and network connectivity. [1] For our research we tested if ECC is faster and less costly (in terms of server resources) than traditional cipher suites under specific circumstances, when used in combination with TLS. We benchmarked di erent cipher suites to measure how they perform using di erent file sizes and parameters. Data was collected based on client CPU, throughput (requests per second), latency (response time) and CPU usage on the web server. This paper does not discuss the inner working of the TLS protocol nor the working of RSA and ECC ciphers, it does however strive to give a realistic overview of the performance gain that can be achieved using di erent file sizes and concurrent users requesting a specific file. It is advisable to have prior knowledge of how TLS and di erent cipher suites work. For more information we would like to refer the reader to the following documents [2] [3]. In section 2 we will clarify the way we have chosen the cipher suites, our test setup and the performance metrics. In section 3 we show the results. In section 4 we end with a conclusion and in section 5 we do some suggestions for future research. Research Question The main research question for our research is: How much performance improvement can be gained by replacing the key exchange mechanism in TLS 1
2 from RSA to elliptic curve Di e- Hellman? 2 Approach Cipher suite selection A cipher suite defines a combination of cryptographic algorithms used in a TLS connection. It consists of four di erent parts; the key exchange algorithm, authentication algorithm used to verify the client and the server, encryption algorithm used for bulk encryption/decryption and the Message Authentication Code (MAC) algorithm to generate the message digest to ensure message integrity. Di erent cipher suites have di erent properties with respect to performance and security. The cipher suites we used for testing were selected based on the National Institute of Standards and Technology (NIST) recommendations for key management [4]. The NIST recommends to use a 3072 bit key when using RSA and a 256 bit key when using ECC for su cient security of data till even after Based on the recommendations of NIST we chose to test the following cipher suites: Code 0x00,0x33 0xC0,0x09 0xC0,0x04 Name DHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA ECDH-ECDSA-AES128-SHA Table 1: Selected ciphers suites For the ECC ciphers we created keys and certificates using the secp256r1 curve. For RSA we created a 3072 bit key which we used to sign a RSA certificate. The 0x00,0x33 and the 0xC0,0x09 are both ephemeral suites which achieve Perfect Forward Secrecy (PFS). No cipher suite comparable to the 0x00,0x33 RSA based cipher suite which does not achieve PFS is available. To measure the overall impact of TLS we also performed benchmarks using the same hard- and software configuration but using HTTP instead of Hyper Text Transport Protocol Secure (HTTPS). Test setup The test setup consisted of two Dell PowerEdge 2950 servers with 4GB of RAM and Intel Xeon 2.00GHz processor running Ubuntu (Oneiric) x64. The first server is configured as web server and the second server is configured to simulate web clients using Jmeter. Both servers are directly connected using a 1Gbit ethernet link. We used Apache build from source with Secure Socket Layer (SSL) enabled. The TLS module for Apache, (mod ssl) relied on OpenSSL binaries version e for it s cryptographic functions. Jmeter is a Java based web server benchmark tool from the Apache project 1.Weused Jmeter 2.6 (Java version ) for simulating actual users requesting webpages from the server. At the web server we used System Activity Reporter (SAR) which is part of the sysstat packet available from the Ubuntu repository. We used SAR to measure the client and server CPU load. During di erent tests Jmeter was configured to simulate 1, 5, 10, 100 or 200 simultaneous users (threads) requesting files of sizes 1Kb, 5Kb, 10Kb, 100Kb, 500Kb or 1000KB. The ramp up period was set to 10 seconds, which means that Jmeter takes 10 seconds to start all threads. For 10 threads this means Jmeter starts 1 thread per second, for 100 threads this means Jmeter starts 10 threads per second. Jmeter was configured not to use HTTP keep-alive, which means every simulated user opens a new Transmission Control Protocol (TCP) socket which is closed immediately after the HTTP or HTTPS response is successfully received from the server. Finally, HTTPS session reuse was disabled to force every iteration to negotiate a new TLS session key. Our test were both performed with one file per iteration as 20 files per iteration. The latter means that TLS session key is exchanged for every 20 files a thread requests. All tests were performed for both HTTP and HTTPS using all selected cipher suites, with all number of threads and all file sizes
