• DocumentCode
    2564524
  • Title

    Accelerating application-level security protocols

  • Author

    Burnside, Matthew ; Keromytis, Angelos D.

  • Author_Institution
    Dept. of Comput. Sci., Columbia Univ., MD, USA
  • fYear
    2003
  • fDate
    28 Sept.-1 Oct. 2003
  • Firstpage
    313
  • Lastpage
    318
  • Abstract
    We present a minimal extension to the BSD socket layer that can improve the performance of application-level security protocols, such as SSH or SSL/TLS, by 10%, when hardware cryptographic accelerators are available in the system. Applications specify what cryptographic transforms must be applied to incoming and outgoing data frames, and such processing is applied by the operating system itself (exploiting hardware accelerators) when the application sends or receives data. Under this scheme, we can reduce the number of system calls and context switches by 50%, and the amount of data copying by 66%. We describe our prototype implementation for the openBSD system and quantify its performance implications. We conclude with a discussion of further possible performance improvements that our approach enables.
  • Keywords
    cryptography; operating system kernels; protocols; telecommunication security; telecommunication switching; application-level security protocols; cryptographic transforms; data frames; hardware cryptographic accelerators; operating system; socket layer; system calls switch; system context switch; Acceleration; Computer science; Costs; Cryptographic protocols; Hardware; Kernel; Operating systems; Public key; Public key cryptography; Sockets;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Networks, 2003. ICON2003. The 11th IEEE International Conference on
  • ISSN
    1531-2216
  • Print_ISBN
    0-7803-7788-5
  • Type

    conf

  • DOI
    10.1109/ICON.2003.1266209
  • Filename
    1266209
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2564524