T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing.

Slides:

Advertisements

Similar presentations

Case Study: Examining the Results of P2P Collaboration at PricewaterhouseCoopers February 14, 2001 Case Study: Examining the Results of Collaboration at.

Advertisements

Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)

Lazy Asynchronous I/O For Event-Driven Servers Khaled Elmeleegy, Anupam Chanda and Alan L. Cox Department of Computer Science Rice University, Houston,

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 1 Introduction to Perl and CGI.

1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.

M2M Architecture Inge Grønbæk, Telenor R&I ETSI Workshop on RFID and The Internet Of Things, 3rd and 4th December 2007.

and 6.855J Cycle Canceling Algorithm. 2 A minimum cost flow problem , $4 20, $1 20, $2 25, $2 25, $5 20, $6 30, $

Encrypting Wireless Data with VPN Techniques

Introduction to HTML, XHTML, and CSS

1 ALICE Grid Status David Evans The University of Birmingham GridPP 14 th Collaboration Meeting Birmingham 6-7 Sept 2005.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Communicating over the Network

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Overview Environment for Internet database connectivity

1 Chapter One Introduction to Computer Networks and Data Communications.

Block Cipher Modes of Operation and Stream Ciphers

A Wireless Local Area Network (WLAN) is a network that interconnects devices using radio waves. Wireless networking technologies allow devices to communicate.

Content Interaction and Formatting, Tayeb LEMLOUMA & Nabil Layaïda. November Tayeb Lemlouma & Nabil Layaïda Presented by Sébastien Laborie November.

Application Server Based on SoftSwitch

1 | © 2012 V-Key.com – Proprietary and Confidential Bugatti Veyron Super SportBugatti Veyron Super Sport: 267 mph (429 km/h), 0-60 in 2.4 secs.

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.

ICS 434 Advanced Database Systems

A Comparison of HTTP and HTTPS Performance Arthur Goldberg, Robert Buff, Andrew Schmitt [artg, buff, Computer Science Department Courant.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

10/10/ * Introduction * Network Evolution * Why Gi-Fi is used * Bluetooth & Wi-Fi * Architecture of Gi-Fi * Features / Advantages * Applications.

Chapter 17: WEB COMPONENTS

Addition 1’s to 20.

Test B, 100 Subtraction Facts

Chapter 13 Review Questions

Cryptography and Network Security Chapter 16

TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.

Data Integrity Proofs in Cloud Storage Sravan Kumar R, Ashutosh Saxena Communication Systems and Networks (COMSNETS), 2011 Third International Conference.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

WAWC’05 Enhancing Mobile Peer-To-Peer Environment with Neighborhood Information Arto Hämäläinen -

Location based Streaming Topics for our 1 st presentation  Thesis Description  Positioning System  Streaming over positioning  Questions Session.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.

CM2502 E-Business Mobile Services. Desktop restrictions Mobile technologies Bluetooth WAP Summary.

V1.00 © 2009 Research In Motion Limited Introduction to Mobile Device Web Development Trainer name Date.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

Copyright 2003 CCNA 1 Chapter 7 TCP/IP Protocol Suite and IP Addressing By Your Name.

Basic Networking Components

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

EUROCON “Computer as a Tool”, Belgrade, 24 th November 2005 (1) Paul Killoran EUROCON 2005 Paul Killoran, Fearghal Morgan & Michael Schukat National.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Lectured By: Vivek Dimri Assistant Professor, CSE Dept. SET, Sharda University, Gr. Noida.

GRNET Greek Research & Education Network GRNET Simple Storage – GSS Ioannis Liabotis, Panos Louridas Amsterdam, June 2007.

Mr C Johnston ICT Teacher G055 - Lecture 03 Local and Wide Area Networks.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

Securing Access to Data Using IPsec Josh Jones Cosc352.

COMPUTER NETWORKS Quizzes 5% First practical exam 5% Final practical exam 10% LANGUAGE.

Week-3 (Lecture-1). Some Important internet terms: Archie : A program used to search files at FTP sites. There are currently 30 Archie servers in the.

Secure Sockets Layer (SSL)

FICEER 2017 Docker as a Solution for Data Confidentiality Issues in Learning Management System.

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

Instructor: Mort Anvari

Network programming Lecture 1 Prepared by: Dr. Osama Mokhtar.

Presentation transcript:

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 1 Analysis of Scalable Security – MC-SSL Simulation Reducing excessive cryptographic processing in SSL Connections: how much can you save?

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 2 Outline Introduction MC-SSL Background Methodology Theoretical Results Actual Results Conclusion Future Work

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 3 Introduction Security processing is CPU intensive Recent developments on mobile devices increased its security requirements ex. –Processing stock transaction –Accessing financial institutes Hence…the technology development does not fully meet the requires of its applications

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 4 Introduction(2) Similar issues plague battery life of mobile devices in that new applications drain the battery at a faster pace than before –Resolve by scalable features –Ex. Asus notebooks feature “Asus Power4 Gear Software” that controls CPU speed, LCD brightness, and WLAN

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 5 MC-SSL Background Developed by James Song – allow third- party (partially trusted) WAP proxy gateway providers –Some mobile devices cannot directly access data from outside the service provider’s network –Ex. IP packets need to be transformed into WAP packets before mobile devices are able to view it

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 6 MC-SSL Background

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 7 Methodology Java Secure Socket Extension (JSSE) API Three Elements –Client –SSL Web Server –Clear Text Web Server SSL and Clear Text Web Server on one computer, client on a separate one to avoid interference

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 8 Methodology – Web Servers SSL Web Server Enable Two Cipher Suites –SSL_RSA_WITH_NULL_SHA –TLS_RSA_WITH_AES_128_CBC_SHA Clear Text Web Server is an unmodified open-source java Web Server Both host MP3 files ranging from 1 to 10 Mbytes, at an interval of 1 Mbyte

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 9 Methodology – Client Initiates connection by enabling one of the two cipher suites offered by the Web Server Employs Java Native Interface (JNI) for CPU measurement –C Library –Collects three measurements Process’s CPU Time Elapsed Time CPU Utilization CPU Utilization = Process CPU Time Elapsed Time

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 10 Methodology – Overall Client

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 11 Theoretical Results

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 12 Theoretical Results Based on S. Ravi et al ’ s “ Securing Wireless Data: System Architecture Challenges ” Assumed linear Max: 86.5% Intercept: 30% 3DES535.9 AES206.3 SHA115.4 MD533.1

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 13 Actual Results

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 14 Actual Results Max: 76.4% [vs 86.5%] Linear Intercept ~35% Slope similar, low influence of connection overhead at 10 Mbyte file size

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 15 Conclusion Support the use of scalable secure socket layer connection when CPU capabilities are limited Sending large, non-confidential data using integrity only channel can save up to 50% CPU processing power Case Study on banking application reveals only 3.4% of data requiring both confidentiality and integrity – 37% CPU saving

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 16 Conclusion Issues –Reintegrating data back together from separate channels –Deciding what type of channel for each data

T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A 1 September 2005MC-SSL Simulation 17 Future Work Vary the total file size that is transferred via the network (instead of 10Mbytes) –8 Mbytes –6 Mbytes –4 Mbytes, … Need to isolate the point which the scheme is ineffective due to overhead Experiment on PDA devices (300 MHz, accessing b/g wireless network)