Optimal Performance of Java Encryption

Slides:



Advertisements
Similar presentations
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Advertisements

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Principles of Information Security, 2nd edition1 Cryptography.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
FIT3105 Smart card based authentication and identity management Lecture 4.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.
Signing, Sealing, and Guarding Java TM Objects Li Gong and Roland Schemers Javasoft, Sun Microsystems, Inc. “In This Paper, We Describe a Few New Constructs.
Chapter 2 Architectural Models. Keywords Middleware Interface vs. implementation Client-server models OOP.
Sinaia, Romania August, TH Workshop “Software Engineering Education and Reverse Engineering” Dhuratë Hyseni, Betim Çiço South East European University.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
569 Semantic Web. Dr. J. Lu University of windsor, Project Presentation Encrypted Web service application Encrypted Web Application Presented by:
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
EIDE Design Considerations 1 EIDE Design Considerations Brian Wright Portland General Electric.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Professional Encryption Software FINECRYPT 8.1. Contents Introduction Introduction Features Features Installation Installation Tests Tests Results Results.
Public Key Encryption.
1 Session 3 Module 4: Java Security Module 5: Cryptography.
By Sandeep Gadi 12/20/  Design choices for securing a system affect performance, scalability and usability. There is usually a tradeoff between.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Hybrid Cryptography using symmetric key Encryption Sean Laurel Rex Bashyam, Karthik Shankar, Sai Theja kadiyala and Abdelshakour Abuzneid Department of.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
INTRODUCTION Enhanced Simplified Symmetric Key Encryption Algorithm by Mahendra kumar shrivas.
Crypto in information security
Cryptography and Network Security
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
CSCI-235 Micro-Computer Applications
Saving private Token.
Information Security and Management (Abstract) 5
Chapter 3 Internet Applications and Network Programming
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Chapter 1: Introduction
e-Health Platform End 2 End encryption
UI-Performance Optimization by Identifying its Bottlenecks
Data Encryption Standard
Introduction to security goals and usage of cryptographic algorithms
Troubleshooting the Cause for High CPU utilization with J2EE application on UNIX server PardhaSaradhi D -Senior Technology Architect Infosys Limited.
CS691 M2009 Semester Project PHILIP HUYNH
Chapter 3: Windows7 Part 1.
Cryptography and Network Security
SUBMISSION TITLE Srinivas Munigala & Principal QA Engineer
Chapter 2: System Structures
Security in Network Communications
Cryptography and Network Security
The Secure Sockets Layer (SSL) Protocol
An Introduction to Software Architecture
Lecture 10: Network Security.
Module 2 OBJECTIVE 14: Compare various security mechanisms.
Chapter -7 CRYPTOGRAPHIC HASH FUNCTIONS
ONLINE SECURE DATA SERVICE
Chapter 1: Introduction
Chapter 1: Introduction
International Data Encryption Algorithm
Chapter 1: Introduction
Chapter 1: Introduction
Operating Systems Concepts
Cryptography and Network Security
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
Web Application Development Using PHP
Presentation transcript:

Optimal Performance of Java Encryption PardhaSaradhi D -Senior Technology Architect Infosys Limited

Abstract The usage and developments of computer and Internet technology in our life, is inseparable from the Internet. The Growth of emerging internet and web based applications will be significant in future. With these developments, users are enjoying quicker and more convenient services offered by the Internet based web applications. However, we face potential security threat to sensitive information. The data transferred over the internet or network between web applications or legacy systems can be exposed. It is very essential to have more sophisticated protection mechanisms for web application data transferred over the network. In addition to this, the data stored by web application in persistent storage needs to be encrypted so as to avoid any data exposure or chance of hacking. Data encryption is an efficient method of guaranteeing information security. There are many encryption methodologies available to encrypt the data. As Java language used for majority of WEB application development with its good features of portability and object oriented programming, this paper describes about the Java Cryptography Extension (JCE) API and its performance over 128 bit and 256 bit encryption techniques.

Introduction: The Java Cryptography Extension (JCE) provides a standard framework and implementations for data encryption, the key generation, key agreement and the message authentication Code algorithms. The encryption techniques includes symmetric, asymmetric, block, and stream ciphers. Java Cryptography Extension APIs are implemented by java cryptographic service providers. Each of these cryptographic service providers implements the service provider interface which specifies the functionalities which needs to be implemented by the service providers. Programmers can plugin any Service Providers for performing cryptographic functionalities provided by JCE. Choosing the right data encryption algorithm plays a vital role in achieving performance of overall transaction. Let’s briefly understand the encryption techniques for algorithms – AES, Blowfish, RC2, RC4 and Rijndael.

Case study: In recent studies it has been identified that for value transaction applications such as mobile banking, internet banking, credit card system, etc. the account details and transaction details are transferred in an encrypted xml format. Also it is noticed that in many web services based applications xml communication happens over the network in encrypted format. Let’s understand the impact of various encryption algorithms mentioned above which are provided by HOTSPOT jvm 1.7.x version. The below sample java program written to encrypt a sample xml, which has various account details generally used for enquiry type transactions. Various xml files with size 3KB, 10KB and 50KB are given as input for encryption.

Example: A work load with 1000 concurrent threads are triggered to invoke encryption (‘encrypt(..)’) method in parallel. Only one xml file was parsed at one time for multi-threaded execution and stored in static string variable. The Xml string was passed to each thread for encryption. The same procedure was repeated for each of the encryption algorithm by passing only one xml file at a time.

Sample program: private String Xml=""; private String algor=""; private String Thread_number=""; public SampleEncryption(String str,String alg,String ThreadNo){ this.Xml=str; this.algor=alg; this.Thread_number=ThreadNo;} public void run() { try { String key = "55720414534B………………………………………………63087………………………………………………………………………………………………………………………….0324643278643…………………326D43204376743286743290874784C3260409A876"; // 128 or 256 bit key long l1=System.currentTimeMillis(); Key algKey = new SecretKeySpec(key.getBytes(), algor); Cipher cipher = Cipher.getInstance(algor); cipher.init(Cipher.ENCRYPT_MODE, algKey); byte[] encrypted = cipher.doFinal(Xml.getBytes()); long l2=System.currentTimeMillis(); System.err.println("Encryptopn cost:"+ ((l2-l1) + ":ThreadName:"+Thread_number+":"+algor)); cipher.init(Cipher.DECRYPT_MODE, algKey); String decrypted = new String(cipher.doFinal(encrypted)); long l3=System.currentTimeMillis(); }catch(Exception e) {e.printStackTrace();} }

Result analysis: The performance of encryption was measured in terms of response time (Average execution for 1000 concurrent threads) and CPU utilization. The result has been shown in graphical representation for Average execution time (Y- axis: milliseconds) and percentage of CPU utilization (Y-axis: percentage of CPU). For XML size of 3KB input file with 1000 concurrent threads, it is observed that ARCFOUR encryption algorithm has been fastest and Blowfish seems to be the slowest in encrypting the xml. The CPU utilized for ARCFOUR is the lowest and RC2 algorithm is the highest.

XML size of 10KB: For XML size of 10KB input file with 1000 concurrent threads, it is observed that RC4 encryption algorithm has been fastest and RC2 seems to be the slowest in encrypting the xml. The CPU utilized for RC4 is the lowest and RC2 algorithm is the highest.

XML size of 50KB: For XML size of 50KB (and above <1MB) input file with 1000 concurrent threads, it is observed that RC4 encryption algorithm has been fastest and AES seems to be the slowest in encrypting the xml. The CPU utilized for RC4 is the lowest and AES algorithm is the highest.

Conclusion: The above case study showcase the performance of each of ARCFOUR, AES, Blowfish, RC2, RC4 and Rijndeal java crypto algorithms. The average execution time for encryption by each of the algorithm is increased with the data to be encrypted. However it is observed that RC4 encryption algorithm is very optimistic in resource utilization (in terms of CPU) and execution time. The encryption algorithm AES found to be expensive in overall performance. The performance of various algorithm discussed in the case study are graphically represented below for encrypting different xml sizes with a concurrent load of 1000 threads.

References & Appendix The following websites has been referred to gain knowledge on JCE. http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html http://publib.boulder.ibm.com/infocenter/realtime/v1r0/index.jsp?topic=%2Fcom.ibm.rt.doc.10%2Fsecurity%2Fjce%2Fjce.html http://www.developer.com/java/other/article.php/3778011/Unlocking-the-Secrets-of-Java-Cryptography-Extensions-The-Basics.htm http://oss.org.cn/ossdocs/java/se/jdk6/docs/guide/security/jce/JCERefGuide.html http://www.techrepublic.com/article/master-the-basics-of-java-cryptography-extension-jce/ http://www.digizol.com/2009/10/java-encrypt-decrypt-jce-salt.html http://www.rjug.org/presentations/2002/may/JavaCryptographyExtension.pdf http://www.cs.umd.edu/~jkatz/security/f09/lectures/JCA.pdf http://docstore.mik.ua/orelly/java-ent/security/ch13_01.htm https://db.apache.org/derby/docs/10.8/devguide/cdevcsecure67151.html http://www.cafeaulait.org/reports/JCE_1.2.1.html http://people.ucalgary.ca/~salindne/418/Files/JCA.pdf http://download.java.net/jdk7/archive/b125/docs/technotes/guides/security/index.html http://www.javacodegeeks.com/2012/12/test-using-cryptography-in-java-applications.html http://wikijava.org/wiki/Secret_Key_Cryptography_Tutorial

Author Biography PardhaSaradhi did masters and a Bachelor of Engineering in Electrical and Electronics from India. He has started perusing his career in IT industry from 2004 and been working with top IT clients all over the globe from last thirteen years in performance engineering & testing domain. Pardha has been analysing performance issues raised by various banking and telecom clients. He has been providing technical solutions for Java based applications with performance improvements. Combining his expertise in Performance engineering and interest in exploring new methodologies to improve the productivity of his team, Pardha has created many frameworks to analyse and identify application bottlenecks quickly.

Thank You!!!