3 This resulted in 192 di erent tests. Every test ran for 180 seconds, between every test we scheduled a cooling down period of also 180 seconds. Performance metrics During the experiments we measured the following performance metrics a) throughput (total amount of requests divided by the time the experiment took to complete) b) average latency (average time it took before a requests is received by the client after issuing a request to the server) c) CPU load (load of the CPU for user processes and kernel processes) 3 Results The results shown in the graphs are based on the measurement data of the test performed with 100 concurrent threads. We choose to use only graphs of one thread size because the shape of the graphs were identical at all different number of threads. This means using di erent number of concurrent threads doesn t lead to di erent results (relative between the ciphers). The 100 threads graphs were selected because these showed the optimal peak in absolute performance. 3.1 CPU usage Figure 1 shows that 0xC0,0x09 is less CPU intensive than 0x00,0x33 for TLS handshakes, even up to 58% for 1KB file sizes. When file sizes increase the di erence becomes smaller because less handshakes have to be performed. For 1000KB the CPU is 19% less stressed. In Figure 4 we see the e ect reuse has on CPU performance. When reusing the TLS session key the CPU load decreases because less asymmetric encryption handelings are done. The 0xC0,0x09 suite is still 36% less CPU intensive for 1KB files. The peak in Figure 4 shown when reusing session keys, at file size 100KB for the 0xC0,0x09 cipher is strange and we don t have a feasible explanation for this behavior. The same holds for the (minimal) drop at file size 5KB for 0x00,0x Throughput When looking at Figure 2 we observe that the throughput is higher when using the 0xC0,0x09 cipher suite instead of the 0x00,0x33 suite for all file sizes. This is expected behavior since the ECC encryption techniques should demand less resources from the server. The client throughput is higher when using the 0xC0,0x09 cipher suite up to the 500KB file size with at max 13%. At this point the 0xC0,0x09 has a better throughput than the 0x00,0x33 suite with a small percentage. When reusing the TLS session key, the overall throughput increases by at max 922% at 1KB file sizes, see Figure 5. An unexpected observation is the fact that the throughput of 0x00,0x33 is higher than the 0xC0,0x09 throughput at all file sizes with a di erence between 1.4 and 4.3% till 1000KB file sizes. 3.3 Latency In Figure 3 we see that the latency for the 0x00,0x33 is higher than the latency for the 0xC0,0x09 suite for file sizes up of 500KB. Starting at files of 500KB and larger the 0x00,0x33 suite has less latency. In Figure 6 we show the results with session reuse enabled. When reusing the TLS session key, the latency of 0x00,0x33 decreases up to 90% and the latency of 0xC0,0x09 with 89% at 1KB file size. For file sizes up to 1000KB the latency for the 0x00,0x33 cipher is less than for 0xC0,0x09 which we don t have a feasible explanation for. 3.4 Ephemeral and non-ephemeral To show the cost (in terms of performance and resources) of achieving PFS we also performed our tests with a non-ephemeral ECC based cipher suite and created graphs for comparison of the ephemeral ECC based cipher suite. In Figure 7 and Figure 10 we see for both with and without TLS session reuse, the non ephemeral cipher suite uses less CPU than the 3
4 ephemeral cipher suite in most cases. The nonephemeral suite however performs better at 500 KB for both graphs and also at 1000 KB when session reuse is enabled. When we look at Figure 8 and Figure 11 we can see that the throughput for the non ephemeral suite is higher then the ephemeral version for both with and without TLS session reuse enabled. This clearly shows PFS comes at a cost and without TLS session reuse leads to 21% throughput decrease for the smallest file size up to 7% for the largest file size. In Figure 9 we can see that without TLS session key reuse, the ephemeral cipher suite also increases the latency. When reusing the TLS session keys (Figure 12) the di erence becomes much smaller and we observe almost no di erence between the 0xC0,0x04 and 0xC0,0x09 suite. The latency of the non ephemeral cipher suite is however higher at 1000 KB when reusing the session key, which we don t have a feasible explanation for. 3.5 HTTP To put the TLS performance and resource usage in perspective we also benchmarked plain HTTP performance. Because of enormous difference in scale we chose to display the results in separate graphs. We should however note that the TLS performance was measured on basis of a key length that su ces even after At that time server hardware would be that dramatically di erent from current hardware that the comparison would probably be di erent. When we compare HTTPS to HTTP performance, our benchmarks show that for the smallest file size (1 KB), server CPU drops by 53% (Figure 13) while increasing throughput by as much as 6220% (Figure 14) while latency drops by 99% (Figure 15). For the largest file size (100 KB), CPU even drops by 95% while throughput still increases by 92% and latency drops by 46%. 