|
 ABSTRACT
TLS is the protocol of choice for securing today's e-commerce and online transactions but adding TLS to a Web server imposes a significant overhead relative to an insecure Web server on the same platform. We perform a comprehensive study of the performance costs of TLS. Our methodology is to profile TLS Web servers with trace-driven workloads, replace individual components inside TLS with no-ops, and measure the observed increase in server throughput. We estimate the relative costs of each TLS processing stage, identifying the areas for which future optimizations would be worthwhile. Our results show that while the RSA operations represent the largest performance cost in TLS Web servers, they do not solely account for TLS overhead. RSA accelerators are effective for e-commerce site workloads since they experience low TLS session reuse. Accelerators appear to be less effective for sites where all the requests are handled by a TLS server because they have a higher session reuse rate. In this case, investing in a faster CPU might provide a greater boost in performance. Our experiments show that having a second CPU is at least as useful as an RSA accelerator. Our results seem to suggest that, as CPUs become faster, the cryptographic costs of TLS will become dwarfed by the CPU costs of the nonsecurity aspects of a Web server. Optimizations aimed at general purpose Web servers should continue to be a focus of research and would benefit secure Web servers as well.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Alteon. 2002. Alteon web switching Portfolio. http://www.nortelnetworks.com/products/01/alteon/alt180/.
|
| |
2
|
Amazon.com. 2001. Amazon.Com releases 2001 first quarter results. Press Release. http://www.sec.gov/Archives/edgar/data/1018724/000095010901500823/dex991.htm.
|
 |
3
|
|
| |
4
|
Apostolopoulos, G., Peris, V., and Saha, D. 1999. Transport layer security, How much does it really cost? In Proceedings of the 18th Conference on Computer Communications. New York, NY.
|
| |
5
|
|
| |
6
|
|
| |
7
|
Banga, G. and Mogul, J. C. 1998. Scalable kernel performance for Internet servers under realistic loads. In Proceedings of the 1998 Usenix Technical Conference.
|
| |
8
|
Banga, G., Mogul, J. C., and Druschel, P. 1999. A scalable and explicit event delivery mechanism for UNIX. In Proceeding of the Usenix 1999 Annual Technical Conference. Monterey, CA.
|
| |
9
|
Banks, D. and Prudence, M. 1993. A high-performance network architecture for a pa-risc workstation. IEEE J. Selected Area Comm. 11, 2 (Feb.), 191--202.
|
| |
10
|
T. von Eicken , A. Basu , V. Buch , W. Vogels, U-Net: a user-level network interface for parallel and distributed computing (includes URL), Proceedings of the fifteenth ACM symposium on Operating systems principles, p.40-53, December 03-06, 1995, Copper Mountain, Colorado, United States
|
| |
11
|
|
| |
12
|
|
| |
13
|
Brendan, C., Traw, S., and Smith, J. M. 1993. Hardware/software organization of a high-performance atm host interface. IEEE J. Selected Area Comm. 11, 2 (Feb.), 240--253.
|
| |
14
|
Buhler, P., Eirich, T., Steiner, M., and Waidner, M. 2000. Secure password-based cipher suite for TLS. In Proceedings of the 6th Network and Distributed Systems Security Symposium. San Diego, CA, 129--142.
|
| |
15
|
Chankhunthod, A., Danzig, P. B., Neerdaels, C., Schwartz, M. F., and Worrell, K. J. 1996. A hierarchical Internet object cache. In Proceedings of the 1996 Usenix Technical Conference.
|
| |
16
|
|
| |
17
|
Chu, J. 1996. Zero-copy TCP in Solaris. In Proceedings of the 1996 USENIX Technical Conference. San Diego, CA.
|
| |
18
|
Compaq. 2001. The AXL300 RSA accelerator. http://www.compaq.com/products/servers/security/axl300/.
|
| |
19
|
Dean, D., Berson, T., Franklin, M., Smetters, D., and Spreitzer, M. 2001. Cryptology as a network service. In Proceedings of the 7th Network and Distributed System Security Symposium. San Diego, CA.
|
| |
20
|
Dean, D. and Stubblefield, A. 2001. Using client puzzles to protect TLS. In Proceedings of the 7th Network and Distributed System Security Symposium. San Diego, CA.
|
| |
21
|
Dierks, T. and Allen, C. 1999. The TLS Protocol, Version 1.0. Internet Engineering Task Force. RFC-2246, ftp://ftp.isi.edu/in-notes/rfc2246.txt.
