Performance Implications of Security Protocols

Similar documents
CSCE 715: Network Systems Security

Transport Layer Security

Internet security and privacy

Transport Layer Security

CS 356 Internet Security Protocols. Fall 2013

Chapter 4: Securing TCP connections

Transport Level Security

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

MTAT Applied Cryptography

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Secure Socket Layer. Security Threat Classifications

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Cryptography (Overview)

MTAT Applied Cryptography

E-commerce security: SSL/TLS, SET and others. 4.1

Security Protocols and Infrastructures. Winter Term 2010/2011

Introduction and Overview. Why CSCI 454/554?

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

TLS/sRTP Voice Recording AddPac Technology

Scaling Acceleration Capacity from 5 to 50 Gbps and Beyond with Intel QuickAssist Technology

Anand Raghunathan

Overview. SSL Cryptography Overview CHAPTER 1

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

IPsec and SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dec. 1st, /43

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 8 Web Security

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

Displaying SSL Configuration Information and Statistics

Security Protocols and Infrastructures. Winter Term 2015/2016

Total No. of Questions : 09 ] [ Total No.of Pages : 02

Auth. Key Exchange. Dan Boneh

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Performance implication of elliptic curve TLS

Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices. Abstract

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

TLS. RFC2246: The TLS Protocol. (c) A. Mariën -

CS November 2018

Securing IoT applications with Mbed TLS Hannes Tschofenig

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Chapter 12 Security Protocols of the Transport Layer

HP Instant Support Enterprise Edition (ISEE) Security overview

TLS1.2 IS DEAD BE READY FOR TLS1.3

Coming of Age: A Longitudinal Study of TLS Deployment

New Generation Cryptosystems using Elliptic Curve Cryptography

Security Protocols and Infrastructures

Securely Deploying TLS 1.3. September 2017

The case for ubiquitous transport-level encryption

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Cryptography and Network Security

Oracle B2B 11g Technical Note. Technical Note: 11g_006 Security. Table of Contents

Overview of TLS v1.3 What s new, what s removed and what s changed?

SSL/TLS. How to send your credit card number securely over the internet

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Introduction to cryptology (GBIN8U16) Introduction

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Let's Encrypt - Free SSL certificates for the masses. Pete Helgren Bible Study Fellowship International San Antonio, TX

Information Security CS 526

Transport Layer Security

APNIC elearning: Cryptography Basics

Web as a Distributed System

Wireless Terminal Emulation Advanced Terminal Session Management (ATSM) Device Management Stay-Linked

History. TLS 1.3 Draft 26 Supported in TMOS v14.0.0

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

CPSC 467: Cryptography and Computer Security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Chapter 7. WEB Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

COSC4377. Chapter 8 roadmap

Introduction to information Security

BCA III Network security and Cryptography Examination-2016 Model Paper 1

ecure Sockets Layer, or SSL, is a generalpurpose protocol for sending encrypted

Solving HTTP Problems With Code and Protocols NATASHA ROONEY

Optimizing Outlook Anywhere with Juniper WXC

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec

Cisco VPN 3002 Hardware Client Security Policy

Network Working Group Requests for Commments: 2716 Category: Experimental October 1999

TLS 1.1 Security fixes and TLS extensions RFC4346

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

Case Study II: A Web Server

NT1210 Introduction to Networking. Unit 10

BIG-IP System: SSL Administration. Version

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Introduction to Cryptography. Vasil Slavov William Jewell College

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN. Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef

(2½ hours) Total Marks: 75

Engineering Fault-Tolerant TCP/IP servers using FT-TCP. Dmitrii Zagorodnov University of California San Diego

Cubro Network Security Series

Transcription:

Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies, Joint Work with Paul Reeser 5th INFORMS Telecom Conference Boca Raton, 7 March 2000

Outline of Talk Overview of Secure Sockets Layer v3.0 SSL Handshake Protocol SSL Record Protocol Factors Affecting Performance Handshake Layer: socket setup, key generation, session caching Record Layer: encryption/decryption, hardware accelerators Performance Results & Observations LDAP over SSL over Ethernet HTTP over SSL over Internet response time, network traffic 03/07/00 - TC2.2 VM - 2