4 Conclusion Our benchmarks have shown that under specific circumstances (1KB file size, no session key reuse) changing from the 0x00,0x33 to the 0xC0,0x09 cipher can yield a 58% lower CPU usage on the web server. It also increases client throughput by 13% while lowering client latency by 73%. The results are however not consistent for all conditions. For example some file sizes lead to less performance with the ECC cipher and when enabling session reuse, the 0x00,0x33 cipher suite performs better for all file sizes. (These deviations from the expected results are similiar in all tests with all number of threads and results are reproducible.) We observed that the di erence in performance is much smaller when TLS session reuse is enabled. In real life scenarios the number of files transferred per session key will probably be larger than the 20 we used for our benchmarks which decreases the di erence in performance between the ciphers even more. For TLS to work we need a Certificate Authority (CA) that supports signing the web server certificate with an ECC private key (all the way up to the root), unfortunately not all CAs support ECC at this point in time. Also not all client and server software has support for ECC (for example the versions available in software repositories like in Debian or Ubuntu). As expected, using an ephemeral ECC cipher leads to less client throughput in comparison to a non ephemeral ECC cipher. Although substantial, and observable with all file sizes, it isn t really an option to use an non ephemeral cipher suite if you take security serious. Overall we can conclude that ECC improves performance under most circumstances. Offering the possibility to negotiate ECC between clients and server will reduce the load on servers where large installations could benefit from. 4
5 5 Future work During our research we used static files and used one specific file size per test. Our tests did not simulate the tra c of a real site, it only shows under which controlled conditions the ECC based cipher suite performance better than a RSA based cipher suite. Since every website is di erent it is di cult to calculate a generic measurement on how much performance improvement can be obtained. Therefore it would be interesting to see how ECC performs using real life tra c patterns (for example in a large production website) compared to RSA cipher suites. Note that when browsing three popular, large scale websites for 5 minutes each, we measured 77 percent of all downloaded files were less than 10 KB and only 6 percent of the files was larger than 100 KB in size. This makes the smallest three filesizes in our tests most representable for real life perfomance. A second thing which which would be interesting is measure how ECC impacts performs using other secure protocols like DNSsec, IMAPs, SSH etc. Graphs References [1] Oracle, Securing the Web with Elliptic Curve Cryptography. oracle.com/projects/crypto/. [2] S. Blake-Wilson, Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS), May http: // [3] T. Dierks et al., The TLS Protocol Version 1.0, January org/rfc/rfc4492.txt. [4] NIST, Recommendation for Key Management, Special Publication Part 1 Rev. 3, May toolkit/key_management.html. Figure 1: Average CPU usage on server, per file size. Figure 2: Throughput on client, per file size. Figure 3: Average request latency on client, per file size. 5
6 Figure 4: Average CPU usage on server, per file size. Session key reuse enabled. Figure 7: Average CPU usage on server, per file size. Figure 5: Throughput on client, per file size. Session key reuse enabled. Figure 8: Throughput on client, per file size. Figure 6: Average request latency on client, per file size. Session key reuse enabled. Figure 9: Average request latency on client, per file size. 6
7 Figure 10: Average CPU usage on server, per file size. Session key reuse enabled. Figure 13: HTTP average CPU usage on server, per file size. Figure 11: Throughput on client, per file size. Session key reuse enabled. Figure 14: HTTP throughput on client, per file size. Figure 12: Average request latency on client, per file size. Session key reuse enabled. Figure 15: HTTP average request latency on client, per file size. 7
Lecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationLet's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX
Let's Encrypt - Free SSL certificates for the masses Pete Helgren Bible Study Fellowship International San Antonio, TX Agenda Overview of data security Encoding and Encryption SSL and TLS Certficate options
More informationAbout FIPS, NGE, and AnyConnect
About FIPS, NGE, and AnyConnect, on page 1 Configure FIPS for the AnyConnect Core VPN Client, on page 4 Configure FIPS for the Network Access Manager, on page 5 About FIPS, NGE, and AnyConnect AnyConnect
More informationComparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat
Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries
More informationBIG-IP System: SSL Administration. Version
BIG-IP System: SSL Administration Version 13.0.0 Table of Contents Table of Contents About SSL Administration on the BIG-IP System...7 About SSL administration on the BIG-IP system... 7 Device Certificate
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationInternet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS)
