Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat
Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries Studied Comparison Library to Implementation Supported Features Algorithm/Ciphers Supported Performance for libraries Conclusion
Transport Layer Security(TLS), why is it needed? Communication security on internet Secure - Email, VOIP, Web browsing, Bank transactions Provides Privacy and Integrity of data Prevent Eavesdropping and Tampering
Introduction Application protocol independent TLS versions (Implementations) evolved as SSL1.0->SSL2.0->SSL3.0 ->TLS1.0->TLS1.1->TLS1.2->TLS1.3 (draft) Less Secure Each suite contains authentication, message authentication code (MAC), key exchange and encryption algorithms Datagram TLS (DTLS) TLS with packet lost and reordering implementation DTLS1.0 and DTLS 1.2
Libraries Under Consideration Primary OpenSSL - Robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) GnuTLS Portable ANSI C based library with Lesser General Public license (GPL) Other Network Security Services (NSS) - Library designed to support crossplatform development of security-enabled client and server applications Cryptlib - Open source cross-platform software security toolkit library for SSL/TLS and SSH secure sessions, CA services
Library to Implementation comparison Library SSL3.0 TLS1.0 TLS1.1 TLS1.2 TLS1.3 DTLS1.0 DTLS1.2 OpenSSL Yes Yes Yes Yes Yes Yes Yes GnuTLS Yes Yes Yes Yes No Yes Yes NSS Yes Yes Yes Yes Yes Yes Yes Cryptlib Yes Yes Yes Yes No No No
General Comparison OpenSSL GnuTLS NSS Languages C C C or C++ Cryptographic Token Not Present natively * Present Present Interface- PKCS #11 Thread safety CPU Assisted Crypt. With AES-NI Languages Two callback function with POSIX or Win Threads Yes Use POSIX or Win Thread Yes (+VIA Padlocks) Cryptographic Token Interface - Hardware security module Platform independent API for Hardware Security Modules (HSM) and smart cards Thread Safety Safe shared data manipulation CPU assisted Cryptography Use of hardware acceleration for cryptographic functions with supported instruction set *engine needs to be added externally through patch Yes Yes
Performance Comparisons Criteria Literature survey of Speedtest and Comparison of Open-Source Cryptography Libraries by Timo Bingmann Public key performance results for NSS Installing OpenSSL and running hashing algorithms Installing GnuTLS and running benchmarking for hashes/ciphers
OpenSSL and GnuTLS Comparison Each speed test consists of one encryption pass directly followed by a decryption pass Ciphers Tested OpenSSL - AES, Blowfish,CAST5,3DES, XTEA GnuTLS AES, Blowfish, CAST5,3DES, Serpent, Twofish Average of KB of data processed per unit time with different distributions 35,000 30,000 25,000 20,000 15,000 10,000 5,000 0 Throughput KB/s Ubuntu-hardy Debian-lenny Ubuntu-Gutsy Fedora8 Debian-etch GnuTLS OpenSSL
Problems Ciphers compared are not same average values could have been shifted Varying Buffer size values were calculated and only ran once should have ran multiple times until results avg. out Only Symmetric ciphers are tested
NSS The SSL_RSA_WITH_RC4_128_MD5 (SSL3) cipher is used Restart runs utilize cache which results in higher throughput Full runs handshake every connection which introduce overhead Type Ops/sec CPU-usage(%) Full 156.23 95 Full-zones 216.55 100 Restart 220.76 90 Restart-zones 569.82 86
600 500 400 300 200 100 0 Throughput and CPU usage Full Full-zones Restart Restart-zones Throughput (Ops/sec) CPU-usage(%) CPU utilization is near about same for each run So varying throughput is a function of Memory access speed Depending the use of cache, throughput can be vastly increased
Performance Tests Comparison based OS running natively vs in Virtual machine Libraries compared OpenSSL and GnuTLS Native machine and VM both are running equal environments Ubuntu 16.04 CPU Intel core i5 2.20GHz RAM 4GB Disk 25GB
OpenSSL 350000 300000 250000 200000 150000 100000 50000 0 Throughput (KB/s) Comparison 1 10 100 1000 10000 Buffer Size (Bytes) Native VM SHA256 with varying buffer size (16,64,256,1024,8192 Bytes) Buffer size above 1000 bytes, starts to saturate throughput 330MB/s In VM, low throughput is observed because of overhead of running inside VM After increasing buffer value by certain value bottleneck can occur
GnuTLS 700000 600000 500000 400000 300000 200000 100000 0 Hashing algorithms checked for fixed payload size (16384 bytes) MACs - SHA1, SHA256,SHA512 Throughput around 300MB/s In VM low throughput Throughput KB/s SHA1 SHA256 SHA512 Native VM
Conclusion Best library? Depends on criteria Higher Throughput and simple OpenSSL (32MB/s) Portable and lightweight - GnuTLS Cross Platform support NSS License compatibility - Apache License (used by OpenSSL) are incompatible with the GPL, GnuTLS or NSS Novice TLS developer OpenSSL Wide Support Simple to use Single platform and no compatibility required
Thank You!
References [1] Timo Bingmann,(14th July 2008), Speedtest and Comparison of Open-Source Cryptography Libraries and Compiler Flags, [online]. Available: https://panthema.net/2008/0714-cryptography-speedtest-comparison/ [2] OpenWrt Oraganisation (n.d). OpenSSL Benchmarks tool. [online]. Availble: https://wiki.openwrt.org/doc/howto/benchmark.openssl [3] GNU TLS, Transport Layer Security Library for the GNU system, for version 2.0.2, 17 October 2007. Available: http://ports.gnu-darwin.org/security/gnutls/work/gnutls- 2.0.2/doc/gnutls.pdf [4] Mozilla Developer Network. Network Security Services. Available: https://developer.mozilla.org/en-us/docs/mozilla/projects/nss#documentation. Accessed: Sep. 8,2017.