Overview of Secure Sockets Layer Secure Sockets Layer (SSL) protocol Sandwiched in between L4 application protocol (eg, HTTP) and reliable L3 transport protocol (TCP) eg, HTTPS (port 443) ~ HTTP / SSL / TCP/IP / Ethernet Two cryptography layers within SSL SSL Handshake (aka Message) layer RSA certificate/public-key exchange for authentication cryptographic parameters (session key) establishment SSL Record layer encapsulation of higher level protocols (including Handshake) RC4 compression + bulk encryption of data using session key MD5 message authentication code (MAC) for data integrity 03/07/00 - TC2.2 VM - 3

SSL Handshake Layer Client TCP SYN Server TCP SYN-ACK rand x rand z P(z) K=f(x,y,z) K(fin) SSL Client Hello [Session ID, if cached] ClientHelloDone [Digital Certificate], [ClientKeyExchange], [CertificateVerify] ChangeCipherSpec Finished (encrypted) Application Request (eg, HTTP POST) x y,p P(z),K(fin) K(fin) SSL Server Hello [Digital Certificate], [ServerKeyExchange], [CertificateRequest] ServerHelloDone [CertificateVerify] ChangeCipherSpec Finished (encrypted) Response rand y public key P z=p -1 P(z) K=f(x,y,z) K(fin) 03/07/00 - TC2.2 VM - 4

SSL Record Layer Compresses 16KB units of higher layer application data Computes message auth code (MAC) on compressed data Encrypts compressed data using 40- or 128-bit session key Sends headers + encrypted compressed data + MAC Message Type (handshake, data, alert,...) : 1B Protocol Version : 2B Fragment Length : 2B Sequence Number : 8B Compressed, encrypted data + MAC: up to 16KB If stream cipher: encrypted size = compressed size If block cipher: padded to make it into 8B blocks 03/07/00 - TC2.2 VM - 5

Factors Affecting Performance I Secure SSL socket setup (handshake) Network latency : adds ~ 2 RTTs to delay for first segment of application response (4 RTTs for secure SSL socket vs 2 RTTs for clear TCP socket) eg, @ 200ms Internet RTT, adds ~ 400ms to response time Network bandwidth : adds ~ 2KBs to total application traffic on network eg, @ 26.4Kbps modem throughput, adds ~ 650ms to latency significant for small transactions (eg, HEAD, POST login) CPU consumption : costs ~ O(300ms) of additional server CPU consumption session-key generation + 1024-bit RSA decryption operation adds ~ 300/(1 ) ms to application response time, where = server CPU utilization 03/07/00 - TC2.2 VM - 6

Factors Affecting Performance II Session state management (ID caching) Client can request to resume previously established session client includes Session ID in Client Hello message allows multiple HTTP transactions w/in single SSL session Beneficial for sessional applications (eg, secure WebMail) avoids session key generation & server decrypt operation avoids 1 out of 2 extra RTTs & some extra data exchange But, could be detrimental for secure transactional apps, where SSL session = 1 tx (eg, secure login + insecure WM) may have significant overhead due to session ID mgmt (inefficient if client performs only one secure transaction) 03/07/00 - TC2.2 VM - 7

Factors Affecting Performance III Hardware accelerator cards PCI adapter board with RSA public-key math co-processor CryptoSwift (Rainbow Technologies) nfast (ncipher Corporation Ltd) Supports most security protocols & cryptography methods SSL, SET, SSH, IPSec, RSA, PGP (Diffie-Hellman), DSA,... Vendors claims for single accelerator board: 10-fold reduction in CPU consumption for SSL setup 20-fold increase in SSL transaction throughput 50% reduction in SSL transaction response time but, only modest acceleration of RC4 bulk encryption 03/07/00 - TC2.2 VM - 8

Factors Affecting Performance IV RC4 bulk encryption (symmetric key) 40-bit (export) vs 128-bit (domestic) RC4 session cipher-key we found little or no impact on response time re CPU consumption: accelerator vendors claim that RC4 only consumes a few percent of your processor our results suggest otherwise 03/07/00 - TC2.2 VM - 9

Results for LDAP / SSL / Ethernet Retrieve personal address book from LDAP directory server # Entries Client LDAP Server (over LAN) in PAB SSL Enabled Without SSL 0* 9 5 10 14 9 20 21 13 30 28 17 40 35 21 50 42 26 Average ~ 9s + 7s/10 entries ~ 5s + 4s/10 entries * empty PAB = SSL connection (key exch, authentication, handshake, etc) Results handshake ~ 1.8x impact encryption ~ 1.75x impact 03/07/00 - TC2.2 VM - 10

Results for HTTP / SSL / Internet Test Configuration Server : SGI Challenge L (4 194Mhz CPUs), Irix 6.5, SSL 3.0 (128-bit), Netscape Enterprise 3.6 Clients : NT workstation + NT server, Silk Performer 2.5 Network : 56Kbps modem (connecting @ 26.4Kbps) WebMail Transaction Workload Login (https POST user name + password) no SSL, SSL handshake (ID cached), SSL + handshake Downloads (20KB, 100KB, 200KB, 500KB, 1MB ascii files) no SSL, and SSL handshake (ID cached) Performance Metrics client response time, server CPU time, network traffic 03/07/00 - TC2.2 VM - 11

WebMail Login Response Time Login Transaction 3.5 3 3.15 SSL ON + HS SSL ON - HS SSL OFF 2.5 2.3 Response Time (sec) 2 1.5 1.6 1 0.5 0 03/07/00 - TC2.2 VM - 12

WebMail Download Response Time Download Transactions 400 350 SSL On SSL Off 397 300 280 Response Time (sec) 250 200 150 196 150 100 50 0 80 63 40 30 10 8 20 100 200 500 1000 File Size (KB) 03/07/00 - TC2.2 VM - 13

WM Download Response Time Ratio Download Transactions 2.0 1.8 Response Time Ratio (SSL On:Off) 1.6 1.4 1.2 1.0 1.32 0.8 0.6 20 100 200 500 1000 File Size (KB) 03/07/00 - TC2.2 VM - 14

WM Download Response Time/KB Download Transactions 0.6 SSL On SSL Off 0.5 Response Time per KB (sec) 0.4 0.3 0.40 0.30 0.2 0.1 20 100 200 500 1000 File Size (KB) 03/07/00 - TC2.2 VM - 15

WM Download Network KB/File KB Download Transactions 1.6 SSL On SSL Off 1.4 Network KB/File KB 1.2 1.0 1.13 0.8 0.6 20 100 200 500 1000 File Size (KB) 03/07/00 - TC2.2 VM - 16

Hardware Accelerators PCI adapter board with RSA public-key math co-processor CryptoSwift (Rainbow Technologies), nfast (ncipher Corp) Vendors claims for single accelerator board: 10-fold reduction in CPU consumption for SSL setup 20-fold increase in SSL transaction throughput 50% reduction in SSL transaction response time * * * CryptoSwift Performance under SSL with File Transfer Keung (1997) 03/07/00 - TC2.2 VM - 17

Conclusions of Study Handshake adds 2 RTTs, 2KB traffic, O(300ms) CPU time Login latency (via modem, low server load) ~ 2.0x increase Session ID caching can recoup ~ 1/2 of added overhead, provided application workload is sessional not transactional Login latency (via modem, low server load) ~ 1.4x increase Download latency (via modem, low server load) ~ 1.3x impact Net effect on server CPU (via modem, low server load) : huge CPU penalty to download in SSL (up to 250x increase!) either RC4 bulk encryption is costly, or SSL file download over low-speed connection is extremely inefficient (TBD...) Little/no effect on network traffic (compression not apparent) Crypto accelerators may offer promise in some scenarios little help for bulk encryption, but promising for handshake 03/07/00 - TC2.2 VM - 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback