V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost? In Conference on Computer Communications (IEEE Info-com), New York, March 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....way security mechanisms (such as protocols) are employed in the system context [Aba00] which in practice o ers more vulnerabilities than the mechanisms themselves [And01] Also one sometimes has to adjust protocols to speci c situations, e.g. for resource bounded applications. As an example, APS99] Here we use the convention that where the values are supposed to be boolean values, they need not be written (then presence of the label denotes the value true, and absence denotes false) 6 Init K K OK msg = S PS K K M C Resp( S ) y resp SK PS 1 y: msg 1 Init( SK ) ....

V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost ? In Conference on Computer Communications (IEEE Infocom), New York, March 1999.

....init(N C C S K S K CS xchd( m ) init,2 init,3 1 ,K ,Dec (C: K ) resp,3 Dec 1 = k k : N ] C C K C CS C K K S CA resp(N , Dec (K : N ) Dec (S: K ) msg =C: msg ] Fig. 3. Variant of TLS Example: Proposed variant of TLS The protocol in Figure 3 has been proposed in [APS99] as a variant of the handshake protocol of TLS (the successor of the Internet protocol SSL) to satisfy certain performance constraints (for more details cf. J ur01c] 4.1 Interpreting Sequence Diagrams To specify security properties we give a formal interpretation of sequence diagrams in the ....

V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost ? In Conference on Computer Communications (IEEE Infocom), New York, March 1999.

....by formal methods [20] and has operated on the internet as the de facto browser security method for a number of years. On the downside, measurements indicate that SSL based connections have up to an order of magnitude performance degradation when compared to the standard insecure connections [2, 13]. Secure shell is a public domain security system that implements encryption at the communication end points for BSD like remote shell commands [36] The performance results available for SSH are not recent. A throughput of about 4Mbps on a 486 class machine has been cited [35] We experimented ....

....IO load on the system, except for the benchmarked network IO. In some experiments that were done with active programs to simulate the load of web servers implementing cryptographic processing, a bandwidth drop of about 10 times was observed. A similar observation has been made by other researchers [2, 13], who point out the order of magnitude degradation of user encryption performance as compared to the unencrypted channel. Thus the observations 37 of Figure 6.5 reflect the best case scenario for user encryption. Figure 6.6: Clock Cycles per Byte : User encryption vs Kernel encryption The ....

APOSTOLOPOULOS, G., PERIS, V., AND SAHA, D. Transport layer security: How much does it really cost. In Proceedings of the IEEE INFOCOM, 1999.

....time analysis does not represent operation in a network in which resources are shared among many users. The KDC, proxy, and application servers are of particular concern. Authentication protocols that use public key encryption have been observed to consume a significant amount of server resources [20]. In [21] we developed a modeling strategy that used closed queuing networks with class switching [22] to represent public key variants of Kerberos under a variety of host and network assumptions. This technique allowed us to model transactions that consumed widely varying average service times ....

Apostolopoulos, G., V. Peris, and D. Saha. Transport Layer Security: How much does it really cost? in IEEE INFOCOM. 1999.

....have been benchmarked and analyzed in [26] The performance characteristics of Kerberos have been loosely measured in some of its pilot applications [27] with good results. The predominant role of public key cryptography in electronic commerce has motivated several performance studies. In [28], Apostolopoulos and Peris look at ways to reduce the impact of the private key encryption step in the Transport Layer Security (TLS) protocol. In [29] Menasc and Almeida use analytical modeling to assess the tradeoff between performance and security in ecommerce applications using protocols such ....

Apostolopoulos, G., V. Peris, and D. Saha. Transport Layer Security: How much does it really cost? in IEEE INFOCOM. 1999.

.... CA :client :server [ msg =C: msg ] msg =S: k (msg ) resp,2 init(N C C S K 1 S K CS xchd( m ) init,2 init,3 C 1 ,K ,Dec (C: K ) resp(N , Dec (K : N ) Dec (S: K ) resp,3 Dec C K 1 = k k : N ] C CA 1 C K C CS C K K S This protocol has been proposed in [APS99] as a variant of the handshake protocol of TLS (the successor of the Internet protocol SSL) to satisfy certain performance constraints (for more details cf. J ur00a] 4.1 Interpreting Sequence Diagrams To specify security properties we give a formal interpretation of sequence diagrams in the ....

