Presentation is loading. Please wait.

Presentation is loading. Please wait.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Published byCrystal Cox Modified over 8 years ago

Similar presentations

Presentation on theme: ".Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras."— Presentation transcript:

1 .Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras

2 Introduction Client Authentication Hashing Algorithms Symmetric Key Algorithms Asymmetric Key Algorithms Conclusion Content

3 Has Security Slowed Down The Application? Yes, security has slowed down the application. Today, through this presentation I will be analysing the performance of various security options available in.Net. Here I will compare the relative performance of various Security options available for client authentication, hashing algorithms, symmetric and asymmetric key algorithms.

4 Client Authentication Various options that were checked under client authentication are Anonymous Basic Basic_SSL (Secure Sockets Layer) Kerberos Digest FormsAuth_AD FormsAuth_SQL

5 Client Authentication cont… Anonymous : No authentication is performed. Basic: Client provides credentials to the Web server, and server authenticates him. This is extremely insecure as password is sent over the network in clear text (it is base64-encoded, which is very easy to decode). Basic_SSL: Similar to Basic, but in this we use SSL, that is we now have a secure channel in which the credentials are sent.

6 Client Authentication cont… Kerberos: The credentials given by the client are sent directly to the Ticket Granting service server, which authenticates the credentials and issues a Kerberos ticket to the client. This ticket is a temporary certificate containing information that identifies the user to the network server. Digest: The server sends a challenge to the client asking for the username and password. Hash of the password is used to encrypt, which is then sent to the server where the client gets authenticated. The password is not sent in clear text, which certainly is an advantage over Basic authentication.

7 Client Authentication cont… FormsAuth_AD: This uses ASP.NET Forms authentication. User accounts are in Active Directory. FormsAuth_SQL: This uses ASP.NET Forms authentication. User accounts are stored in SQL Server 2000. Instead of storing passwords as clear text, hash values of them are stored for extra security.

8 Client Authentication cont… In Basic, Basic_SSL, Kerberos, and Digest authentication, the flow of HTTP headers look like:

9 Client Authentication cont… The flow of HTTP headers for ASP.NET Forms authentication looks like:

10 Client Authentication cont… Anonymous has the best performance. Kerberos and Digest have similar performance. Basic and FormsAuth_SQL have similar performance. FormsAuth_AD is the slowest of all.

11 Sample Code for Basic authentication. protected void Page_Load(object sender, EventArgs e) { Label1.Text = User.Identity.Name; if(User.Identity.Name==“Domain\\username") Response.Redirect(“………"); }

12 Sample Code for Forms authentication

13 SqlConnection conn; conn = new SqlConnection("Data Source=Domain\\SQLEXPRESS; Initial Catalog=assignment2;Integrated Security=True"); conn.Open(); SqlCommand cmd =new SqlCommand("select count(username) from login where username='"+sHashedUserName+"'and password='"+sHashedPassword+"'",conn); FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false); Sample Code for Forms authentication

14 Hashing Algorithms Hash algorithms map a piece of data of arbitrary size to a small unique value of fixed length. We will compare the SHA1, SHA512 and MD5 algorithms. MD5 produces a hash of 128 bits. SHA1 produces a hash of 160 bits. SHA512 produces a hash of 512 bits. We will also see how data size effects the performance.

15 The performance of all the three algorithms are almost same when the data size is 4KB Hashing Algorithms cont…

16 As data size increases we see the difference in performance of different algorithms. At 5 concurrent users, performance of MD5 is 33% faster than SHA1. Performance of SHA512 degrades with data size, it is around 55% slower than SHA1.

17 As data size increases the performance of algorithms differ. Performance of MD5 is around 43% faster than SHA1 at 5 concurrent users and at other times it is around 20%. Performance of SHA512 is around 72% slower than SHA1.

18 1. Computing hash values using MD5: String sHashedPassword = FormsAuthentication. HashPasswordForStoringInConfigFile( String, "MD5"); 2. Computing hash values using SHA1: SHA1 sha1; byte[] b = sha1.ComputeHash(Value); Basic sample code

19 Symmetric Key Algorithms Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption. The encryption key is trivially related to the decryption key, in that they may be identical or there is a simple transform to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link.

20 Performance of four algorithms are compared here, DES, 3DES, RC2,Rijndael. In System.Security.Cryptography we have implementations of DES, TripleDES, RC2, Rijndael. The performance was compared based on how these algorithms encrypts the data and then decrypts the encrypted bytes. Performance is also noted for different data size of 4KB, 100KB, 500KB to see how data size effects performance. Symmetric Key Algorithms cont…

21 With small data size performance of Rijndael is better than others. DES performs well, over 3DES and RC2, but is vulnerable to brute force attack due to its small key size. 3DES and RC2 perform almost in a similar fashion.

22 By increase in data size, we see a entirely different picture in performance of these algorithms. DES is the fastest, followed by RC2 which is 20% faster than 3DES. Rijndael is slowest, 25% slower than 3DES.

23 Asymmetric Key Algorithm Asymmetric key algorithms, is a form of cryptography in which a user has a pair of cryptographic keys - a public key and a private key. The private key is kept secret, while the public key may be widely distributed. The keys are related mathematically, but the private key cannot be practically derived from the public key. A message encrypted with the public key can be decrypted only with the corresponding private key.

24 The two common asymmetric algorithms are RSA and DSA. RSA can be used for both encryption and signature generation. On the other hand, DSA can only be used to generate signature. We compared RSA and DSA algorithms based on how fast they generate a digital signature and how fast they verify a signature. In the RSA digital signature process, the private key is used to encrypt only the message digest. The encrypted method becomes the digital signature. DSA uses special mathematical functions to generate a digital signature composed of two 160-bit numbers that are derived from the message digest and the private key.

25 Performance of DSA is 29% faster than RSA while generating signature. When the data size is increased, DSA still remains faster than RSA.

26 In Verifying the signature, performance of RSA is faster than DSA by about 29%. With increase in data size performance difference becomes almost negligible.

27 As these tests demonstrate, authentication schemes, hashing algorithms, and cryptography techniques carry varying amounts of overhead, and therefore have vastly different performance characteristics. The size of data being passed to hashing algorithms, as well to cryptography techniques, is also significant. When designing a secure system, the implementation techniques should be chosen based on threat mitigation first and performance second. For instance, basic authentication without SSL could be used for better performance, but no matter how fast it is, it would not be useful in systems that are vulnerable to threats not mitigated by it. When Combination authentication and data privacy are taken into account the over all performance varies. Performance of secure system depends on the various schemes being used. Conclusion

28 Reference http://msdn2.microsoft.com/en-us/library/ms978415.aspx http://www.ondotnet.com/pub/a/dotnet/2003/01/06/formsauthp1.html

Download ppt ".Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Cryptographic Technologies

Cryptographic Technologies
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.

Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Similar presentations

Ads by Google