Presentation is loading. Please wait.

Presentation is loading. Please wait.

AT&T Labs Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies,

Published byDarrell Hollow Modified over 9 years ago

Similar presentations

Presentation on theme: "AT&T Labs Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies,"— Presentation transcript:

1 AT&T Labs Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies, AT&T Labs Joint Work with Paul Reeser 5th INFORMS Telecom Conference Boca Raton, 7 March 2000

2 AT&T Labs 03/07/00 - TC2.2 VM - 2 Performance Implications of Security Protocols: Outline of Talk Overview of Secure Sockets Layer v3.0Overview of Secure Sockets Layer v3.0 –SSL Handshake Protocol –SSL Record Protocol Factors Affecting PerformanceFactors Affecting Performance –Handshake Layer: socket setup, key generation, session caching –Record Layer: encryption/decryption, hardware accelerators Performance Results & ObservationsPerformance Results & Observations –LDAP over SSL over Ethernet –HTTP over SSL over Internet response time, network traffic

3 AT&T Labs 03/07/00 - TC2.2 VM - 3 Performance Implications of Security Protocols: Overview of Secure Sockets Layer Secure Sockets Layer (SSL) protocol Sandwiched in between L4 application protocol (eg, HTTP) and reliable L3 transport protocol (TCP)Sandwiched in between L4 application protocol (eg, HTTP) and reliable L3 transport protocol (TCP) –eg, HTTPS (port 443) ~ HTTP / SSL / TCP/IP / Ethernet Two cryptography layers within SSL SSL Handshake (aka Message) layerSSL Handshake (aka Message) layer –RSA certificate/public-key exchange for authentication –cryptographic parameters (session key) establishment SSL Record layerSSL Record layer –encapsulation of higher level protocols (including Handshake) –RC4 compression + bulk encryption of data using session key –MD5 message authentication code (MAC) for data integrity

4 AT&T Labs 03/07/00 - TC2.2 VM - 4 Performance Implications of Security Protocols: SSL Handshake Layer ClientServer TCP SYN TCP SYN-ACK Application Request (eg, HTTP POST) Response [Digital Certificate], [ClientKeyExchange], [CertificateVerify] ChangeCipherSpec Finished (encrypted) P(z),K(fin) rand z P(z) K=f(x,y,z) K(fin) SSL Client Hello [Session ID, if cached] ClientHelloDone x rand x SSL Server Hello [Digital Certificate], [ServerKeyExchange], [CertificateRequest] ServerHelloDone y,P rand y public key P [CertificateVerify] ChangeCipherSpec Finished (encrypted) K(fin) z=P -1 P(z) K=f(x,y,z) K(fin)

5 AT&T Labs 03/07/00 - TC2.2 VM - 5 Message Type (handshake, data, alert,...) : 1B Protocol Version : 2B Fragment Length : 2B Sequence Number : 8B Compressed, encrypted data + MAC: up to 16KB If stream cipher: encrypted size = compressed size If block cipher: padded to make it into 8B blocks Performance Implications of Security Protocols: SSL Record Layer Compresses 16KB units of higher layer application dataCompresses 16KB units of higher layer application data Computes message auth code (MAC) on compressed dataComputes message auth code (MAC) on compressed data Encrypts compressed data using 40- or 128-bit session keyEncrypts compressed data using 40- or 128-bit session key Sends headers + encrypted compressed data + MACSends headers + encrypted compressed data + MAC

6 AT&T Labs 03/07/00 - TC2.2 VM - 6 Performance Implications of Security Protocols: Factors Affecting Performance I Secure SSL socket setup (handshake) Network latency :Network latency : –adds ~ 2 RTTs to delay for first segment of application response (4 RTTs for secure SSL socket vs 2 RTTs for clear TCP socket) eg, @ 200ms Internet RTT, adds ~ 400ms to response time Network bandwidth :Network bandwidth : –adds ~ 2KBs to total application traffic on network eg, @ 26.4Kbps modem throughput, adds ~ 650ms to latency significant for small transactions (eg, HEAD, POST login) CPU consumption :CPU consumption : –costs ~ O(300ms) of additional server CPU consumption session-key generation + 1024-bit RSA decryption operation –adds ~ 300/(1–ρ) ms to application response time, where ρ = server CPU utilization

7 AT&T Labs 03/07/00 - TC2.2 VM - 7 Performance Implications of Security Protocols: Factors Affecting Performance II Session state management (ID caching) Client can request to resume previously established sessionClient can request to resume previously established session –client includes Session ID in Client Hello message –allows multiple HTTP transactions w/in single SSL session Beneficial for “sessional” applications (eg, secure WebMail)Beneficial for “sessional” applications (eg, secure WebMail) –avoids session key generation & server decrypt operation –avoids 1 out of 2 extra RTTs & some extra data exchange But, could be detrimental for secure “transactional” apps, where SSL session = 1 tx (eg, secure login + insecure WM)But, could be detrimental for secure “transactional” apps, where SSL session = 1 tx (eg, secure login + insecure WM) –may have significant overhead due to session ID mgmt (inefficient if client performs only one secure transaction)

