Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani September 21, 2000.

Slides:



Advertisements
Similar presentations
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Advertisements

Proposal for WAP-IETF co- operation on a wireless friendly TLS Tim Wright, Vodafone and chair WAP Security Group
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Performance and Efficiency in Wireless Security Terry Fletcher, Senior Security Architect Chrysalis-ITS
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
SSL: Secure Sockets Layer
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Slide 1 Vitaly Shmatikov CS 378 SSL/TLS. slide 2 What is SSL / TLS? uTransport Layer Security protocol, version 1.0 De facto standard for Internet security.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
Introduction to M-Commerce. Overview What is M-Commerce? Security Issues Usability Issues Heterogeneity Issues Business Model Issues Case Studies / Examples.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
A Survey of WAP Security Architecture Neil Daswani
Cryptography and Network Security Chapter 17
Wireless Application Protocol and i-Mode By Sridevi Madduri Swetha Kucherlapati Sharrmila Jeyachandran.
Chapter 8 Web Security.
Secure password-based cipher suite for TLS: The importance of end-to-end security Marie L.S. Dumont CS 265.
PKI & SSL Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
Secure Socket Layer (SSL)
Introduction to Secure Sockets Layer (SSL) Protocol Based on:
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Arab Academy for Science & Technology and Maritime Transport e Represented By : Ahmed Eldemallawy Ahmed Madani.
Web Security : Secure Socket Layer Secure Electronic Transaction.
C HAPTER 15 MACs and Signatures Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern, and.
Web Security Network Systems Security
8-1 Chapter 8 Security Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 part 3: Securing TCP.
Security PGP IT352 | Network Security |Najwa AlGhamdi 1.
Elliptic Curve Cryptography
1 SSL/TLS. 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
8-1 CSE 4707/5850 Network Security (2) SSL/TLS. 8-2 Think about Google or YouTube  Desired properties  Indeed the other side is Google or YouTube server.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.
The Secure Sockets Layer (SSL) Protocol
CSCE 715: Network Systems Security
COMP3220 Web Infrastructure COMP6218 Web Architecture
CSE 4095 Transport Layer Security TLS, Part II
Mark A. Shaw CS 522 Project Presentation
CS 465 TLS Last Updated: Oct 31, 2017.
SSL (Secure Socket Layer)
Security at the Transport Layer: SSL and TLS
SSL Protocol Figures used in the presentation
The Secure Sockets Layer (SSL) Protocol
Unit 8 Network Security.
Performance and Efficiency in Wireless Security
Presentation transcript:

Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani September 21, 2000

Private and Confidential, Yodlee.com, Inc. 2 Overview WAP Browsers & Handhelds A Review of WTLS Benchmarking Experiments WTLS Handshake Timing Estimates Discussion of Results Summary / Conclusions

Private and Confidential, Yodlee.com, Inc. 3 WAP Browsers & Handhelds: What is WAP? WAP: Wireless Application Protocol Created by WAP Forum –Founded June 1997 by Ericsson, Motorola, Nokia, Phone.com –500+ member companies –Goal: Bring Internet content to wireless devices WTLS: Wireless Transport Layer Security

Private and Confidential, Yodlee.com, Inc. 4 WAP Browsers & Handhelds: What is WAP? Web Server WTLSSSL Internet WAP Gateway

Private and Confidential, Yodlee.com, Inc. 5 WAP Browsers & Handhelds: Gaining Steam Palm OS –AU Systems –4 th Pass kBrowser Windows/PocketPC –EZOS EzWAP Psion –Purple Software/ Dynamical Systems Research RIM –Neomar

Private and Confidential, Yodlee.com, Inc. 6 WAP Browsers & Handhelds: Security & Performance Secure Connections: –Too long -> affects usability –Shorter keys -> too risky How long does the crypto take? –Using different crypto. algs. –Using different authentication methods

Private and Confidential, Yodlee.com, Inc. 7 A Review of WTLS: WTLS Goals WTLS Goals –Authentication –Privacy –Data Integrity Authentication: Public-Key Crypto (CPU intensive!!!) Privacy: Symmetric Crypto Data Integrity: MACs

Private and Confidential, Yodlee.com, Inc. 8 A Review of WTLS: Crypto Basics Public-Key Crypto –RSA (Rivest-Shamir-Adelman) –ECC (Elliptic Curve) Certificates Authentication –None, Client, Server, Mutual

Private and Confidential, Yodlee.com, Inc. 9 A Review of WTLS: Server-Authentication Server-Authentication Only ClientHello > ServerHello Certificate < ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished > < Finished Application Data 1. Verify Server Certificate 2. Establish Session Key

Private and Confidential, Yodlee.com, Inc. 10 A Review of WTLS: Server-Authentication 1. Verify Server Certificate –ECC & RSA: Verify Signature 2. Establish Session Key –ECC: Generate ECC-DH Key Pair & Multiply –RSA: Encrypt w/ Server Public Key

Private and Confidential, Yodlee.com, Inc. 11 A Review of WTLS: Mutual-Authentication Mutual-Authentication Client Hello > ServerHello Certificate CertificateRequest < ServerHelloDone Certificate ClientKeyExchange (only for RSA) CertificateVerify ChangeCipherSpec Finished > < Finished Application Data 1. Verify Server Certificate 2. Establish Session Key 3. Generate Signature

