Predicting TLS performance from key exchange performance (short paper)

Farhad Moghimifar; Douglas Stebila

doi:10.1145/2843043.2843360

Predicting TLS performance from key exchange performance (short paper)

Farhad Moghimifar, Douglas Stebila

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

1 Citation (Scopus)

Abstract

Most benchmarking of cryptographic systems focuses on the performance of individual algorithms in a standalone setting. However, real-world applications such as the Transport Layer Security (TLS) protocol use a variety of cryptographic algorithms together. Benchmarking the performance of a web server using TLS is a more complex task, so fewer works include performance characteristics of full systems. In this work, we develop a model for the number of connections per second of a TLS-protected web server based on the runtime of individual cryptographic operations. Our model allows us to predict how performance scales with file size. Our model also allows us to predict the impact of improved key exchange algorithms: for example, on an HTTPS server with 1KiB files running ECDSA-nistp256 with AES-128-GCM and HMAC-SHA-256, a 2× improvement in ephemeral Diffie-Hellman key exchange performance only leads to a 10% improvement in connections per second, as signatures become the dominant cost.

Original language	English
Title of host publication	Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2016
Editors	Xun Yi, Giovanni Russello
Place of Publication	Nw York NY USA
Publisher	Association for Computing Machinery (ACM)
Number of pages	4
ISBN (Electronic)	9781450340427
DOIs	https://doi.org/10.1145/2843043.2843360
Publication status	Published - 2016
Externally published	Yes
Event	Australian Information Security Conference 2016 - Canberra, Australia Duration: 2 Feb 2016 → 5 Feb 2016 https://dl.acm.org/doi/proceedings/10.1145/2843043 (Proceedings) https://cs.anu.edu.au/conf/acsw2016/sub-confs/aisc.html (Website)

Publication series

Name	ACM International Conference Proceeding Series
Publisher	Association for Computing Machinery (ACM)
Volume	01-05-February-2016

Conference

Conference	Australian Information Security Conference 2016
Abbreviated title	AISC 2016
Country/Territory	Australia
City	Canberra
Period	2/02/16 → 5/02/16
Internet address	https://dl.acm.org/doi/proceedings/10.1145/2843043 (Proceedings) https://cs.anu.edu.au/conf/acsw2016/sub-confs/aisc.html (Website)

Keywords

Key exchange
Performance
Transport Layer Security (TLS) protocol

Access to Document

10.1145/2843043.2843360

Cite this

Moghimifar, F., & Stebila, D. (2016). Predicting TLS performance from key exchange performance (short paper). In X. Yi, & G. Russello (Eds.), Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2016 [44] (ACM International Conference Proceeding Series; Vol. 01-05-February-2016). Association for Computing Machinery (ACM). https://doi.org/10.1145/2843043.2843360

@inproceedings{dbdaabe316054499bc2838c9c130f684,

title = "Predicting TLS performance from key exchange performance (short paper)",

abstract = "Most benchmarking of cryptographic systems focuses on the performance of individual algorithms in a standalone setting. However, real-world applications such as the Transport Layer Security (TLS) protocol use a variety of cryptographic algorithms together. Benchmarking the performance of a web server using TLS is a more complex task, so fewer works include performance characteristics of full systems. In this work, we develop a model for the number of connections per second of a TLS-protected web server based on the runtime of individual cryptographic operations. Our model allows us to predict how performance scales with file size. Our model also allows us to predict the impact of improved key exchange algorithms: for example, on an HTTPS server with 1KiB files running ECDSA-nistp256 with AES-128-GCM and HMAC-SHA-256, a 2× improvement in ephemeral Diffie-Hellman key exchange performance only leads to a 10% improvement in connections per second, as signatures become the dominant cost.",

keywords = "Key exchange, Performance, Transport Layer Security (TLS) protocol",

author = "Farhad Moghimifar and Douglas Stebila",

note = "Publisher Copyright: {\textcopyright} 2016 Copyright held by the owner/author(s). Publication rights licensed to ACM.; Australian Information Security Conference 2016, AISC 2016 ; Conference date: 02-02-2016 Through 05-02-2016",

year = "2016",

doi = "10.1145/2843043.2843360",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery (ACM)",

editor = "Xun Yi and Giovanni Russello",

booktitle = "Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2016",

address = "United States of America",

url = "https://dl.acm.org/doi/proceedings/10.1145/2843043, https://cs.anu.edu.au/conf/acsw2016/sub-confs/aisc.html",

}

Moghimifar, F & Stebila, D 2016, Predicting TLS performance from key exchange performance (short paper). in X Yi & G Russello (eds), Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2016., 44, ACM International Conference Proceeding Series, vol. 01-05-February-2016, Association for Computing Machinery (ACM), Nw York NY USA, Australian Information Security Conference 2016, Canberra, Australian Capital Territory, Australia, 2/02/16. https://doi.org/10.1145/2843043.2843360

Predicting TLS performance from key exchange performance (short paper). / Moghimifar, Farhad; Stebila, Douglas.
Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2016. ed. / Xun Yi; Giovanni Russello. Nw York NY USA: Association for Computing Machinery (ACM), 2016. 44 (ACM International Conference Proceeding Series; Vol. 01-05-February-2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

TY - GEN

T1 - Predicting TLS performance from key exchange performance (short paper)

AU - Moghimifar, Farhad

AU - Stebila, Douglas

PY - 2016

Y1 - 2016

N2 - Most benchmarking of cryptographic systems focuses on the performance of individual algorithms in a standalone setting. However, real-world applications such as the Transport Layer Security (TLS) protocol use a variety of cryptographic algorithms together. Benchmarking the performance of a web server using TLS is a more complex task, so fewer works include performance characteristics of full systems. In this work, we develop a model for the number of connections per second of a TLS-protected web server based on the runtime of individual cryptographic operations. Our model allows us to predict how performance scales with file size. Our model also allows us to predict the impact of improved key exchange algorithms: for example, on an HTTPS server with 1KiB files running ECDSA-nistp256 with AES-128-GCM and HMAC-SHA-256, a 2× improvement in ephemeral Diffie-Hellman key exchange performance only leads to a 10% improvement in connections per second, as signatures become the dominant cost.

AB - Most benchmarking of cryptographic systems focuses on the performance of individual algorithms in a standalone setting. However, real-world applications such as the Transport Layer Security (TLS) protocol use a variety of cryptographic algorithms together. Benchmarking the performance of a web server using TLS is a more complex task, so fewer works include performance characteristics of full systems. In this work, we develop a model for the number of connections per second of a TLS-protected web server based on the runtime of individual cryptographic operations. Our model allows us to predict how performance scales with file size. Our model also allows us to predict the impact of improved key exchange algorithms: for example, on an HTTPS server with 1KiB files running ECDSA-nistp256 with AES-128-GCM and HMAC-SHA-256, a 2× improvement in ephemeral Diffie-Hellman key exchange performance only leads to a 10% improvement in connections per second, as signatures become the dominant cost.

KW - Key exchange

KW - Performance

KW - Transport Layer Security (TLS) protocol

UR - http://www.scopus.com/inward/record.url?scp=84962523084&partnerID=8YFLogxK

U2 - 10.1145/2843043.2843360

DO - 10.1145/2843043.2843360

M3 - Conference Paper

AN - SCOPUS:84962523084

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2016

A2 - Yi, Xun

A2 - Russello, Giovanni

PB - Association for Computing Machinery (ACM)

CY - Nw York NY USA

T2 - Australian Information Security Conference 2016

Y2 - 2 February 2016 through 5 February 2016

ER -

Predicting TLS performance from key exchange performance (short paper)

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this