Presentation is loading. Please wait.

Presentation is loading. Please wait.

Performance and Efficiency in Wireless Security

Similar presentations


Presentation on theme: "Performance and Efficiency in Wireless Security"— Presentation transcript:

1 Performance and Efficiency in Wireless Security
Terry Fletcher, Senior Security Architect Chrysalis-ITS

2 Overview m-Commerce needs for security Wireless networking constraints
Approaches Need for efficiency Opportunities for efficiency Need for performance Opportunities for performance Future

3 M-Commerce Needs for Security
Intra-domain and end-to-end Authentication Data integrity Data confidentiality Wireless Networking Constraints Handheld device size and processing power Carrier network bandwidth Carrier network reliability Network discontinuities Between different wireless carriers Between wireless and wired networks

4 Approaches Carrier network security (e.g., GSM)
Transport level security (e.g., WTLS) Application level security (e.g., S/MIME)

5 Opportunities for Efficiency
Need for Efficiency Space limitations on devices Processing limitations on devices Carrier network bandwidth and reliability Opportunities for Efficiency Protocol optimization (WTLS vs. TLS) Optimization of key exchange and cipher suite choices (ECDH optimized handshake, smaller MAC sizes for data integrity) Minimizing certificate sizes (ECDSA signatures) Minimizing key exchange/key agreement traffic (resume sessions)

6 Need for Performance At servers and gateways Typical SSL V3 numbers
E-Commerce apps – 5% – 40% of total traffic On-line banking – 50+% of total traffic Approx 0.5% - 1% of typical SSL traffic is handshake protocol Handshake very compute intensive (beyond asymmetric crypto) TLS Full handshake requires 44 hash operations on total of approx 75 k bits Proportions likely higher for WTLS WML records smaller than HTML web pages Overhead with handshake significant compared to WML traffic volumes Handshake still compute intensive even with optimization

7 Opportunities for Performance
Optimization Asymmetric crypto acceleration (000’s of s/sec) Offloading compute intensive portions of handshake protocol Offloading symmetric crypto processing RSA Sign 35ms Verify 3ms ECDSA Sign 5.5 ms Verify 9 ms EC acceleration – integer fields – choice of field primes can simplify math (Mersennes) - GF(2) dedicated GF multiplier HW

8 Future Wireless networks evolving
Higher data rates & better reliability Need for profiles for different network environments & operational requirements

9 Conclusion Wireless security requires both efficiency and performance enhancement Handshake protocol requires intensive computation beyond asymmetric crypto Need to develop profiles to take greatest advantage of possible efficiency and performance enhancements

10 References WTLS 18 February 2000 TLS – RFC 2246
TLS – RFC 2246


Download ppt "Performance and Efficiency in Wireless Security"

Similar presentations


Ads by Google