Presentation is loading. Please wait.

Presentation is loading. Please wait.

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing.

Published byDalton Efurd Modified over 9 years ago

Similar presentations

Presentation on theme: "T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing."— Presentation transcript:

1 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing excessive cryptographic processing in SSL Connections: how much can you save?

2 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 2 Outline Introduction MC-SSL Background Methodology Theoretical Results Actual Results Conclusion Future Work

3 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 3 Introduction Security processing is CPU intensive Recent developments on mobile devices increased its security requirements ex. –Processing stock transaction –Accessing financial institutes Hence…the technology development does not fully meet the requires of its applications

4 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 4 Introduction(2) Similar issues plague battery life of mobile devices in that new applications drain the battery at a faster pace than before –Resolve by scalable features –Ex. Asus notebooks feature “Asus Power4 Gear Software” that controls CPU speed, LCD brightness, and WLAN

5 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 5 MC-SSL Background Developed by James Song – allow third- party (partially trusted) WAP proxy gateway providers –Some mobile devices cannot directly access data from outside the service provider’s network –Ex. IP packets need to be transformed into WAP packets before mobile devices are able to view it

6 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 6 MC-SSL Background

7 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 7 Methodology Java Secure Socket Extension (JSSE) API Three Elements –Client –SSL Web Server –Clear Text Web Server SSL and Clear Text Web Server on one computer, client on a separate one to avoid interference

8 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 8 Methodology – Web Servers SSL Web Server Enable Two Cipher Suites –SSL_RSA_WITH_NULL_SHA –TLS_RSA_WITH_AES_128_CBC_SHA Clear Text Web Server is an unmodified open-source java Web Server Both host MP3 files ranging from 1 to 10 Mbytes, at an interval of 1 Mbyte

9 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 9 Methodology – Client Initiates connection by enabling one of the two cipher suites offered by the Web Server Employs Java Native Interface (JNI) for CPU measurement –C Library –Collects three measurements Process’s CPU Time Elapsed Time CPU Utilization CPU Utilization = Process CPU Time ----------------------- Elapsed Time

10 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 10 Methodology – Overall Client

11 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 11 Theoretical Results

12 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 12 Theoretical Results Based on S. Ravi et al ’ s “ Securing Wireless Data: System Architecture Challenges ” Assumed linear Max: 86.5% Intercept: 30% 3DES535.9 AES206.3 SHA115.4 MD533.1

13 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 13 Actual Results

14 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 14 Actual Results Max: 76.4% [vs 86.5%] Linear Intercept ~35% Slope similar, low influence of connection overhead at 10 Mbyte file size

15 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 15 Conclusion Support the use of scalable secure socket layer connection when CPU capabilities are limited Sending large, non-confidential data using integrity only channel can save up to 50% CPU processing power Case Study on banking application reveals only 3.4% of data requiring both confidentiality and integrity – 37% CPU saving

16 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 16 Conclusion Issues –Reintegrating data back together from separate channels –Deciding what type of channel for each data

17 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 17 Future Work Vary the total file size that is transferred via the network (instead of 10Mbytes) –8 Mbytes –6 Mbytes –4 Mbytes, … Need to isolate the point which the scheme is ineffective due to overhead Experiment on PDA devices (300 MHz, accessing 802.11b/g wireless network)

Download ppt "T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing."

Similar presentations

Case Study: Examining the Results of P2P Collaboration at PricewaterhouseCoopers February 14, 2001 Case Study: Examining the Results of Collaboration at.

Case Study: Examining the Results of P2P Collaboration at PricewaterhouseCoopers February 14, 2001 Case Study: Examining the Results of Collaboration at.
Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)

Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)
Lazy Asynchronous I/O For Event-Driven Servers Khaled Elmeleegy, Anupam Chanda and Alan L. Cox Department of Computer Science Rice University, Houston,

Lazy Asynchronous I/O For Event-Driven Servers Khaled Elmeleegy, Anupam Chanda and Alan L. Cox Department of Computer Science Rice University, Houston,
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 1 Introduction to Perl and CGI.

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 1 Introduction to Perl and CGI.
1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.

1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.
M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.

M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.
15.082 and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem 1 24 35 10, $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $7 25 0 0 0-25.

and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem , $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Introduction to HTML, XHTML, and CSS

Introduction to HTML, XHTML, and CSS
0 - 0.

0 - 0.
Addition Facts 1 - 20.

Addition Facts
1 ALICE Grid Status David Evans The University of Birmingham GridPP 14 th Collaboration Meeting Birmingham 6-7 Sept 2005.

1 ALICE Grid Status David Evans The University of Birmingham GridPP 14 th Collaboration Meeting Birmingham 6-7 Sept 2005.
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Communicating over the Network

Communicating over the Network
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Overview Environment for Internet database connectivity

Overview Environment for Internet database connectivity
1 Chapter One Introduction to Computer Networks and Data Communications.

1 Chapter One Introduction to Computer Networks and Data Communications.
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
A Wireless Local Area Network (WLAN) is a network that interconnects devices using radio waves. Wireless networking technologies allow devices to communicate.

A Wireless Local Area Network (WLAN) is a network that interconnects devices using radio waves. Wireless networking technologies allow devices to communicate.

Similar presentations

Ads by Google