Private and Confidential, Yodlee.com, Inc. 12 A Review of WTLS: Mutual-Authentication 1. Verify Server Certificate –ECC & RSA: Verify Signature 2. Establish Session Key –ECC: Generate ECC-DH Key Pair & Multiply –RSA: Encrypt w/ Server Public Key 3. Verify Client Certificate –ECC & RSA: Signature Generation

Private and Confidential, Yodlee.com, Inc. 13 Benchmarking Experiments New Palm VII (Dragonball- EZ, 20MHz, PalmOS v.3.2.5) (ms) Palm V (Dragonball-EZ, 16.6MHz, PalmOS v.3.3) (ms) Old Palm VII (Dragonball, 16.6MHz, PalmOS v. 3.1) (ms) ECC Benchmarks (163-bit) Key Generation Key Expansion[1][1] Diffie-Hellman Key Agreement ECC-DSA Signature Generation ECC-DSA Signature Verification RSA Benchmarks(1024-bit)[2][2] Signature Generation Sig Verify (e=3) Sig Verify (e=65537) RSA Encrypt [1][1] Certicom’s ECC library requires that public keys be expanded into a more efficient representation before they can be operated on. These key expansions are not necessary in an RSA-based handshake, and hence the extra time to execute these operations was also modeled in the benchmarks. [2][2] The decryption timing measurements for RSA were measured for both of e=3 and e= It should be noted that e=65537 is more commonly used for most security applications and public decryption operations take longer to execute with e=65537.

Private and Confidential, Yodlee.com, Inc. 14 WTLS Handshake Timing Estimates Server-Authenticated Only: RSA OperationCryptographic Primitive(s)Time Required (ms) Server Certificate Verification RSA Signature Verification (Public decrypt, e=3) 598 Session Key Establishment RSA Encryption (Public encrypt) 622 TOTAL 1220

Private and Confidential, Yodlee.com, Inc. 15 WTLS Handshake Timing Estimates OperationCryptographic Primitive(s)Time Required (ms) Server Certificate Verification CA Public Key Expansion ECC-DSA Signature Verification 1254 Session Key Establishment ECC Key Generation (DH Ephemeral Key) Server Public Key Expansion Key Agreement TOTAL Server-Authenticated Only: ECC The cryptographic execution time for server-authenticated 1024-bit RSA handshakes is up to 2 times as fast as the cryptographic execution time for server- authenticated 163-bit ECC handshakes on the Palm VII.

Private and Confidential, Yodlee.com, Inc. 16 WTLS Handshake Timing Estimates Mutual-Authentication: RSA OperationCryptographic Primitive(s)Time Required (ms) Server Certificate Verification RSA Signature Verification (Public decrypt, e=3) 598 Session Key Establishment RSA Encryption (Public encrypt) 622 Client AuthenticationRSA Signature Generation (Private encrypt) TOTAL 22954

Private and Confidential, Yodlee.com, Inc. 17 WTLS Handshake Timing Estimates Mutual-Authentication: ECC OperationCryptographic Primitive(s) Time Required (ms) Server Certificate Verification CA Public Key Expansion ECC-DSA Signature Verification 1254 Session Key Establishment Server Public Key Expansion Key Agreement Client AuthenticationECC-DSA Signature Generation TOTAL 2614 The cryptographic execution time for mutually-authenticated 163-bit ECC handshakes is at least 8.64 times as fast as the cryptographic execution time for mutually-authenticated 1024-bit RSA handshakes on the Palm VII.

Private and Confidential, Yodlee.com, Inc. 18 Discussion of Results Strictly CPU time Optimizations –Store Expanded Keys Mutually authenticated handshakes could be too expensive for 1024-bit RSA on constrained microprocessors. Issue: who will sign ECC certificates?

Private and Confidential, Yodlee.com, Inc. 19 Discussion of Results PDAMicroprocessorSpeed Palm, HandspringMotorola Dragonball16.6 – 20 MHz RIM Interactive Pager Intel MHz Compaq Aero 1530NEC/VR4111 MIPS RISC70 MHz HP Jornada 820Intel/StrongARM RISC SA MHz Casio Cassiopeia E- 100 NEC/VR4121 MIPS131 MHz Psion RevoARM MHz Psion Series 5Digital/Arm MHz

Private and Confidential, Yodlee.com, Inc. 20 Summary / Conclusions Cryptographic Execution Time for WTLS handshakes on wireless devices is significant. Server-Authenticated 1024-bit RSA can be 2x as fast as 163-bit ECC Mutually-Authenticated 163-bit ECC is at least 8x as fast as 1024-bit RSA

Private and Confidential, Yodlee.com, Inc. 21 References & Acknowledgements References: –WAP Forum, Wireless Application Protocol Specification Version 1.1, –WAP Forum, Wireless Transport Layer Security Specification Version 1.1, –AU-Systems WAP Browser Home Page, –EZOS EzWAP Browser Page, –Psion WAP Browser Beta Page, –Neomar RIM WAP Browser Page, –Neomar Press Release, Acknowledgements: –Tim Dierks, Rob Lambert, Chris Hawk (Certicom) –Nagendra Modadugu (Stanford)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.