Presentation is loading. Please wait.

Presentation is loading. Please wait.

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing.

Similar presentations


Presentation on theme: "T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing."— Presentation transcript:

1 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing excessive cryptographic processing in SSL Connections: how much can you save?

2 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 2 Outline Introduction MC-SSL Background Methodology Theoretical Results Actual Results Conclusion Future Work

3 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 3 Introduction Security processing is CPU intensive Recent developments on mobile devices increased its security requirements ex. –Processing stock transaction –Accessing financial institutes Hence…the technology development does not fully meet the requires of its applications

4 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 4 Introduction(2) Similar issues plague battery life of mobile devices in that new applications drain the battery at a faster pace than before –Resolve by scalable features –Ex. Asus notebooks feature “Asus Power4 Gear Software” that controls CPU speed, LCD brightness, and WLAN

5 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 5 MC-SSL Background Developed by James Song – allow third- party (partially trusted) WAP proxy gateway providers –Some mobile devices cannot directly access data from outside the service provider’s network –Ex. IP packets need to be transformed into WAP packets before mobile devices are able to view it

6 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 6 MC-SSL Background

7 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 7 Methodology Java Secure Socket Extension (JSSE) API Three Elements –Client –SSL Web Server –Clear Text Web Server SSL and Clear Text Web Server on one computer, client on a separate one to avoid interference

8 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 8 Methodology – Web Servers SSL Web Server Enable Two Cipher Suites –SSL_RSA_WITH_NULL_SHA –TLS_RSA_WITH_AES_128_CBC_SHA Clear Text Web Server is an unmodified open-source java Web Server Both host MP3 files ranging from 1 to 10 Mbytes, at an interval of 1 Mbyte

9 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 9 Methodology – Client Initiates connection by enabling one of the two cipher suites offered by the Web Server Employs Java Native Interface (JNI) for CPU measurement –C Library –Collects three measurements Process’s CPU Time Elapsed Time CPU Utilization CPU Utilization = Process CPU Time Elapsed Time

10 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 10 Methodology – Overall Client

11 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 11 Theoretical Results

12 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 12 Theoretical Results Based on S. Ravi et al ’ s “ Securing Wireless Data: System Architecture Challenges ” Assumed linear Max: 86.5% Intercept: 30% 3DES535.9 AES206.3 SHA115.4 MD533.1

13 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 13 Actual Results

14 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 14 Actual Results Max: 76.4% [vs 86.5%] Linear Intercept ~35% Slope similar, low influence of connection overhead at 10 Mbyte file size

15 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 15 Conclusion Support the use of scalable secure socket layer connection when CPU capabilities are limited Sending large, non-confidential data using integrity only channel can save up to 50% CPU processing power Case Study on banking application reveals only 3.4% of data requiring both confidentiality and integrity – 37% CPU saving

16 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 16 Conclusion Issues –Reintegrating data back together from separate channels –Deciding what type of channel for each data

17 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 17 Future Work Vary the total file size that is transferred via the network (instead of 10Mbytes) –8 Mbytes –6 Mbytes –4 Mbytes, … Need to isolate the point which the scheme is ineffective due to overhead Experiment on PDA devices (300 MHz, accessing b/g wireless network)


Download ppt "T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing."

Similar presentations


Ads by Google