Internet Engineering Task Force (IETF) M. Salter Request for Comments: 6460 National Security Agency Obsoletes: 5430 R. Housley Category: Informational Vigil Security ISSN: 2070-1721 January 2012 Abstract
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Transport Layer Security (TLS) Advanced Features University of Tartu Spring 2016 1 / 16 Client Server Authenticated TLS ClientHello ServerHello, Certificate, ServerHelloDone
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationComparison Studies between Pre-Shared and Public Key Exchange Mechanisms for Transport Layer Security
Comparison Studies between Pre-Shared and Public Key Exchange Mechanisms for Transport Layer Security Fang-Chun Kuo, Hannes Tschofenig, Fabian Meyer and Xiaoming Fu Institute for Informatics, University
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationScaling Acceleration Capacity from 5 to 50 Gbps and Beyond with Intel QuickAssist Technology
SOLUTION BRIEF Intel QuickAssist Technology Scaling Acceleration Capacity from 5 to 5 Gbps and Beyond with Intel QuickAssist Technology Equipment manufacturers can dial in the right capacity by choosing
More informationEcosystem at Large
Testing TLS in the E-mail Ecosystem at Large IT-SeCX 2015 Wilfried Mayer, Aaron Zauner, Martin Schmiedecker, Markus Huber Overview Background Methodology Results Mitigation 2 Background Transport Layer
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationBIG-IP System: SSL Administration. Version
BIG-IP System: SSL Administration Version 13.1.0 Table of Contents Table of Contents About SSL Administration on the BIG-IP System...7 About SSL administration on the BIG-IP system... 7 Device Certificate
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig
Securing IoT applications with Mbed TLS Hannes Tschofenig Part#2: Public Key-based authentication March 2018 Munich Agenda For Part #2 of the webinar we are moving from Pre-Shared Secrets (PSKs) to certificated-based
More informationPerformance Implications of Security Protocols
Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies, Joint Work with Paul Reeser 5th INFORMS Telecom Conference
More informationIntroduction to Public-Key Cryptography
Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, 1976 Symmetric cryptography
More informationEnabling High Performance Bulk Data Transfers With SSH
Enabling High Performance Bulk Data Transfers With SSH Chris Rapier Benjamin Bennett TIP 08 Moving Data Still crazy after all these years Multiple solutions exist Protocols UDT, SABUL, etc Implementations
More informationData-Driven Software Security Insights
CASE STUDY Data-Driven Software Security Insights TLS Performance Overhead for MongoDB TABLE OF CONTENTS Page 3: Page 3: Page 4: Page 4 Page 5: Page 5: Abstract Introduction Methodology and testing environment
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationThe Application of Elliptic Curves Cryptography in Embedded Systems
The Application of Elliptic Curves Cryptography in Embedded Systems Wang Qingxian School of Computer Science and Engineering University of Electronic Science and Technology China Introduction to Cryptography
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationRequirements from the. Functional Package for Transport Layer Security (TLS)
Requirements from the Functional Package for Transport Layer Security (TLS) Version: 1.0 2018-12-17 National Information Assurance Partnership Revision History Version Date Comment Introduction Purpose.
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationConfiguring Secure Socket Layer HTTP
This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity
More informationConfiguring Secure Socket Layer HTTP
This feature provides Secure Socket Layer (SSL) version 3.0 support for the HTTP 1.1 server and HTTP 1.1 client within Cisco IOS software. SSL provides server authentication, encryption, and message integrity
More informationOracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.3 2014-01-08 Copyright 2014 Oracle Corporation Table
More informationCubro Network Security Series
Cubro Security Series PRODUCT REVIEW Security At a glance In order to meet the demands of the operators and fastdeveloping network, Cubro delivers the network secure sockets layer analysis products --
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationDesigning Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
More informationThe case for ubiquitous transport-level encryption
1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazières, and Dan Boneh Stanford and UCL November 18, 2010 Goals 2/25 What would it take to encrypt
More informationThe question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationTLS 1.2 Protocol Execution Transcript
Appendix C TLS 1.2 Protocol Execution Transcript In Section 2.3, we overviewed a relatively simple protocol execution transcript for SSL 3.0. In this appendix, we do something similar for TLS 1.2. Since
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationFUJITSU Software BS2000 internet Services. Version 3.4A May Readme
FUJITSU Software BS2000 internet Services Version 3.4A May 2016 Readme All rights reserved, including intellectual property rights. Technical data subject to modifications and delivery subject to availability.
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationUnderstand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS
Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationPerfect forward not so secrecy
Perfect forward not so secrecy By: Joey Dreijer and Sean Rijs December 16, 2013 Final version Abstract Perfect Forward Secrecy (PFS) is a technique that gives each session a new key and removes it when
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake
More informationElliptic Curve Cryptography and its Application in the Secure Socket Layer/Transport Layer Security Protocol
Elliptic Curve Cryptography and its Application in the Secure Socket Layer/Transport Layer Security Protocol M. Cimi Thomas 1* and S. Sheeja 2 1* Research Scholar, Department of Computer Science, Karpagam
More informationThe case for ubiquitous transport level encryption. Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford.
The case for ubiquitous transport level encryption Andrea Bittau, Mike Hamburg, Mark Handley, David Mazieres, Dan Boneh. UCL and Stanford. What would it take to encrypt all the traffic on the Internet,
More informationCisco VPN 3002 Hardware Client Security Policy
Introduction This non-proprietary Cryptographic Module Security Policy describes how the VPN 3002 and 3002 8E Hardware Client (Firmware version FIPS 3.6.7.F) meets the security requirements of FIPS 140-2,
More informationComing of Age: A Longitudinal Study of TLS Deployment
Coming of Age: A Longitudinal Study of TLS Deployment Accepted at ACM Internet Measurement Conference (IMC) 2018, Boston, MA, USA Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson,
More informationSSL Server Rating Guide
SSL Server Rating Guide version 2009k (14 October 2015) Copyright 2009-2015 Qualys SSL Labs (www.ssllabs.com) Abstract The Secure Sockets Layer (SSL) protocol is a standard for encrypted network communication.
More informationContents. Configuring SSH 1
Contents Configuring SSH 1 Overview 1 How SSH works 1 SSH authentication methods 2 SSH support for Suite B 3 FIPS compliance 3 Configuring the device as an SSH server 4 SSH server configuration task list
More information13/11/2014. Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n. Pa rt 1 A b o u t S S L C e r t f i c a t e s. W h a t i s S S L / T L S
13/11/2014 SSL/TLS: IMPACT AND SOLUTIONS With I ntroduction W h a t i s S S L / T L S Pa rt 1 A b o u t S S L C e r t f i c a t e s Pa rt 2 S S L i m p a c t a n d o p t i m i s a t i o n INTRODUCTION
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationKey Exchange. Secure Software Systems
1 Key Exchange 2 Challenge Exchanging Keys &!"#h%&'() & & 1 2 6(6 1) 2 15! $ The more parties in communication, the more keys that need to be securely exchanged " # Do we have to use out-of-band methods?
