1 / 19

Secure Web Server Response Time Improved by Caching SSL Session Keys

Secure Web Server Response Time Improved by Caching SSL Session Keys. Arthur Goldberg, Robert Buff, Andrew Schmitt [artg, buff, schm7136]@cs.nyu.edu Computer Science Department Courant Institute of Mathematical Science New York University. Workshop on Internet Server Performance, June 1998.

elin
Download Presentation

Secure Web Server Response Time Improved by Caching SSL Session Keys

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Web Server Response Time Improved by Caching SSL Session Keys Arthur Goldberg, Robert Buff, Andrew Schmitt [artg, buff, schm7136]@cs.nyu.edu Computer Science Department Courant Institute of Mathematical Science New York University Workshop on Internet Server Performance, June 1998

  2. Outline • HTTPS summary • WebPerf System • SSL Key Caching Performance • HTTPS Streaming Performance

  3. HTTPS HTTPS SSL TCP

  4. Establish a New SSL Connection Client Browser Web Server TCP Connect Hello Hello, Certificate SSL connect, Creating new Session Key Key exchange, Change Cipher Spec Change Cipher Spec

  5. SSL connect, Reusing Cached Session Key Reestablish an SSL Connection Client Browser Web Server SYN TCP Connect ACK/SYN Client Hello Server Hello, Change Cipher Spec Finished

  6. Measured Calls Socket = connect( … ); /* TCP */ SSL_struct = SSL_new(); /* create an SSL structure */ SSL_set_fd( SSL_struct, Socket ); /* bind to a socket*/ SSL_connect( SSL_struct ); ret_code = SSL_write( SSL_struct, buffer, num_bytes); o o o ret_code = SSL_read( SSL_struct, buffer_pointer, num_bytes);

  7. WebPerf Measurement System New York University Internet Hub NT Server running 'WebPerf' robot on NT 4.0 PC Netscape Enterprise Server 3.5.1 and Microsoft IIS 4.0 NYU intranet Oracle T3 7.3.x HTTPS Servers WebPerf DB

  8. WebPerf System • Robot browser • Supports HTTP 1.0, SSL (SSLeay 0.8.1) • Implementation • Visual C++ version 5.0, with optimization • Single-threaded • Measures millisecond resolution time with ftime() • Linked to SSLeay 0.8.1 • Winsock 2.0 TCP • RogueWave and Oracle OCI database networking • Oracle 7.3 SQL 92 Database • Experiments • Results • Other

  9. Experimental setup • Robot PC • 100 MHz Pentium with 32 MB of RAM with a NE 2000 NIC • On 10 Mbps Ethernet • NYUnet • T3 connected to be Internet via NYSERnet

  10. SSL create key SSL reuse key TCP connect Connect times for https://wwwus.netscape.com February, 1998

  11. Distribution of connect times for https://www.coned.com percentage TCP connect 80 70 SSL reuse key 60 50 SSL create key 40 30 20 10 ms 25 50 75 100 125 150 175

  12. Distribution of connect times for https://intranet.nyu.edu percentage 100 TCP connect 80 SSL reuse key 60 SSL create key 40 HTTP duration 20 ms 50 100 150 200

  13. Secure Hosts Studied

  14. Decrease in Overall Response Time From Reusing Cached Session Key

  15. Durations for Netscape Enterprise Server 3.5.1, secure (SSL) ms 300 250 200 95% 75% 150 100 50 KB 0 0 20 40 60 80 100 120

  16. Durations for Netscape Enterprise Server 3.5.1, non-secure ms 300 250 200 95% 75% 150 100 50 KB 0 0 20 40 60 80 100 120

  17. Linear fit for Netscape Secure: 730 bytes/ms Non-secure: 936 bytes/ms

  18. Linear fit for IIS Secure: 689 bytes/ms Non-secure: 819 bytes/ms

  19. Measurements of secure systems can help improve performance Future work: evaluate other keys and systems Conclusions

More Related