Скачать презентацию Cryptographic Execution Time for WTLS Handshakes Скачать презентацию Cryptographic Execution Time for WTLS Handshakes

74b7d99db92027e22d32c9205515408c.ppt

  • Количество слайдов: 21

• Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani • Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani neil@yodlee. com September 21, 2000

Overview • • WAP Browsers & Handhelds A Review of WTLS Benchmarking Experiments WTLS Overview • • WAP Browsers & Handhelds A Review of WTLS Benchmarking Experiments WTLS Handshake Timing Estimates • Discussion of Results • Summary / Conclusions 2 Private and Confidential, Yodlee. com, Inc.

WAP Browsers & Handhelds: What is WAP? • WAP: Wireless Application Protocol • Created WAP Browsers & Handhelds: What is WAP? • WAP: Wireless Application Protocol • Created by WAP Forum – Founded June 1997 by Ericsson, Motorola, Nokia, Phone. com – 500+ member companies – Goal: Bring Internet content to wireless devices • WTLS: Wireless Transport Layer Security 3 Private and Confidential, Yodlee. com, Inc.

WAP Browsers & Handhelds: What is WAP? WTLS SSL Web Server Internet WAP Gateway WAP Browsers & Handhelds: What is WAP? WTLS SSL Web Server Internet WAP Gateway 4 Private and Confidential, Yodlee. com, Inc.

WAP Browsers & Handhelds: Gaining Steam • Palm OS – AU Systems – 4 WAP Browsers & Handhelds: Gaining Steam • Palm OS – AU Systems – 4 th Pass k. Browser • Windows/Pocket. PC – EZOS Ez. WAP • Psion – Purple Software/ Dynamical Systems Research • RIM – Neomar 5 Private and Confidential, Yodlee. com, Inc.

WAP Browsers & Handhelds: Security & Performance • Secure Connections: – Too long -> WAP Browsers & Handhelds: Security & Performance • Secure Connections: – Too long -> affects usability – Shorter keys -> too risky • How long does the crypto take? – Using different crypto. algs. – Using different authentication methods 6 Private and Confidential, Yodlee. com, Inc.

A Review of WTLS: WTLS Goals • WTLS Goals – Authentication – Privacy – A Review of WTLS: WTLS Goals • WTLS Goals – Authentication – Privacy – Data Integrity • Authentication: Public-Key Crypto (CPU intensive!!!) • Privacy: Symmetric Crypto • Data Integrity: MACs 7 Private and Confidential, Yodlee. com, Inc.

A Review of WTLS: Crypto Basics • Public-Key Crypto – RSA (Rivest-Shamir-Adelman) – ECC A Review of WTLS: Crypto Basics • Public-Key Crypto – RSA (Rivest-Shamir-Adelman) – ECC (Elliptic Curve) • Certificates • Authentication – None, Client, Server, Mutual 8 Private and Confidential, Yodlee. com, Inc.

A Review of WTLS: Server-Authentication • Server-Authentication Only Client. Hello ------> <------ Server. Hello A Review of WTLS: Server-Authentication • Server-Authentication Only Client. Hello ------> <------ Server. Hello Certificate Server. Hello. Done 1. Verify Server Certificate Client. Key. Exchange 2. Establish Session Key Change. Cipher. Spec Finished ------> <------ Application Data 9 Finished <-----> Application Data Private and Confidential, Yodlee. com, Inc.

A Review of WTLS: Server-Authentication 1. Verify Server Certificate – ECC & RSA: Verify A Review of WTLS: Server-Authentication 1. Verify Server Certificate – ECC & RSA: Verify Signature 2. Establish Session Key – ECC: Generate ECC-DH Key Pair & Multiply – RSA: Encrypt w/ Server Public Key 10 Private and Confidential, Yodlee. com, Inc.

A Review of WTLS: Mutual-Authentication • Mutual-Authentication Client Hello ------> 1. Verify Server Certificate A Review of WTLS: Mutual-Authentication • Mutual-Authentication Client Hello ------> 1. Verify Server Certificate <------ Server. Hello Certificate. Request Server. Hello. Done Certificate Client. Key. Exchange (only for RSA) 2. Establish Session Key Certificate. Verify 3. Generate Signature Change. Cipher. Spec Finished ------> <-----Application Data 11 Finished <-----> Application Data Private and Confidential, Yodlee. com, Inc.

A Review of WTLS: Mutual-Authentication 1. Verify Server Certificate – ECC & RSA: Verify A Review of WTLS: Mutual-Authentication 1. Verify Server Certificate – ECC & RSA: Verify Signature 2. Establish Session Key – ECC: Generate ECC-DH Key Pair & Multiply – RSA: Encrypt w/ Server Public Key 3. Verify Client Certificate – ECC & RSA: Signature Generation 12 Private and Confidential, Yodlee. com, Inc.

Benchmarking Experiments New Palm VII (Dragonball. EZ, 20 MHz, Palm. OS v. 3. 2. Benchmarking Experiments New Palm VII (Dragonball. EZ, 20 MHz, Palm. OS v. 3. 2. 5) (ms) ECC Benchmarks (163 -bit) Palm V (Dragonball-EZ, 16. 6 MHz, Palm. OS v. 3. 3) (ms) Old Palm VII (Dragonball, 16. 6 MHz, Palm. OS v. 3. 1) (ms) Key Generation 372. 4 514 556 Key Expansion[1] 254. 8 350 378 Diffie-Hellman Key Agreement ECC-DSA Signature Generation ECC-DSA Signature Verification 335. 6 462 500 514. 8 713 773 1254 1740 1885 RSA Benchmarks(1024 -bit)[2] Signature Generation 27808 29628 Sig Verify (e=3) 598 758 790 Sig Verify (e=65537) 1482 1860 1966 RSA Encrypt 13 21734 622 798 834 Private and Confidential, Yodlee. com, Inc.

