Performance analysis of cryptographic protocols on handheld devices
Summary (2 min read)
1. Introduction
- The use of mobile computing devices (e.g. handhelds, palmtops, mobile phones) has increased over the years, particularly during the last decade.
- Personal Digital Assistants (PDAs) started initially as devices to store personal information.
- As they have grown more compact with more powerful CPUs, they have evolved to support more advanced communications applications that have traditionally been the domain of workstations.
- In this paper the authors present a thorough performance assessment of the three most commonly used security protocols for Internet transactions on wireless mobile devices.
- In the remainder of the article the authors start by presenting the parameters that are common for all the tests they have performed.
2. Methodology
- For the implementation of the investigated protocols the authors have employed the Windows CE port of the OpenSSL [8] cryptographic toolkit, version 0.9.7d.
- All the experiments were performed with RSA keys of 1,024 and 2,048 bits size, with small public exponents (e was given the value 65,537) making the public key operations significantly faster than the private key operations.
- The authors feel that 512 bits keys are too short for sensitive data and therefore cannot be used in experiments that try to capture the realistic requirements of secure transactions.
- Moreover, the authors have created a certification authority (CA) that directly issued certificates for the public keys of the peers involved in the tests making the certificate chains one certificate long, thus requiring a single verification operation.
3. Secure Sockets Layer (SSL)
- The Secure Sockets Layer (SSL), the latest version of which is also known as Transport Layer Security (TLS), is by far the most widely deployed security protocol in the world [11].
- Furthermore, it should be noted that the authors have used full SSL handshakes with no abbreviations and no certificate caching.
- Handheld devices are totally depended on the available battery energy and therefore expensive operations should be identified.
- The overhead that is introduced by using SSL as the method of providing transport-layer security for network transactions on handheld devices is considerable.
4. Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Secure/Multipurpose Internet Mail Extensions (S/MIME) is the industry standard for providing message-oriented security services for Internet electronic mail.
- Therefore, S/MIME can be utilized as the security solution for any communication protocol that uses the store-and-forward delivery architecture of electronic mail.
- The recipient decrypts the CEK using her private key and then the message using the CEK.
- Specifically, the observed overhead of approximately 1 second that is introduced at the sender side and half a second at the receiver side when both confidentiality and authentication with 2,048 bits keys pairs is required is not prohibitive for even real-time store-and-forward systems employed on handheld devices.
5. IP-level Security (IPsec)
- IPsec consists of a set of protocols that provide security services for any application that uses the Internet Protocol (IP).
- The IPsec protocol suite is consisting of three different protocols [5].
- First of all, the Encapsulating Security Payload (ESP) which is added to an IP datagram and provides confidentiality, integrity, and authenticity of the transferred data.
- The purpose of the first phase is to construct a secure and authenticated channel to exchange further IKE traffic and this can be accomplished in two different modes, the main mode and the aggressive mode.
- Therefore a successful completion of the first phase requires approximately 167 milliseconds with 1,024 bits RSA key pairs and 1 second (1,026 milliseconds) with 2,048 bits key pairs.
7. Discussion and conclusion
- This paper demonstrates the feasibility of using strong cryptographic protocols on mobile handheld devices.
- The authors have presented a thorough performance analysis of the three most common security protocols used for a wide variety of applications in the wired Internet.
- It is small enough to allow even frequent short-lived secure HTTP transactions.
- The comparison between their work and previous related work revealed interesting results regarding the advances of constrained devices.
- The authors believe that currently available handheld devices can form the foundation of secure ubiquitous computing environments since they can facilitate the use of strong cryptographic functions.
Did you find this useful? Give us your feedback
Citations
234 citations
234 citations
183 citations
166 citations
128 citations
Additional excerpts
...Referring to the results of [2], on PDAs of moderate capabilities, for a message of 2KB, each hash operation takes a fraction of a millisecond, and a signature operation takes about 80 milliseconds....
[...]
References
3,455 citations
"Performance analysis of cryptograph..." refers methods in this paper
...Specifically, we benchmark the Secure Sockets Layer (SSL) [3] as the standard security protocol for protecting a wide range of interactive network applications such as Web commerce, S/MIME [4] as the industry standard for providing message-oriented security services and IPlevel security (IPsec) [5] as the primary technology for creating virtual private networks and offering protection at the network-layer....
[...]
...The IPsec protocol suite is consisting of three different protocols [5]....
[...]
2,375 citations
1,956 citations
"Performance analysis of cryptograph..." refers methods in this paper
...Specifically, we benchmark the Secure Sockets Layer (SSL) [3] as the standard security protocol for protecting a wide range of interactive network applications such as Web commerce, S/MIME [4] as the industry standard for providing message-oriented security services and IPlevel security (IPsec) [5] as the primary technology for creating virtual private networks and offering protection at the network-layer....
[...]
1,480 citations
"Performance analysis of cryptograph..." refers background or methods in this paper
...Our results show that the time taken to perform cryptographic functions is small enough not to significantly impact real-time mobile transactions and that there is no obstacle to the use of quite sophisticated cryptographic protocols on handheld mobile devices....
[...]
...Therefore, S/MIME can be utilized as the security solution for any communication protocol that uses the store-and-forward delivery architecture of electronic mail....
[...]
452 citations
"Performance analysis of cryptograph..." refers methods in this paper
...The hardware Proceedings of the Third IEEE International Symposium on Network Computing and Applications (NCA’04) 0-7695-2242-4/04 $ 20.00 IEEE platform we use is the HP (Compaq) iPAQ H3630 [6] with a 206 MHz StrongARM processor and 32MB RAM (16MB ROM), running the Windows CE Pocket PC 2002 [7]…...
[...]
...In order to investigate the overhead of SSL in both the handshake procedure and in bulk data transfer we employed a scenario of a simple file transmission of 1 MB (1,048,576 bytes) between two handheld devices....
[...]
Related Papers (5)
Frequently Asked Questions (2)
Q2. What are the future works mentioned in the paper "Performance analysis of cryptographic protocols on handheld devices" ?
Their plans for future work on the subject involve the investigation of other handheld devices, like the Microsoft Smartphone, as well as other operating systems. The authors also plan to analyze the overall performance of different IPsec implementations and determine the exact introduced overhead. The authors believe that currently available handheld devices can form the foundation of secure ubiquitous computing environments since they can facilitate the use of strong cryptographic functions.