|
| |
22
|
Diffie, W. and Hellman, M. E. 1976. New directions in cryptography. IEEE Trans. Inform. Theory 22, 6, 644--654.
|
| |
23
|
Druschel, P. 1994. Operating systems support for high-speed networking. Tech. Rep. TR 94-24, Department of Computer Science, University of Arizona.
|
| |
24
|
Druschel, P., Abbott, M. B., Pagels, M. A., and Peterson, L. L. 1993. Network subsystem design. IEEE Network 7, 4 (July), 8--17.
|
| |
25
|
Peter Druschel , Larry L. Peterson , Bruce S. Davie, Experiences with a high-speed network adaptor: a software perspective, Proceedings of the conference on Communications architectures, protocols and applications, p.2-13, August 31-September 02, 1994, London, United Kingdom
|
| |
26
|
|
| |
27
|
Druschel, P., Peterson, L. L., and Hutchinson, N. C. 1992. Beyond micro-kernel design: Decoupling modularity and protection in Lipto. In Proceedings of the 12th International Conference on Distributed Computing Systems. Yokohama, Japan.
|
| |
28
|
Aled Edwards , Greg Watson , John Lumley , David Banks , Costas Calamvokis , C. Dalton, User-space protocols deliver high performance to applications on a low-cost Gb/s LAN, Proceedings of the conference on Communications architectures, protocols and applications, p.14-23, August 31-September 02, 1994, London, United Kingdom
|
| |
29
|
Engelschall, R. S. 2000. mm - Shared Memory Library. http://www.engelschall.com/sw/mm/.
|
| |
30
|
Armando Fox , Steven D. Gribble , Yatin Chawathe , Eric A. Brewer , Paul Gauthier, Cluster-based scalable network services, Proceedings of the sixteenth ACM symposium on Operating systems principles, p.78-91, October 05-08, 1997, Saint Malo, France
|
| |
31
|
Freier, A. O., Karlton, P., and Kocher, P. C. 1996. The SSL Protocol, Version 3.0. Netscape. http://home.netscape.com/eng/ssl3/draft302.txt.
|
| |
32
|
Goldberg, A., Buff, R., and Schmitt, A. 1998. Secure Web server performance dramatically improved by caching SSL session keys. In Proceedings of the Workshop on Internet Server Performance. Madison, WI.
|
| |
33
|
|
| |
34
|
Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K. E., and Smith, B. 2002. Advanced client/server authentication in TLS. In Proceedings of the 8th Network and Distributed System Security Symposium. San Diego, CA.
|
| |
35
|
Hu, J. C., Pyrali, I., and Schmidt, D. C. 1997. Measuring the impact of event dispatching and concurrency models on Web server performance over high-speed networks. In Proceedings of the 2nd Global Internet Conference.
|
| |
36
|
Intel. 2002. Intel(R) AAD8125Y and AAD8120Y e-Commerce Directors. http://developer.intel.com/design/network/products/security/aad812x.htm.
|
| |
37
|
|
| |
38
|
|
| |
39
|
Carlos Maltzahn , Kathy J. Richardson , Dirk Grunwald, Performance issues of enterprise level web proxies, Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, p.13-23, June 15-18, 1997, Seattle, Washington, United States
|
| |
40
|
McGrath, R. E. 1995. Performance of several HTTP demons on an HP 735 workstation. http://www.ncsa.uiuc.edu/InformationServers/Performance/V1.4/report.html.
|
| |
41
|
|
| |
42
|
|
| |
43
|
|
| |
44
|
Mogul, J. C. 1995. Network behavior of a busy Web server and its clients. Tech. Rep. WRL 95/5, DEC Western Research Laboratory, Palo Alto, CA.
|
| |
45
|
Montz, A. B., Mosberger, D., O'Malley, S. W., Peterson, L. L., and Proebsting, T. A. 1994. Scout: A communications-oriented operating system. Tech. Rep. TR 94-20, Department of Computer Science, University of Arizona.
|
| |
46
|
David Mosberger , Larry L. Peterson , Patrick G. Bridges , Sean O'Malley, Analysis of techniques to improve protocol processing latency, Conference proceedings on Applications, technologies, architectures, and protocols for computer communications, p.73-84, August 28-30, 1996, Palo Alto, California, United States
|
| |
47
|
|
| |
48
|
|
| |
49
|
Erich M. Nahum , Marcel-Catalin Rosu , Srinivasan Seshan , Jussara Almeida, The effects of wide-area conditions on WWW server performance, Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, p.257-267, June 2001, Cambridge, Massachusetts, United States
|
| |
50
|
NetCraft. 2001. The Netcraft Secure Server Survey. http://www.netcraft.com/ssl/.
