Performance analysis of TLS Web servers

Authors:
Cristian Coarfa;Peter Druschel;Dan S. Wallach
Affiliations:
Rice University, Houston, TX;Rice University, Houston, TX;Rice University, Houston, TX
Venue:
ACM Transactions on Computer Systems (TOCS)
Year:
2006

Citing 36
Cited 20

Efficient demultiplexing of incoming TCP packets

SIGCOMM '92 Conference proceedings on Communications architectures & protocols
The impact of operating system structure on memory system performance

SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Fbufs: a high-bandwidth cross-domain transfer facility

SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Experiences with a high-speed network adaptor: a software perspective

SIGCOMM '94 Proceedings of the conference on Communications architectures, protocols and applications
User-space protocols deliver high performance to applications on a low-cost Gb/s LAN

SIGCOMM '94 Proceedings of the conference on Communications architectures, protocols and applications
U-Net: a user-level network interface for parallel and distributed computing

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
The performance of the Container Shipping I/O system

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Using the SimOS machine simulator to study complex computer systems

ACM Transactions on Modeling and Computer Simulation (TOMACS)
Analysis of techniques to improve protocol processing latency

Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
Performance issues of enterprise level web proxies

SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Cluster-based scalable network services

Proceedings of the sixteenth ACM symposium on Operating systems principles
Locality-aware request distribution in cluster-based network servers

Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
IO-lite: a unified I/O buffering and caching system

OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Better operating system features for faster network servers

ACM SIGMETRICS Performance Evaluation Review
Public-key cryptography and password protocols

ACM Transactions on Information and System Security (TISSEC)
Inductive analysis of the Internet protocol TLS

ACM Transactions on Information and System Security (TISSEC)
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
The effects of wide-area conditions on WWW server performance

Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
SEDA: an architecture for well-conditioned, scalable internet services

SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Performance issues in WWW servers

IEEE/ACM Transactions on Networking (TON)
Network Security with Openssl

Network Security with Openssl
Apache: The Definitive Guide

Apache: The Definitive Guide
Measuring the capacity of a Web server under realistic loads

World Wide Web
Increasing web server throughput with network interface data caching

Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
Improving SSL Handshake Performance via Batching

CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
A Study of the Relative Costs of Network Security Protocols

Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Finite-State Analysis of Security Protocols

CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Secure Blue: An Architecture for a Scalable, Reliable, High Volume SSL Internet Server

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Analysis of the SSL Protocol

Analysis of the SSL Protocol
An Efficient Zero-Copy I/O Framework for UNIX

An Efficient Zero-Copy I/O Framework for UNIX
Analysis of the SSL 3.0 protocol

WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Scalable kernel performance for internet servers under realistic loads

ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
A hierarchical internet object cache

ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Zero-copy TCP in Solaris

ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Flash: an efficient and portable web server

ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
A scalable and explicit event delivery mechanism for UNIX

ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference

Cryptography as an operating system service: A case study

ACM Transactions on Computer Systems (TOCS)
Evaluation of the effect of SSL overhead in the performance of e-business servers operating in B2B scenarios

Computer Communications
Cryptographic strength of ssl/tls servers: current and recent practices

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Performance analysis of network operating systems in local area networks

CEA'08 Proceedings of the 2nd WSEAS International Conference on Computer Engineering and Applications
Session resumption for the secure shell protocol

IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Improving e-payment security using Elliptic Curve Cryptosystem

Electronic Commerce Research
A session key caching and prefetching scheme for secure communication in cluster systems

Journal of Parallel and Distributed Computing
Proxychain: developing a robust and efficient authentication infrastructure for carrier-scale VoIP networks

USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Analysis of IPSec overheads for VPN servers

NPSEC'05 Proceedings of the First international conference on Secure network protocols
Integrity of the web content: the case of online advertising

CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
An integrated approach to cryptographic mitigation of denial-of-service attacks

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
ACCENT: Cognitive cryptography plugged compression for SSL/TLS-based cloud computing services

ACM Transactions on Internet Technology (TOIT)
Legal concepts meet technology: a 50-state survey of privacy laws

Proceedings of the 2011 Workshop on Governance of Technology, Information, and Policies
Hardware/Software co-design of public-key cryptography for SSL protocol execution in embedded systems

ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Analysis of token and ticket based mechanisms for current VoIP security issues and enhancement proposal

CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
One-time cookies: Preventing session hijacking attacks with stateless authentication tokens

ACM Transactions on Internet Technology (TOIT)
Transaction-based authentication and key agreement protocol for inter-domain VoIP

Journal of Network and Computer Applications
iHTTP: efficient authentication of non-confidential HTTP traffic

ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
LAKE: A Server-Side Authenticated Key-Establishment with Low Computational Workload

ACM Transactions on Internet Technology (TOIT)
A comparison study between the TLS-based security framework and IKEv2 when protecting DSMIPv6 signaling

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

TLS is the protocol of choice for securing today's e-commerce and online transactions but adding TLS to a Web server imposes a significant overhead relative to an insecure Web server on the same platform. We perform a comprehensive study of the performance costs of TLS. Our methodology is to profile TLS Web servers with trace-driven workloads, replace individual components inside TLS with no-ops, and measure the observed increase in server throughput. We estimate the relative costs of each TLS processing stage, identifying the areas for which future optimizations would be worthwhile. Our results show that while the RSA operations represent the largest performance cost in TLS Web servers, they do not solely account for TLS overhead. RSA accelerators are effective for e-commerce site workloads since they experience low TLS session reuse. Accelerators appear to be less effective for sites where all the requests are handled by a TLS server because they have a higher session reuse rate. In this case, investing in a faster CPU might provide a greater boost in performance. Our experiments show that having a second CPU is at least as useful as an RSA accelerator. Our results seem to suggest that, as CPUs become faster, the cryptographic costs of TLS will become dwarfed by the CPU costs of the nonsecurity aspects of a Web server. Optimizations aimed at general purpose Web servers should continue to be a focus of research and would benefit secure Web servers as well.