Performance analysis of MD5

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Performance analysis of MD5

Full text

Pdf (1.04 MB)

Source

Applications, Technologies, Architectures, and Protocols for Computer Communication archive
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication table of contents

Cambridge, Massachusetts, United States

Pages: 77 - 86

Year of Publication: 1995

ISBN:0-89791-711-1

Also published in ...

Author

Joseph D. Touch

USC/Information Sciences Institute

Sponsor

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 17, Downloads (12 Months): 119, Citation Count: 12

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/217382.217414 What is a DOI?

ABSTRACT

MD5 is an authentication algorithm proposed as the required implementation of the authentication option in IPv6. This paper presents an analysis of the speed at which MD5 can be implemented in software and hardware, and discusses whether its use interferes with high bandwidth networking. The analysis indicates that MD5 software currently runs at 85 Mbps on a 190 Mhz RISC architecture, a rate that cannot be improved more than 20-40%. Because MD5 processes the entire body of a packet, this data rate is insufficient for current high bandwidth networks, including HiPPI and FiberChannel. Further analysis indicates that a 300 Mhz custom VLSI CMOS hardware implementation of MD5 may run as fast as 256 Mbps. The hardware rate cannot support existing IPv4 data rates on high bandwidth links (800 Mbps HiPPI). The use of MD5 as the default required authentication algorithm in IPv6 should therefore be reconsidered, and an alternative should be proposed. This paper includes a brief description of the properties of such an alternative, including a sample alternate hash algorithm.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Atkinson, R., "IPv6 Authentication Header," (working draft - draft-ietf-ipngwg-auth-00.txt), February 1995.
	2	Atkinson, R., "IPv6 Security Architecture," (working draft - draft-ietf-ipngwg-sec-00.txt), February 1995.
	3	Atkinson, R., "IPv6 Encapsulating Security Payload (ESP)," (working draft - draft-ietf-ipngwg-esp-00.txt), February 1995.
	4	Baker, F., and Atkinson, R., "OSPF MD5 Authentication," (working draft - draft-ietf-osp5-md5-03.txt), March 1995.
	5	Baker, F., and Atkinson, R., "RIP-II Cryptographic Authentication,'' (working draft - draft-ietf-ripv2-md5-04.txt), March 1995.
	6	Bradner, S., and Mankin, A., "The Recommendation for the iP Next Generation Protocol," RFC 1752, Harvard University, USC/Information Sciences Institute, January 1995.
	7	Deering, S., "Simple Internet Protocol Plus (SIPP)," (working draft - draft-ietf-sipp-spec-01 .txt), July 1994.
	8	DiMarco, J., "Spec Benchmark table, V4.12" <ftp:// ftp.cdf, toronto.edu/pub/spectable>.
	9	David C. Feldmeier , Anthony J. McAuley, Reducing Protocol Ordering Constraints to Improve Performance, Proceedings of the IFIP WG6.1/WG6.4 Third International Workshop on Protocols for High-Speed Networks III, p.3-17, May 13-15, 1992
	10	Galvin, J., and McCloghrie, H., "Security Protocols for version 2 of the Simple Network Management Protocol(SNMPv2)," RFC 1446, Trusted Information Systems, Hughes LAN Systems, April 1993.
	11	Heffernan, A.. "TCP MD5 Signature Option," (working draft ~ draft-hefferman-tcp-md5-01.txt), March 1995.
	12	Hinden, R., "Intemet Protocol, Version 6 (IPv6) Specification,'' (working draft- draft-ietf-ipngwg-ipv6-spec-01.txt), March 1995.
	13	Hostetler, J., and Sink, E., "A Proposed Extension to HTTP: SimpleMD5 Access Authorization," (work in progress).
	14	Irissou, B., Design Techniques for High-Speed Datapaths, Master's Thesis, University of California at Berkeley, CSD, November 1992.
	15	Kaliski, B., "The MD2 Message-Digest Algorithm," RFC- 1319, RSA Data Security, Inc., April 1992.
	16	Leech, M., "Key-seeded MD5 authentication for SOCKS," (working draft- draft-ietf-aft-socks-md5~auth-00.txt), October t 994.
	17	Malkin, G., "RIP for IPv6," (working draft - draft-ietf-ripv2- ripng-00.txt), November 1994.
	18	McCanne, S., and Torek, C., "A Randomized Sampling Clock for CPU Utilization Estimation and Code Profiling," Proc. Winter USENIX, San Diego, January 1993.
	19	Metzger, P., Karn, P., and Simpson, W., "The ESP DES-CBC Transform," (working draft - draft-ietf-ipsec-esp-des-cbc- 04.txt), April 1995.
	20	Metzger, P., and Simpson, W., "iP Authentication using Keyed MD5," (working draft - draft-ietf-ipsec-ah-md5- 03.txt), April 1995.
	21	National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication 46, Government Printing Office, Washington, D.C., 1977.
	22	National institute for Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180, Government Printing Office, Washington, D.C., 1993.
	23	Partridge, C., and Kastenholz, E, "Technical Criteria for Choosing IP The Next Generation (IPng)," RFC 1726, BBN Systems and Technologies, FTP Software, December 1994.
	24	Postel, J., "Intemet Protocol - DARPA Intemet Program Protocol Specification," STD-5, RFC-791, ISI, September 1981.
	25	Rescorla, E., and Schiffman, A., "The Secure HyperText Transfer Protocol," (working draft - draft-rescorla-shttp- 0.txt), December 1994.
	26	Rivest, R., '~The RC5 Encryption Algorithm," RSA Data Security Technical Report, April 1995.
	27	Rivest, R., "The MD4 Message-Digest Algorithm," RFC~ 1320, MIT LCS and RSA Data Security, Inc., April 1992.
	28	Rivest, R., "The MD5 Message-Digest Algorithm," RFC~ 1321, MIT LCS and RSA Data Security, Inc., April 1992.
	29	Phillip Rogaway, Bucket Hashing and its Application to Fast Message Authentication, Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology, p.29-42, August 27-31, 1995
	30	Touch, J., "Report on MD5 Performance," (working draft - draft-touch-md5-performance-00.txt), December 1994.
	31	Touch, J., "Implementing the lntemet Checksum in Hardware," (work in progress).

CITED BY 12

	Jun Xu , Jinliang Fan , Mostafa Ammar , Sue B. Moon, On the design and performance of prefix-preserving IP traffic trace anonymization, Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, November 01-02, 2001, San Francisco, California, USA
	Jeffrey K. Hollingsworth , Ethan L. Miller, Using content-derived names for configuration management, ACM SIGSOFT Software Engineering Notes, v.22 n.3, p.104-109, May 1997
	Prasanth Ganesan , Ramnath Venugopalan , Pushkin Peddabachagari , Alexander Dean , Frank Mueller , Mihail Sichitiu, Analyzing and modeling encryption overhead for sensor network nodes, Proceedings of the 2nd ACM international conference on Wireless sensor networks and applications, September 19-19, 2003, San Diego, CA, USA
	Ramnath Venugopalan , Prasanth Ganesan , Pushkin Peddabachagari , Alexander Dean , Frank Mueller , Mihail Sichitiu, Encryption overhead in embedded systems and sensor network nodes: modeling and analysis, Proceedings of the 2003 international conference on Compilers, architecture and synthesis for embedded systems, October 30-November 01, 2003, San Jose, California, USA
	Yifeng Zhu , Hong Jiang, CEFT: a cost-effective, fault-tolerant parallel virtual file system, Journal of Parallel and Distributed Computing, v.66 n.2, p.291-306, February 2006
	N. Sklavos , P. Kitsos , K. Papadopoulos , O. Koufopavlou, Design, Architecture and Performance Evaluation of the Wireless Transport Layer Security, The Journal of Supercomputing, v.36 n.1, p.33-50, April 2006
	T. S. Ganesh , M. T. Frederick , T. S. B. Sudarshan , A. K. Somani, Hashchip: a shared-resource multi-hash function processor architecture on FPGA, Integration, the VLSI Journal, v.40 n.1, p.11-19, January 2007
	Ramaswamy Ramaswamy , Tilman Wolf, High-speed prefix-preserving IP address anonymization for passive measurement systems, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.26-39, February 2007
	Jeffery C. Mogul , Yee Man Chan , Terence Kelly, Design, implementation, and evaluation of duplicate transfer detection in HTTP, Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation, p.4-4, March 29-31, 2004, San Francisco, California
	Alessandro Aldini , Marco Roccetti , Roberto Gorrieri, On securing real-time speech transmission over the internet: an experimental study, EURASIP Journal on Applied Signal Processing, v.2003 n.1, p.1027-1042, January 2003
	Yifeng Zhu , Hong Jiang , Xiao Qin , Dan Feng , David R. Swanson, Design, implementation and performance evaluation of a cost-effective, fault-tolerant parallel virtual file system, Proceedings of the international workshop on Storage network architecture and parallel I/Os, p.53-64, September 28-28, 2003, New Orleans, Louisiana
	Tzu-Chi Huang , Sherali Zeadally , Naveen Chilamkurti , Ce-Kuen Shieh, Design, implementation, and evaluation of a Programmable Bandwidth Aggregation System for home networks, Journal of Network and Computer Applications, v.32 n.3, p.741-759, May, 2009