论文信息 - Anatomy and Performance of SSL Processing

Anatomy and Performance of SSL Processing

A wide spectrum of e-commerce (B2B/B2C), banking, financial trading and other business applications require the exchange of data to be highly secure. The Secure Sockets Layer (SSL) protocol provides the essential ingredients of secure communications - privacy, integrity and authentication. Though it is well-understood that security always comes at the cost of performance, these costs depend on the cryptographic algorithms. In this paper, we present a detailed description of the anatomy of a secure session. We analyze the time spent on the various cryptographic operations (symmetric, asymmetric and hashing) during the session negotiation and data transfer. We then analyze the most frequently used cryptographic algorithms (RSA, AES, DES, 3DES, RC4, MD5 and SHA-1). We determine the key components of these algorithms (setting up key schedules, encryption rounds, substitutions, permutations, etc) and determine where most of the time is spent. We also provide an architectural analysis of these algorithms, show the frequently executed instructions and discuss the ISA/hardware support that may be beneficial to improving SSL performance. We believe that the performance data presented in this paper is useful to performance analysts and processor architects to help accelerate SSL performance in future processors

[1] David Brumley,et al. Remote timing attacks are practical , 2003, Comput. Networks.

[2] Ruby B. Lee,et al. Efficient permutation instructions for fast software cryptography , 2001 .

[3] R. Iyer,et al. Architectural impact of secure socket layer on Internet servers , 2000, Proceedings 2000 International Conference on Computer Design.

[4] Christopher Allen,et al. The TLS Protocol Version 1.0 , 1999, RFC.

[5] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[6] Richard Uhlig,et al. SoftSDV: A Presilicon Software Development Environment for the IA-64 Architecture , 1999 .

[7] Todd M. Austin,et al. Architectural support for fast symmetric-key cryptography , 2000, SIGP.

[8] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[9] Todd M. Austin,et al. CryptoManiac: a fast flexible architecture for secure communication , 2001, Proceedings 28th Annual International Symposium on Computer Architecture.

[10] Stephen T. Kent,et al. Security Architecture for the Internet Protocol , 1998, RFC.

[11] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .