ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Client-side caching for TLS
Full text PdfPdf (182 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 7 ,  Issue 4  (November 2004) table of contents
Pages: 553 - 575  
Year of Publication: 2004
ISSN:1094-9224
Authors
Hovav Shacham  Stanford University, Stanford, CA
Dan Boneh  Stanford University, Stanford, CA
Eric Rescorla  Stanford University, Stanford, CA
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 11,   Downloads (12 Months): 95,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1042031.1042034
What is a DOI?

ABSTRACT

We propose two new mechanisms for caching handshake information on TLS clients. The "fast-track" mechanism provides a client-side cache of a server's public parameters and negotiated parameters in the course of an initial, enabling handshake. These parameters need not be resent on subsequent handshakes. Fast-track reduces both network traffic and the number of round trips, and requires no additional server state. These savings are most useful in high-latency environments such as wireless networks. The second mechanism, "client-side session caching," allows the server to store an encrypted version of the session information on a client, allowing a server to maintain a much larger number of active sessions in a given memory footprint. Our design is fully backward-compatible with TLS: extended clients can interoperate with servers unaware of our extensions and vice versa. We have implemented our fast-track proposal to demonstrate the resulting efficiency improvements.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Abbott, S. and Keung, S. 1998. CryptoSwift, Version 2, Performance on Netscape Enterprise Server. Available at http://www.cryptoswift.cz/csw-labs/NSE351-CSv2-NT/NS351-CSv2.html.
 
2
Apostolopoulos, G., Peris, V., and Saha, D. 1999. Transport layer security: How much does it really cost? In Proceedings of IEEE Infocom '99, A. K. Choudhury and N. Shroff, Eds. IEEE, 717--725.
 
3
Apostolopoulos, G., Peris, V., Pradhan, P., and Saha, D. 2000. Securing electronic commerce: Reducing the SSL overhead. IEEE Netw. 14, 4 (July), 8--16.
 
4
Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., and Wright, T. 2003. RFC 3546: TLS Extensions.
 
5
Daniel Bleichenbacher, Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1, Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.1-12, August 23-27, 1998
6
Burton H. Bloom, Space/time trade-offs in hash coding with allowable errors, Communications of the ACM, v.13 n.7, p.422-426, July 1970  [doi>10.1145/362686.362692]
 
7
Jeremy Bradley , Neil Davies, Analysis of the SSL Protocol, University of Bristol, Bristol, UK, 1995
 
8
Brumley, D. and Boneh, D. 2003. Remote timing attacks are practical. In Proceedings of USENIX Security 2003, V. Paxson, Ed. USENIX.
 
9
Canvel, B., Hiltgen, A., Vaudenay, S., and Vuagnoux, M. 2003. Password interception in a SSL/TLS channel. In Proceedings of Crypto 2003, D. Boneh, Ed. Lecture Notes in Computer Science, vol. 2729. Springer-Verlag, Berlin, 583--599.
 
10
Coarfa, C., Druschel, P., and Wallach, D. 2002. Performance analysis of TLS web servers. In Proceedings of NDSS 2002, M. Tripunitara, Ed. Internet Society, 183--194.
 
11
Dierks, T. and Allen, C. 1999. RFC 2246: The TLS Protocol, Version 1.
 
12
Diffie, W. and Hellman, M. 1979. Privacy and authentication: An introduction to cryptography. Proc. IEEE 67, 397--427.
 
13
Goldberg, A., Buff, R., and Schmitt, A. 1998. Secure web server performance dramatically improved by caching SSL session keys. In Proceedings of WISP 1998, P. Cao and S. Sarukkai, Eds.
 
14
Gupta, V., Stebila, D., Fung, S., Shantz, S.C., Gura, N., and Eberle, H. 2004. Speeding up secure web transactions using elliptic curve cryptography. In Proceedings of NDSS '04, M. Tripunitara, Ed. Internet Society.
 
15
Paul C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, p.104-113, August 18-22, 1996
 
16
Hugo Krawczyk, The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?), Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.310-331, August 19-23, 2001
 
17
Mitchell, J., Shmatikov, V., and Stern, U. 1998. Finite-state analysis of SSL 3.0. In Proceedings of USENIX Security 1998, A. Rubin, Ed. USENIX, 201--216.
 
18
Möller, B. 2004. Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures. Available at http://www.openssl.org/~bodo/tls-cbc.txt.
19
Lawrence C. Paulson, Inductive analysis of the Internet protocol TLS, ACM Transactions on Information and System Security (TISSEC), v.2 n.3, p.332-351, Aug. 1999  [doi>10.1145/322510.322530]
 
20
Eric Rescorla , Adam Cain , Brian Korver, SSLACC: A Clustered SSL Accelerator, Proceedings of the 11th USENIX Security Symposium, p.229-246, August 05-09, 2002
 
21
Shacham, H. and Boneh, D. Fast-track TLS Prototype Implementation. Available at http://hovav.net/dist/sslex-dr0.1.tar.gz.
 
22
Shacham, H. and Boneh, D. 2001. TLS Fast-Track Session Establishment. Internet Draft: draft-shacham-tls-fasttrack-00.txt. Work in progress.
 
23
W. Richard Stevens, UNIX network programming, volume 2 (2nd ed.): interprocess communications, Prentice Hall PTR, Upper Saddle River, NJ, 1998
 
24
Thorpe, G. Distcache: Distributed Session Caching. Available at http://distcache.sourceforge.net/.
 
25
Serge Vaudenay, Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ..., Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology, p.534-546, May 02, 2002
 
26
Wagner, D. and Schneier, B. 1996. Analysis of the SSL 3.0 protocol. In Proceedings of 2nd USENIX Workshop on Electronic Commerce, D. Tygar, Ed. USENIX.
 
27
Wireless Application Forum. 2000. Wireless Transport Layer Security Specification. Available at http://www.wapforum.org/.
 
28
Wolverton, T. 2000. Amazon reports wider loss, but book business profits. CNET. Available at http://news.com.com/2100-1017-236436.html?legacy=cnet.

CITED BY  3
Chwan Hwa John Wu , Tong Liu, Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS), Proceedings of the 2008 Spring simulation multiconference, April 14-17, 2008, Ottawa, Canada
Amir Herzberg , Ahmad Jbara, Security and identification indicators for browsers against spoofing and phishing attacks, ACM Transactions on Internet Technology (TOIT), v.8 n.4, p.1-36, September 2008
Tadashi Kaji , Takahiro Fujishiro , Satoru Tezuka, A Proposal of TLS Implementation for Cross Certification Model, IEICE - Transactions on Information and Systems, v.E91-D n.5, p.1311-1318, May 2008

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols

Additional Classification:
  C. Computer Systems Organization
  C.4 PERFORMANCE OF SYSTEMS

  E. Data
  E.3 DATA ENCRYPTION


General Terms:
Design, Performance, Security


Keywords:
Bloom filters, TLS, session cache, wireless networks

Collaborative Colleagues:
Hovav Shacham: colleagues
Dan Boneh: colleagues
Eric Rescorla: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player