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCisco VPN Internal Service Module for Cisco ISR G2
Data Sheet Cisco VPN Internal Service Module for Cisco ISR G2 Compact Versatile High-Performance VPN Module The Cisco VPN Internal Service Module (VPN ISM) is a module for the Cisco Integrated Services
More informationSSL/TLS Security Assessment of e-vo.ru
SSL/TLS Security Assessment of e-vo.ru Test SSL/TLS implementation of any service on any port for compliance with industry best-practices, NIST guidelines and PCI DSS requirements. The server configuration
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationCryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators
Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators Belfast, 11-Nov-2010 Innovative Software Solutions. Thomas Bahn - graduated in mathematics, University of Hannover - developing
More informationTotal No. of Questions : 09 ] [ Total No.of Pages : 02
CS / IT 321 (CR) Total No. of Questions : 09 ] [ Total No.of Pages : 02 III/IV B. TECH. DEGREE EXAMINATIONS, OCT / NOV - 2015 Second Semester COMPUTER SCIENCE & ENGINEERING NETWK SECURITY Time : Three
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Misconceptions Concerning Public-Key Encryption Public-key encryption is more secure from
More informationParallelizing IPsec: switching SMP to On is not even half the way
Parallelizing IPsec: switching SMP to On is not even half the way Steffen Klassert secunet Security Networks AG Dresden June 11 2010 Table of contents Some basics about IPsec About the IPsec performance
More informationExtended Package for Secure Shell (SSH) Version: National Information Assurance Partnership
Extended Package for Secure Shell (SSH) Version: 1.1 2016-11-25 National Information Assurance Partnership Revision History Version Date Comment 0.9 2015-08-19 First Draft - Extended Package for Secure
More informationConfiguring SSL. SSL Overview CHAPTER
7 CHAPTER This topic describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section are:
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. About Traffic Decryption, page 1 SSL Inspection
More informationComparing TCP performance of tunneled and non-tunneled traffic using OpenVPN. Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef
Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef Outline Introduction Approach Research Results Conclusion
More informationPublic Key Cryptography
graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,
More informationEncrypted Phone Configuration File Setup
This chapter provides information about encrypted phone configuration files setup. After you configure security-related settings, the phone configuration file contains sensitive information, such as digest
More informationSecure Internet Communication
Secure Internet Communication Can we prevent the Cryptocalypse? Dr. Gregor Koenig Barracuda Networks AG 09.04.2014 Overview Transport Layer Security History Orientation Basic Functionality Key Exchange
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationSE Memory Consumption
Page 1 of 5 SE Memory Consumption view online Calculating the utilization of memory within a Service Engine is useful to estimate the number of concurrent connections or the amount of memory that may be
More informationCryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption
and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X
More informationBIG-IP Local Traffic Manager: Configuring a Custom Cipher String for SSL Negotiation. Version 13.0
BIG-IP Local Traffic Manager: Configuring a Custom Cipher String for SSL Negotiation Version 13.0 Table of Contents Table of Contents Configuring a custom cipher string for SSL negotiation...5 Overview:
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationCryptology complementary. Introduction
Cryptology complementary ] Introduction Pierre Karpman pierre.karpman@univ-grenoble-alpes.fr https://www-ljk.imag.fr/membres/pierre.karpman/tea.html 2018 02 08 Introduction 2018 02 08 1/21 First things
More informationIBM Education Assistance for z/os V2R1
IBM Education Assistance for z/os V2R1 Items: TLS V1.2 Suite B RFC 5280 Certificate Validation Element/Component: Cryptographic Services - System SSL Material is current as of June 2013 Agenda Trademarks
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationConfiguring SSL CHAPTER
7 CHAPTER This chapter describes the steps required to configure your ACE appliance as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination. The topics included in this section
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationSecurity IP-Cores. AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing. l e a d i n g t h e w a y
AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing l e a d i n g t h e w a y l e a d i n g t h e w a y Secure your sensitive content, guarantee its integrity and
More informationSatisfying CC Cryptography Requirements through CAVP/CMVP Certifications. International Crypto Module Conference May 19, 2017
Satisfying CC Cryptography Requirements through CAVP/CMVP Certifications International Crypto Module Conference May 19, 2017 Synopsis Background NIAP policy relating to cryptographic requirements NIAP
More informationOracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.2 12/12/2013 Copyright 2013 Oracle Corporation Table of
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationAN12120 A71CH for electronic anticounterfeit protection
Document information Info Keywords Abstract Content Security IC, IoT, Product support package, Secure cloud connection, Anti-counterfeit, Cryptographic authentication. This document describes how the A71CH
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationSE Memory Consumption
Page 1 of 5 view online Overview Calculating the utilization of memory within a Service Engine (SE) is useful to estimate the number of concurrent connections or the amount of memory that may be allocated
More informationDatapath. Encryption
Datapath The following refers to the IKE/IPsec datapath implementation of overlay tunnels between Silver Peak devices. VXOA Release 7.3 (Regular "IPsec" mode with IKE) 8.0 (Regular "IPsec" mode with IKE)
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More informationUNCLASSIFIED INFORMATION TECHNOLOGY SECURITY GUIDANCE
INFORMATION TECHNOLOGY SECURITY GUIDANCE GUIDANCE ON SECURELY CONFIGURING NETWORK PROTOCOLS ITSP.40.062 August 2016 FOREWORD The Guidance on Securely Configuring Network Protocols is an UNCLASSIFIED publication,
More information