V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost ? In Conference on Computer Communications (IEEE Infocom), New York, March 1999.

.... out in [Mea95] Related Work This line of work was initiated in [J ur01b] where secrecy was shown to be preserved under various standard re nements in the framework Focus and where it was used to uncover a previously unpublished aw in a variant of the handshake protocol of TLS 1 proposed in [APS99] to propose a correction and to prove it secure. An overview on the use of formal methods in security protocols is given in [Mea96] The need for composability is pointed out in [Mea00] Var91] gives a hook up property for information ow secure nets. Mea92] discusses composability of ....

V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost ? In Conference on Computer Communications (IEEE Infocom), New York, March 1999.

....re nements of the framework. We also give a rely guarantee version of the secrecy property and show preservation by re nement. We demonstrate adequacy of the proposed secrecy notion by using it to uncover a previously unpublished aw in a variant of the handshake protocol of TLS 1 proposed in [APS99] to propose a correction and to prove it secure. As an example for the stepwise development of a secure system we then give an abstract speci cation of a secure channel and re ne it to a more concrete speci cation. The abstract speci cation satis es secrecy, and by our preservation result the ....

....C; D StreamOP Stream I P with C D, if P preserves the secrecy of m assuming C and P ;D P 0 then P 0 preserves the secrecy of m assuming C. 5 A variant of TLS To demonstrate usability of our speci cation framework we specify a variant of the handshake protocol of TLS as proposed in [APS99] and demonstrate a previously unpublished weakness. 5.1 The Handshake Protocol The goal is to let a client C send a master secret m 2 Secret to a server S in a way that provides con dentiality and server authentication. The protocol uses both RSA encryption and signing. Thus in this and the ....

V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost ? In Conference on Computer Communications (IEEE Infocom), New York, March 1999.

....performance critical systems. There is a strong movement towards transport layer security for devices connected to the Internet. However, one study has shown that implementing the secure sockets layer (SSL) protocol on a web server has resulted in a two orders of magnitude decrease in throughput [1]. This paper shows that using an e mail type security scheme on data transactions of 64 KBytes imposes an approximate overhead of 30 ms for writing and 10 ms for reading. To put this in perspective, modern disk drives take 8 ms to seek to a block and 5 ms to read or write a 64 KByte block. Using a ....

G. APOSTOLOPOULOS, V. PERIS AND D.SAHA, "Transport Layer Security: How much does it really cost?," In Proc. IEEE INFOCOM, March 1999.

....cation of the server certi cate(s) and generation and encryption of the master secret are the major operations performed on the client side. Ironically, the most expensive of the crypto operations is performed at the server, which signi cantly reduces the number of connections it can support. In [4], we propose modi cations to SSL handshake protocol that sigini cantly reduces the server side overhead. Note that both server and client side operations are more expensive when the server uses longer private keys. For US domestic use 1024 bit server keys are recommended and used. Reusing ....

G. Apostolopoulos, V. Peris, P. Pradhan, and D. Saha. Transport Layer Security: How Much Does It Really Cost? In Proceedings of the IEEE INFOCOM, March 1999.

....associated with this session is still in its cache. If the session state exists in the cache, it uses the stored secret to create keys for the secure channel. The latency involved in setting up a secure connection using cached session state is an order of magnitude lower than a full SSL handshake [2]. In this paper we focus on SSL session reuse in the context of a server cluster. To better understand the problem consider a scenario similar to the one depicted in Figure 3 where a cluster of Web servers are serving HTTP requests over SSL. The L5 system is responsible for dispatching the ....

G. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost? In Proceedings of the IEEE INFOCOM, 1999.

No context found.

V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost? In Conference on Computer Communications (IEEE Info-com), New York, March 1999.

No context found.

G. Apostolopoulos, V. Peris, and D. Saha, "Transport Layer Security: How much does it really cost?," Proc. IEEE Infocom, March 1999.

No context found.

G. Apostolopoulos, V. Peris, and D. Saha, "Transport Layer Security: How Much Does it Really Cost?" in INFOCOM: The Conference on Computer Communications, joint conference of the IEEE Computer and Communications Societies, March 1999.

No context found.

V. Apostolopoulos, V. Peris, and D. Saha. Transport layer security: How much does it really cost ? In Conference on Computer Communications (IEEE Infocom), New York, March 1999.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC