1 / 17

Analysis of Scalable Security – MC-SSL Simulation

Analysis of Scalable Security – MC-SSL Simulation. Reducing excessive cryptographic processing in SSL Connections: how much can you save?. Outline. Introduction MC-SSL Background Methodology Theoretical Results Actual Results Conclusion Future Work. Introduction.

kurt
Download Presentation

Analysis of Scalable Security – MC-SSL Simulation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Analysis of Scalable Security – MC-SSL Simulation Reducing excessive cryptographic processing in SSL Connections: how much can you save? MC-SSL Simulation

  2. Outline • Introduction • MC-SSL Background • Methodology • Theoretical Results • Actual Results • Conclusion • Future Work MC-SSL Simulation

  3. Introduction • Security processing is CPU intensive • Recent developments on mobile devices increased its security requirementsex. • Processing stock transaction • Accessing financial institutes • Hence…the technology development does not fully meet the requires of its applications MC-SSL Simulation

  4. Introduction(2) • Similar issues plague battery life of mobile devices in that new applications drain the battery at a faster pace than before • Resolve by scalable features • Ex. Asus notebooks feature “Asus Power4 Gear Software” that controls CPU speed, LCD brightness, and WLAN MC-SSL Simulation

  5. MC-SSL Background • Developed by James Song – allow third-party (partially trusted) WAP proxy gateway providers • Some mobile devices cannot directly access data from outside the service provider’s network • Ex. IP packets need to be transformed into WAP packets before mobile devices are able to view it MC-SSL Simulation

  6. MC-SSL Background MC-SSL Simulation

  7. Methodology • Java Secure Socket Extension (JSSE) API • Three Elements • Client • SSL Web Server • Clear Text Web Server • SSL and Clear Text Web Server on one computer, client on a separate one to avoid interference MC-SSL Simulation

  8. Methodology – Web Servers • SSL Web Server Enable Two Cipher Suites • SSL_RSA_WITH_NULL_SHA • TLS_RSA_WITH_AES_128_CBC_SHA • Clear Text Web Server is an unmodified open-source java Web Server • Both host MP3 files ranging from 1 to 10 Mbytes, at an interval of 1 Mbyte MC-SSL Simulation

  9. Methodology – Client • Initiates connection by enabling one of the two cipher suites offered by the Web Server • Employs Java Native Interface (JNI) for CPU measurement • C Library • Collects three measurements • Process’s CPU Time • Elapsed Time • CPU Utilization Process CPU Time ----------------------- Elapsed Time CPU Utilization = MC-SSL Simulation

  10. Methodology – Overall Client MC-SSL Simulation

  11. Theoretical Results MC-SSL Simulation

  12. Theoretical Results • Based on S. Ravi et al’s “Securing Wireless Data: System Architecture Challenges” • Assumed linear • Max: 86.5% • Intercept: 30% MC-SSL Simulation

  13. Actual Results MC-SSL Simulation

  14. Actual Results • Max: 76.4% [vs 86.5%] • Linear • Intercept ~35% • Slope similar, low influence of connection overhead at 10 Mbyte file size MC-SSL Simulation

  15. Conclusion • Support the use of scalable secure socket layer connection when CPU capabilities are limited • Sending large, non-confidential data using integrity only channel can save up to 50% CPU processing power • Case Study on banking application reveals only 3.4% of data requiring both confidentiality and integrity – 37% CPU saving MC-SSL Simulation

  16. Conclusion • Issues • Reintegrating data back together from separate channels • Deciding what type of channel for each data MC-SSL Simulation

  17. Future Work • Vary the total file size that is transferred via the network (instead of 10Mbytes) • 8 Mbytes • 6 Mbytes • 4 Mbytes, … • Need to isolate the point which the scheme is ineffective due to overhead • Experiment on PDA devices (300 MHz, accessing 802.11b/g wireless network) MC-SSL Simulation

More Related