Abstract
Security and performance are usually at odds with each other. Current implementations of security on the web have been adopted at the extreme end of the spectrum, where strong cryptographic protocols are employed at the expense of performance. The SSL protocol is not only computationally intensive, but it makes web caching impossible, thus missing out on potential performance gains. In this paper we discuss the requirements for web security and present a solution that takes into account performance impact and backwards compatibility.
Similar content being viewed by others
REFERENCES
Berners-Lee, T., R. Fielding, and H. Hrystyk. (1996). “Hypertext Transfer Protocol—HTTP/1.0.” Request for Comments RFC-1945, Internet Engineering Task Force, May 1996.
Boneh, D. and N. Daswani. (1999). “Experimenting with Electronic Commerce on the PalmPilot.” In Proceedings of Financial Cryptography'99, pp. 1–16.
Boneh, D. and H. Shacham. (2001). “Improving SSL Handshake Performance via Batching.” In Proceedings of RSA'2001, Lecture Notes in Computer Science, Vol. 2020, pp. 28–43
Coarfa, C., P. Druschel, and D.S. Wallach. (2002). “Performance Analysis of TLS Web Servers.” In Network and Distributed Systems Security Symposium, San Diego, CA, February 2002. To appear.
COMPAG. “The AXL300 RSA Accelerator.” http://www.compaq.com/products/servers/ security/axl300/
Dean, D., T. Berson, M. Franklin, D. Smetters, and M. Spreitzer. (2001). “Cryptology as a Network Ser-vice.” In Proceedings of the 7th Network and Distributed System Security Symposium, San Diego, CA, February 2001.
Dean, D. and A. Stubblefield. (2001). “Using Client Puzzles to Protect TLS.” In 10th USENIX Security Symposium, Washington, DC, August 2001, pp. 1–8.
Dierks, T. and C. Allen. (1999). “The TLS Protocol, Version 1.0.” Internet Engineering Task Force, January 1999. RFC-2246, ftp://ftp.isi.edu/in-notes/rfc2246.txt
Fiat, A. (1997). “Batch RSA.” Journal of Cryptology2(10), 75–88.
Gettys, J., J. Mogul, H. Frystyk, L. Masiter, P. Leach, and T. Berners-Lee. (1999). “Hypertext Transfer Protocol.” Technical Report RFC-2616, June 1999. http://www.w3.org/Protocols/rfc2616/ rfc2616.html
Krishnamurthy, B. and M. Arlitt. (2001). “PRO-COW: Protocol Compliance on the Web—A Longitudinal Study.” In 2001 USENIX Symposium on Internet Technology and Systems, San Francisco, CA, March 2001.
Krishnamurthy, B. and J. Rexford. (2001). Web Protocols and Practice HTTP/1.1, Networking Protocols, Caching and Traffic Measurement. Addison-Wesley.
McCormac, J. (1996). European Scrambling Systems. Waterford, Ireland: Waterford University Press.
Pai, V.S., M. Aron, G. Banga, M. Svendsen, P. Druschel, W. Zwaenepoel, and E. Nahum. (1998). “Locality-Aware Request Distribution in Cluster-Based Network Servers.” In Proceedings of the 8th Conference on Architectural Support for Programming Languages and Operating Systems, San Jose, CA, October 1998.ACM.
Rescorla, E., A. Cain, and B. Korver. (2002). “SSLACC: A Clustered SSL Accelerator.” In Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, August 2002. To appear.
Zeus.com. “Zeus Performance Tuning Guide.” http://support.zeus.com/faq/entries/ssl_tuning.html
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Stubblefield, A., Rubin, A.D. & Wallach, D.S. Managing the Performance Impact of Web Security. Electronic Commerce Research 5, 99–116 (2005). https://doi.org/10.1023/B:ELEC.0000045975.59531.08
Issue Date:
DOI: https://doi.org/10.1023/B:ELEC.0000045975.59531.08