8 AT&T Labs 03/07/00 - TC2.2 VM - 8 Performance Implications of Security Protocols: Factors Affecting Performance III Hardware accelerator cards PCI adapter board with RSA public-key math co-processorPCI adapter board with RSA public-key math co-processor –CryptoSwift (Rainbow Technologies) –nFast (nCipher Corporation Ltd) Supports most security protocols & cryptography methodsSupports most security protocols & cryptography methods –SSL, SET, SSH, IPSec, … –RSA, PGP (Diffie-Hellman), DSA,... Vendors’ claims for single accelerator board:Vendors’ claims for single accelerator board: –10-fold reduction in CPU consumption for SSL setup –20-fold increase in SSL transaction throughput –50% reduction in SSL transaction response time –but, only modest acceleration of RC4 bulk encryption

9 AT&T Labs 03/07/00 - TC2.2 VM - 9 Performance Implications of Security Protocols: Factors Affecting Performance IV RC4 bulk encryption (symmetric key) 40-bit (export) vs 128-bit (domestic) RC4 session cipher-key40-bit (export) vs 128-bit (domestic) RC4 session cipher-key –we found little or no impact on response time –re CPU consumption: accelerator vendors claim that “RC4 only consumes a few percent of your processor” “RC4 only consumes a few percent of your processor” –our results suggest otherwise

10 AT&T Labs 03/07/00 - TC2.2 VM - 10 Retrieve personal address book from LDAP directory serverRetrieve personal address book from LDAP directory server * empty PAB = SSL connection (key exch, authentication, handshake, etc) ResultsResults –handshake ~ 1.8x impact –encryption ~ 1.75x impact Performance Implications of Security Protocols: Results for LDAP / SSL / Ethernet

11 AT&T Labs 03/07/00 - TC2.2 VM - 11 Performance Implications of Security Protocols: Results for HTTP / SSL / Internet Test Configuration Server :SGI Challenge L (4 194Mhz CPUs), Irix 6.5, SSL 3.0 (128-bit), Netscape Enterprise 3.6Server :SGI Challenge L (4 194Mhz CPUs), Irix 6.5, SSL 3.0 (128-bit), Netscape Enterprise 3.6 Clients :NT workstation + NT server, Silk Performer 2.5Clients :NT workstation + NT server, Silk Performer 2.5 Network :56Kbps modem (connecting @ 26.4Kbps)Network :56Kbps modem (connecting @ 26.4Kbps) “WebMail” Transaction Workload Login (https POST user name + password)Login (https POST user name + password) –no SSL, SSL – handshake (ID cached), SSL + handshake Downloads (20KB, 100KB, 200KB, 500KB, 1MB ascii files)Downloads (20KB, 100KB, 200KB, 500KB, 1MB ascii files) –no SSL, and SSL – handshake (ID cached) Performance Metrics client response time, server CPU time, network trafficclient response time, server CPU time, network traffic

12 AT&T Labs 03/07/00 - TC2.2 VM - 12 Performance Implications of Security Protocols: WebMail Login Response Time 3.15 2.3 1.6

13 AT&T Labs 03/07/00 - TC2.2 VM - 13 Performance Implications of Security Protocols: WebMail Download Response Time 10 8 40 30 80 63 196 150 397 280

14 AT&T Labs 03/07/00 - TC2.2 VM - 14 Performance Implications of Security Protocols: WM Download Response Time Ratio 1.32

15 AT&T Labs 03/07/00 - TC2.2 VM - 15 Performance Implications of Security Protocols: WM Download Response Time/KB 0.40 0.30

16 AT&T Labs 03/07/00 - TC2.2 VM - 16 Performance Implications of Security Protocols: WM Download Network KB/File KB 1.13

17 AT&T Labs 03/07/00 - TC2.2 VM - 17 Performance Implications of Security Protocols: Hardware Accelerators PCI adapter board with RSA public-key math co-processorPCI adapter board with RSA public-key math co-processor –CryptoSwift (Rainbow Technologies), nFast (nCipher Corp) Vendors’ claims for single accelerator board:Vendors’ claims for single accelerator board: –10-fold reduction in CPU consumption for SSL setup –20-fold increase in SSL transaction throughput –50% reduction in SSL transaction response time * “CryptoSwift Performance under SSL with File Transfer” Keung (1997) **

18 AT&T Labs 03/07/00 - TC2.2 VM - 18 Performance Implications of Security Protocols: Conclusions of Study 4Handshake adds 2 RTTs, 2KB traffic, O(300ms) CPU time –Login latency (via modem, low server load) ~ 2.0x increase 4Session ID caching can recoup ~ 1/2 of added overhead, provided application workload is “sessional” not “transactional” –Login latency (via modem, low server load) ~ 1.4x increase 4Download latency (via modem, low server load) ~ 1.3x impact 4Net effect on server CPU (via modem, low server load) : huge CPU penalty to download in SSL (up to 250x increase!) –either RC4 bulk encryption is costly, or SSL file download over low-speed connection is extremely inefficient (TBD...) 4Little/no effect on network traffic (compression not apparent) 4Crypto accelerators may offer promise in some scenarios –little help for bulk encryption, but promising for handshake

Download ppt "AT&T Labs Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies,"

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Internet Security CSCE 813 Transport Layer Security

Internet Security CSCE 813 Transport Layer Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2009 Chapter 5 Network Security Protocols in Practice Part II.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

Similar presentations

Ads by Google