1 / 21

An Overview and Evaluation of Web Services Security Performance Optimizations

An Overview and Evaluation of Web Services Security Performance Optimizations. Robert van Engelen & Wei Zhang Department of Computer Science Florida State University. Presentation Overview. Web services security (WS-Security) protocol WS-Security processing performance issues

meda
Download Presentation

An Overview and Evaluation of Web Services Security Performance Optimizations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Overview and Evaluation of Web Services Security Performance Optimizations Robert van Engelen & Wei Zhang Department of Computer Science Florida State University IEEE ICWS 2008

  2. Presentation Overview • Web services security (WS-Security) protocol • WS-Security processing performance issues • WS-Security operations breakdown and analysis • Performance enhancements • Impact on performance of security token choices • C14N-based optimizations • Streaming versus buffering techniques • Digest-based caching strategies • Prehashing optimizations • Performance results • Conclusions IEEE ICWS 2008

  3. WS-Security • Essential component of the WS stack • Based on open standards • XML-dsig • XML-enc • Provides end-to-end security solution for messaging • Integrity • Confidentiality • Authentication (+ non-repudiation, replay attack protection) • Secures all or specific parts of an XML message IEEE ICWS 2008

  4. Related Work • [Shirusamaet al., 2004] • Reports as much as 100x slowdown when using WS-Security for SOAP/XML messaging in Grid systems • [Makino et al., 2004] • Sender-side WS-Security streaming techniques (DOM’less solution) • [Chen et al., 2007] and [Liu et al., 2005] • Compare WS-Security to non-secure messaging using various messages and message sizes, also showing significant impact • [Juric et al., 2006] • Compare WS-Security impact with SOAP/XML against RMI and EMI-SSL messaging • [Lu et al., 2005] • Receiver-side streaming model for signature validation with C14N • [Suzumura et al., 2005] and [Abu-Ghazaleh et al., 2005] • Differential (de)serialization techniques IEEE ICWS 2008

  5. TLS versus WS-Security • Transport-layer security (TLS) • Transport-layer encryption and peer authentication • Example: HTTPS • Pro: encryption is fast: • TLS negotiation for key exchange of ephemeral symmetric key • Symmetric key speeds up encryption significantly • Pro: peer authentication is fast • WS-Security message-level security • Encryption, integrity, authentication, non-repudiation • Cons: message encryption and signing are slow: • No ephemeral symmetric key (no handshake mechanism!) • Multi-pass operations over XML for encryption and signing of elements • Pro: end-to-end security IEEE ICWS 2008

  6. TLS versus WS-Security Round-Trip Messaging Performance WS-Security(DSA/RSA sign+auth) Better performance WS-Security operations WS-Security(HMAC sign+auth) TLS(XML+C14N) Transport IEEE ICWS 2008

  7. WS-Security Signatures • XML elements to be signed are first normalized • C14N XML-exc canonicalization standard • Ensures that any XML reformatting does not change signature • Receiver must re-canonicalize the elements to verify signature • Then a hash digest value (typically SHA1) is computed for each XML element and its content to be signed • The set of hash digest values are put in a “signedInfo” element in the signature • The “signedInfo” element is hashed and signed using a security token based on choice of RSA, DSA, or HMAC • Operations for sender and receiver are the same (except receiver verifies the signature) IEEE ICWS 2008

  8. WS-Security Signature Example IEEE ICWS 2008

  9. WS-Security Choice of Security Tokens • HMAC security tokens based on symmetric (shared) keys • Pro: fast • Cons: peers must keep a shared secret • RSA/DSA security tokens based on asymmetric keys • Pro: based on well-established PKI with private and public keys • Cons: slow (up to 10x) • For efficiency should consider special mechanisms for shared key establishment to support HMAC • WS-SecureConversation language can be used to establish and share security contexts • Password-authentication-based schemes often allow “shared secrets”, e.g. a hash of password for password verification IEEE ICWS 2008

  10. WS-Security HMAC Signature and Digest Authentication Time Breakdown XML Re-Canonicalization XML Canonicalization Parsing & Deserialization Serialization & SOAP composition IEEE ICWS 2008

  11. C14N Optimizations • [Lu et al., 2005]: a streaming model for signature validation • Optimize C14N re-canonicalization phase by passing inbound XML through a “streaming re-canonicalizer” • Avoids DOM storage and re-canonicalization pass (saves 12%) Verify signature XML (signed) Standard model DOM XML processor Re-canonicalize C14N streamer Verify signature Streaming model XML (signed) XML processor IEEE ICWS 2008

  12. C14N Optimizations (cont’d) • A retry model re-canonicalizes only on failure (saves <12%) • Assumes majority of cases XML is already canonicalized • Re-canonicalize only when signature verification failed Verify signature XML (signed) Standard model DOM XML processor Re-canonicalize Re-canonicalize Verify signature DOM Retry model XML (signed) XML processor IEEE ICWS 2008

  13. C14N Optimizations (cont’d) • Eliminate C14N requirements (saves 26%) • Pro: sending is faster (saves 14%) • Pro: receiving is faster (saves 12%) • Pro: lower memory requirements (no DOM) • Cons: not possible when XML is changed by intermediaries • Cons: creates tighter coupling between sender and receiver XML (signed) XML XML processor Create signature Verify signature XML (signed) XML processor IEEE ICWS 2008

  14. Streaming versus Buffering • To produce a signature, sender must process the message twice! • First pass: determine signed elements in body and put signature in header • Second pass: send header followed by body • Sender can: • Stream: serialize message twice (first sign and then send) • Buffer: serialize message once (sign and send buffered content) IEEE ICWS 2008

  15. Digest-Based Caching Optimizations • [Suzumura et al., 2005] and [Abu-Ghazaleh et al., 2005] propose differential deserialization techniques • Retrieved objects (deserialzed from XML) are kept in a cache • Inbound XML is matched against object fingerprint (hash value) • A match avoids deserialization by copying the object from cache • Can use a similar approach by storing previously parsed signed elements and deserialized content in a cache • Hash value (digestValue) already in signature! • Pro: comparing hashes is efficient and suffices to retrieve data • But performance gain is small or non-existent (saves <5%) • Cons: deserialization overhead is not critical IEEE ICWS 2008

  16. Prehashing Optimizations • Prior to sending, objects are serialized in XML and hashed • Kept in a cache with SHA1 hash value • Pro: saves hashing and serialization time • Cons: memory overhead • Improves performance for messages with lots of individually signed elements • Performance gain for body-signed messages is small or non-existent • Also serialization overhead may be low in some cases (<2.2%) IEEE ICWS 2008

  17. Performance of Sender-Side C14N Optimization C14N overhead when signing each array element Performance of message construction and signing using WS-Security on messages with arrays of objects C14N overhead when signing one element (Body) Signing the Body instead of all array XML elements is faster IEEE ICWS 2008

  18. Performance of Receiver-Side C14N Optimization C14N overhead when verifying each array element C14N overhead when verifying one element (Body) Performance of message parsing and signature verification using WS-Security on messages with arrays of objects Verifying the Body instead of all array XML elements is faster IEEE ICWS 2008

  19. Performance of Sender-Side Optimizations Streaming can be slower! Streaming is faster with prehashing Performance of message construction and signing using WS-Security on messages with arrays of objects Signing one element (Body) No signature (base line) IEEE ICWS 2008

  20. Performance of Receiver-Side Optimizations Verifying each array element Digest-based caching(100% hit rate) Verifying one element (Body) Performance of message parsing and signature verification using WS-Security on messages with arrays of objects No signature(base line) IEEE ICWS 2008

  21. Conclusions • WS-Security is still much slower than TLS-based security • Factor 2 to 10x slower for the best cases with HMAC tokens • Up to 100x slower with DSA/RSA tokens • Biggest performance gain results from HMAC tokens • C14N optimizations have the next biggest impact • Streaming and retry-based models • Differential techniques have the lowest impact • Deserialization time not critical • Memory overhead of caching • If possible, sign fewer elements in the message • Remember: nested elements are signed too • Only sign the SOAP Body when permissable IEEE ICWS 2008

More Related