Optimal Performance of Java Encryption PardhaSaradhi D -Senior Technology Architect Infosys Limited

Abstract The usage and developments of computer and Internet technology in our life, is inseparable from the Internet. The Growth of emerging internet and web based applications will be significant in future. With these developments, users are enjoying quicker and more convenient services offered by the Internet based web applications. However, we face potential security threat to sensitive information. The data transferred over the internet or network between web applications or legacy systems can be exposed. It is very essential to have more sophisticated protection mechanisms for web application data transferred over the network. In addition to this, the data stored by web application in persistent storage needs to be encrypted so as to avoid any data exposure or chance of hacking. Data encryption is an efficient method of guaranteeing information security. There are many encryption methodologies available to encrypt the data. As Java language used for majority of WEB application development with its good features of portability and object oriented programming, this paper describes about the Java Cryptography Extension (JCE) API and its performance over 128 bit and 256 bit encryption techniques.

Introduction: The Java Cryptography Extension (JCE) provides a standard framework and implementations for data encryption, the key generation, key agreement and the message authentication Code algorithms. The encryption techniques includes symmetric, asymmetric, block, and stream ciphers. Java Cryptography Extension APIs are implemented by java cryptographic service providers. Each of these cryptographic service providers implements the service provider interface which specifies the functionalities which needs to be implemented by the service providers. Programmers can plugin any Service Providers for performing cryptographic functionalities provided by JCE. Choosing the right data encryption algorithm plays a vital role in achieving performance of overall transaction. Let’s briefly understand the encryption techniques for algorithms – AES, Blowfish, RC2, RC4 and Rijndael.

Case study: In recent studies it has been identified that for value transaction applications such as mobile banking, internet banking, credit card system, etc. the account details and transaction details are transferred in an encrypted xml format. Also it is noticed that in many web services based applications xml communication happens over the network in encrypted format. Let’s understand the impact of various encryption algorithms mentioned above which are provided by HOTSPOT jvm 1.7.x version. The below sample java program written to encrypt a sample xml, which has various account details generally used for enquiry type transactions. Various xml files with size 3KB, 10KB and 50KB are given as input for encryption.

Example: A work load with 1000 concurrent threads are triggered to invoke encryption (‘encrypt(..)’) method in parallel. Only one xml file was parsed at one time for multi-threaded execution and stored in static string variable. The Xml string was passed to each thread for encryption. The same procedure was repeated for each of the encryption algorithm by passing only one xml file at a time.

Sample program: private String Xml=""; private String algor=""; private String Thread_number=""; public SampleEncryption(String str,String alg,String ThreadNo){ this.Xml=str; this.algor=alg; this.Thread_number=ThreadNo;} public void run() { try { String key = "55720414534B………………………………………………63087………………………………………………………………………………………………………………………….0324643278643…………………326D43204376743286743290874784C3260409A876"; // 128 or 256 bit key long l1=System.currentTimeMillis(); Key algKey = new SecretKeySpec(key.getBytes(), algor); Cipher cipher = Cipher.getInstance(algor); cipher.init(Cipher.ENCRYPT_MODE, algKey); byte[] encrypted = cipher.doFinal(Xml.getBytes()); long l2=System.currentTimeMillis(); System.err.println("Encryptopn cost:"+ ((l2-l1) + ":ThreadName:"+Thread_number+":"+algor)); cipher.init(Cipher.DECRYPT_MODE, algKey); String decrypted = new String(cipher.doFinal(encrypted)); long l3=System.currentTimeMillis(); }catch(Exception e) {e.printStackTrace();} }

Result analysis: The performance of encryption was measured in terms of response time (Average execution for 1000 concurrent threads) and CPU utilization. The result has been shown in graphical representation for Average execution time (Y- axis: milliseconds) and percentage of CPU utilization (Y-axis: percentage of CPU). For XML size of 3KB input file with 1000 concurrent threads, it is observed that ARCFOUR encryption algorithm has been fastest and Blowfish seems to be the slowest in encrypting the xml. The CPU utilized for ARCFOUR is the lowest and RC2 algorithm is the highest.

XML size of 10KB: For XML size of 10KB input file with 1000 concurrent threads, it is observed that RC4 encryption algorithm has been fastest and RC2 seems to be the slowest in encrypting the xml. The CPU utilized for RC4 is the lowest and RC2 algorithm is the highest.

XML size of 50KB: For XML size of 50KB (and above <1MB) input file with 1000 concurrent threads, it is observed that RC4 encryption algorithm has been fastest and AES seems to be the slowest in encrypting the xml. The CPU utilized for RC4 is the lowest and AES algorithm is the highest.

Conclusion: The above case study showcase the performance of each of ARCFOUR, AES, Blowfish, RC2, RC4 and Rijndeal java crypto algorithms. The average execution time for encryption by each of the algorithm is increased with the data to be encrypted. However it is observed that RC4 encryption algorithm is very optimistic in resource utilization (in terms of CPU) and execution time. The encryption algorithm AES found to be expensive in overall performance. The performance of various algorithm discussed in the case study are graphically represented below for encrypting different xml sizes with a concurrent load of 1000 threads.

References & Appendix The following websites has been referred to gain knowledge on JCE. http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html http://publib.boulder.ibm.com/infocenter/realtime/v1r0/index.jsp?topic=%2Fcom.ibm.rt.doc.10%2Fsecurity%2Fjce%2Fjce.html http://www.developer.com/java/other/article.php/3778011/Unlocking-the-Secrets-of-Java-Cryptography-Extensions-The-Basics.htm http://oss.org.cn/ossdocs/java/se/jdk6/docs/guide/security/jce/JCERefGuide.html http://www.techrepublic.com/article/master-the-basics-of-java-cryptography-extension-jce/ http://www.digizol.com/2009/10/java-encrypt-decrypt-jce-salt.html http://www.rjug.org/presentations/2002/may/JavaCryptographyExtension.pdf http://www.cs.umd.edu/~jkatz/security/f09/lectures/JCA.pdf http://docstore.mik.ua/orelly/java-ent/security/ch13_01.htm https://db.apache.org/derby/docs/10.8/devguide/cdevcsecure67151.html http://www.cafeaulait.org/reports/JCE_1.2.1.html http://people.ucalgary.ca/~salindne/418/Files/JCA.pdf http://download.java.net/jdk7/archive/b125/docs/technotes/guides/security/index.html http://www.javacodegeeks.com/2012/12/test-using-cryptography-in-java-applications.html http://wikijava.org/wiki/Secret_Key_Cryptography_Tutorial

Author Biography PardhaSaradhi did masters and a Bachelor of Engineering in Electrical and Electronics from India. He has started perusing his career in IT industry from 2004 and been working with top IT clients all over the globe from last thirteen years in performance engineering & testing domain. Pardha has been analysing performance issues raised by various banking and telecom clients. He has been providing technical solutions for Java based applications with performance improvements. Combining his expertise in Performance engineering and interest in exploring new methodologies to improve the productivity of his team, Pardha has created many frameworks to analyse and identify application bottlenecks quickly.

Thank You!!!