1 / 10

Performance and Efficiency in Wireless Security

Performance and Efficiency in Wireless Security. Terry Fletcher, Senior Security Architect Chrysalis-ITS tfletcher@chrysalis-its.com www.chrysalis-its.com. Overview. m-Commerce needs for security Wireless networking constraints Approaches Need for efficiency Opportunities for efficiency

abeni
Download Presentation

Performance and Efficiency in Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Performance and Efficiency in Wireless Security Terry Fletcher, Senior Security Architect Chrysalis-ITS tfletcher@chrysalis-its.com www.chrysalis-its.com

  2. Overview • m-Commerce needs for security • Wireless networking constraints • Approaches • Need for efficiency • Opportunities for efficiency • Need for performance • Opportunities for performance • Future

  3. M-Commerce Needs for Security • Intra-domain and end-to-end • Authentication • Data integrity • Data confidentiality Wireless Networking Constraints • Handheld device size and processing power • Carrier network bandwidth • Carrier network reliability • Network discontinuities • Between different wireless carriers • Between wireless and wired networks

  4. Approaches • Carrier network security (e.g., GSM) • Transport level security (e.g., WTLS) • Application level security (e.g., S/MIME)

  5. Need for Efficiency • Space limitations on devices • Processing limitations on devices • Carrier network bandwidth and reliability Opportunities for Efficiency • Protocol optimization (WTLS vs. TLS) • Optimization of key exchange and cipher suite choices (ECDH optimized handshake, smaller MAC sizes for data integrity) • Minimizing certificate sizes (ECDSA signatures) • Minimizing key exchange/key agreement traffic (resume sessions)

  6. Need for Performance • At servers and gateways • Typical SSL V3 numbers • E-Commerce apps – 5% – 40% of total traffic • On-line banking – 50+% of total traffic • Approx 0.5% - 1% of typical SSL traffic is handshake protocol • Handshake very compute intensive (beyond asymmetric crypto) • TLS Full handshake requires 44 hash operations on total of approx 75 k bits • Proportions likely higher for WTLS • WML records smaller than HTML web pages • Overhead with handshake significant compared to WML traffic volumes • Handshake still compute intensive even with optimization

  7. Opportunities for Performance • Optimization • Asymmetric crypto acceleration (000’s of s/sec) • Offloading compute intensive portions of handshake protocol • Offloading symmetric crypto processing

  8. Future • Wireless networks evolving • Higher data rates & better reliability • Need for profiles for different network environments & operational requirements

  9. Conclusion • Wireless security requires both efficiency and performance enhancement • Handshake protocol requires intensive computation beyond asymmetric crypto • Need to develop profiles to take greatest advantage of possible efficiency and performance enhancements

  10. References • WTLS 18 February 2000 • “http://www.wapforum.org” • TLS – RFC 2246 • “http://www.ietf.org/rfc/rfc2246.txt”

More Related