|
| |
51
|
Network Appliance, Inc. 2002. Netcache. http:/www.netapp.com/products/netcache.
|
| |
52
|
Vivek S. Pai , Mohit Aron , Gaurov Banga , Michael Svendsen , Peter Druschel , Willy Zwaenepoel , Erich Nahum, Locality-aware request distribution in cluster-based network servers, Proceedings of the eighth international conference on Architectural support for programming languages and operating systems, p.205-216, October 02-07, 1998, San Jose, California, United States
|
| |
53
|
Pai, V. S., Druschel, P., and Zwaenepoel, W. 1999a. Flash: An efficient and portable Web server. In Proceeding of the Usenix 1999 Annual Technical Conference. Monterey, CA, 199--212.
|
| |
54
|
|
| |
55
|
Pai, V. S., Ranganathan, P., and Adve, S. V. 1997. RSIM: An execution-driven simulator for ILP-based shared-memory multiprocessors and uniprocessors. In Proceedings of the 3rd Workshop on Computer Architecture Education.
|
| |
56
|
|
| |
57
|
Poskanser, J. 2002. thhtpd. http:/www.acme.com/software/thttpd/.
|
| |
58
|
Rescorla, E. 1999. Diffie-Hellman Key Agreement Method. Internet Engineering Task Force. RFC-2631, http://www.ietf.org/rfc/rfc2631.txt.
|
| |
59
|
|
| |
60
|
|
| |
61
|
Schechte, S. E. and Sutaria, J. 1997. A study of the effects of context switching and caching on HTTP server performance. http:/www.eecs.harvard.edu/stuart/Tarantula/FirstPaper.html.
|
| |
62
|
Schneier, B. 1996. Applied Cryptography, 2nd Ed. John Wiley and Sons, New York, NY.
|
| |
63
|
Shacham, H. and Boneh, D. 2002. Fast-track session establishment for TLS. In Proceedings of the 8th Network and Distributed System Security Symposium. San Diego, CA.
|
| |
64
|
Smith, J. M. and Traw, C. B. S. 1993. Giving applications access to Gb/s networking. IEEE Network 7, 4 (July), 44--52.
|
| |
65
|
Standard Performance Evaluation Corporation. 1999. SPECWeb99. http://www.specbench.org/osg/Web99/.
|
| |
66
|
Standard Performance Evaluation Corporation. 2002. SPECWeb99_SSL. http://www.specbench.org/osg/Web99ssl/.
|
| |
67
|
|
| |
68
|
|
| |
69
|
Wagner, D. and Schneier, B. 1996. Analysis of the SSL 3.0 protocol. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce. Oakland, CA.
|
| |
70
|
Matt Welsh , David Culler , Eric Brewer, SEDA: an architecture for well-conditioned, scalable internet services, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
|
| |
71
|
Wessels, D. 2002. Squid Web proxy cache. http:/www.squid-cache.org.
|
| |
72
|
Wireless Application Protocol Forum. 2001. Wireless Transport Layer Security. WAP forum. http://www1.wapforum.org/tech/terms.asp?doc=WAP-261-WTLS-20010406-a.pdf.
|
| |
73
|
Zeus Technology. 2001. Zeus performance tuning guide. http://support.zeus.com/faq/entries/ssl_tuning.html.
|
| |
74
|
Zeus Technology. 2002. Zeus Web server. http://www.zeus.co.uk/.
|
CITED BY 4
|
|
Shaneel Narayan , Samad Kolahi , Rick Waiariki , Madeleine Reid, Performance analysis of network operating systems in local area networks, Proceedings of the 2nd WSEAS International Conference on Computer Engineering and Applications, p.186-188, January 25-27, 2008, Acapulco, Mexico
|
|
|
|
|
|
Daniel F. García , Rodrigo García , Joaquín Entrialgo , Javier García , Manuel García, Evaluation of the effect of SSL overhead in the performance of e-business servers operating in B2B scenarios, Computer Communications, v.30 n.16, p.3063-3074, November, 2007
|
|
|
|
REVIEW
"Amos O Olagunju : Reviewer"
The analysis of performance costs of security operations in multifaceted secure Web servers is extremely odd. Is it feasible to ascertain an exact model for simulating the behaviors of secure replicated clusters of Web servers with load-balancing
more...
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
C.2