WTLS Handshake Timing Estimates • Server-Authenticated Only: RSA Operation Time Required (ms) Server Certificate WTLS Handshake Timing Estimates • Server-Authenticated Only: RSA Operation Time Required (ms) Server Certificate Verification RSA Signature Verification 598 Session Key Establishment (Public decrypt, e=3) RSA Encryption (Public encrypt) 622 TOTAL 14 Cryptographic Primitive(s) 1220 Private and Confidential, Yodlee. com, Inc.

WTLS Handshake Timing Estimates • Server-Authenticated Only: ECC Operation Server Certificate Verification Session Key WTLS Handshake Timing Estimates • Server-Authenticated Only: ECC Operation Server Certificate Verification Session Key Establishment Cryptographic Primitive(s) CA Public Key Expansion ECC-DSA Signature Verification ECC Key Generation (DH Ephemeral Key) Time Required (ms) 254. 8 1254 372. 4 Server Public Key Expansion Key Agreement TOTAL 254. 8 335. 6 2471. 6 The cryptographic execution time for server-authenticated 1024 -bit RSA handshakes is up to 2 times as fast as the cryptographic execution time for serverauthenticated 163 -bit ECC handshakes on the Palm VII. 15 Private and Confidential, Yodlee. com, Inc.

WTLS Handshake Timing Estimates • Mutual-Authentication: RSA Operation Time Required (ms) Server Certificate Verification WTLS Handshake Timing Estimates • Mutual-Authentication: RSA Operation Time Required (ms) Server Certificate Verification RSA Signature Verification (Public decrypt, e=3) 598 Session Establishment RSA Encryption (Public encrypt) 622 Client Authentication RSA Signature Generation (Private encrypt) 21734 TOTAL 16 Cryptographic Primitive(s) 22954 Key Private and Confidential, Yodlee. com, Inc.

WTLS Handshake Timing Estimates • Mutual-Authentication: ECC Operation Server Certificate Verification CA Public Key WTLS Handshake Timing Estimates • Mutual-Authentication: ECC Operation Server Certificate Verification CA Public Key Expansion ECC-DSA Signature Verification Server Public Key Expansion Key Agreement Session Key Establishment Client Authentication TOTAL Cryptographic Primitive(s) ECC-DSA Signature Generation Time Required (ms) 254. 8 1254 254. 8 335. 6 514. 8 2614 The cryptographic execution time for mutually-authenticated 163 -bit ECC handshakes is at least 8. 64 times as fast as the cryptographic execution time for mutually-authenticated 1024 -bit RSA handshakes on the Palm VII. 17 Private and Confidential, Yodlee. com, Inc.

Discussion of Results • Strictly CPU time • Optimizations – Store Expanded Keys • Discussion of Results • Strictly CPU time • Optimizations – Store Expanded Keys • Mutually authenticated handshakes could be too expensive for 1024 -bit RSA on constrained microprocessors. • Issue: who will sign ECC certificates? 18 Private and Confidential, Yodlee. com, Inc.

Discussion of Results PDA Microprocessor Speed Palm, Handspring Motorola Dragonball 16. 6 – 20 Discussion of Results PDA Microprocessor Speed Palm, Handspring Motorola Dragonball 16. 6 – 20 MHz RIM Interactive Pager Intel 386 10 MHz Compaq Aero 1530 NEC/VR 4111 MIPS RISC 70 MHz HP Jornada 820 Intel/Strong. ARM RISC SA 1100 NEC/VR 4121 MIPS 190 MHz ARM 710 36 MHz Digital/Arm 7100 18 MHz Casio Cassiopeia E 100 Psion Revo Psion Series 5 19 Private and Confidential, Yodlee. com, Inc. 131 MHz

Summary / Conclusions • Cryptographic Execution Time for WTLS handshakes on wireless devices is Summary / Conclusions • Cryptographic Execution Time for WTLS handshakes on wireless devices is significant. • Server-Authenticated 1024 -bit RSA can be 2 x as fast as 163 -bit ECC • Mutually-Authenticated 163 -bit ECC is at least 8 x as fast as 1024 -bit RSA 20 Private and Confidential, Yodlee. com, Inc.

References & Acknowledgements • References: – WAP Forum, Wireless Application Protocol Specification Version 1. References & Acknowledgements • References: – WAP Forum, Wireless Application Protocol Specification Version 1. 1, 4. 30. 1998 – WAP Forum, Wireless Transport Layer Security Specification Version 1. 1, 11. 2. 1999 – AU-Systems WAP Browser Home Page, http: //www. wapguide. com/wapguide/browser. html – EZOS Ez. WAP Browser Page, http: //www. ezos. com/ – Psion WAP Browser Beta Page, http: //wap. psion. com/ – Neomar RIM WAP Browser Page, http: //www. neomar. com/ – Neomar Press Release, http: //www. neomar. com/press/00. 05. 23 certicom. html • Acknowledgements: – Tim Dierks, Rob Lambert, Chris Hawk (Certicom) – Nagendra Modadugu (Stanford) 21 Private and Confidential, Yodlee. com, Inc.