2010 | OriginalPaper | Chapter
Performance and Security Aspects of Client-Side SSL/TLS Processing on Mobile Devices
Authors : Johann Großschädl, Ilya Kizhvatov
Published in: Cryptology and Network Security
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
The SSL/TLS protocol is the de-facto standard for secure Internet communications, and supported by virtually all modern e-mail clients and Web browsers. With more and more PDAs and cell phones providing wireless e-mail and Web access, there is an increasing demand for establishing secure SSL/TLS connections on devices that are relatively constrained in terms of computational resources. In addition, the cryptographic primitives executed on the client side need to be protected against side-channel analysis since, for example, an attacker may be able to monitor electromagnetic emanations from a mobile device. Using an RSA-based cipher suite has the advantage that all modular exponentiations on the client side are carried out with public exponents, which is uncritical regarding performance and side-channel leakage. However, the current migration to AES-equivalent security levels makes a good case for using an Elliptic Curve Cryptography (ECC)-based cipher suite. We show in this paper that, for high security levels, ECC-based cipher suites outperform their RSA counterparts on the client side, even though they require the integration of diverse countermeasures against side-channel attacks. Furthermore, we propose a new countermeasure to protect the symmetric encryption of messages (i.e. “bulk data”) against Differential Power Analysis (DPA) attacks. This new countermeasure, which we call
Inter-Block Shuffling (IBS)
, is based on an “interleaved” encryption of a number of data blocks using a non-feedback mode of operation (such as counter mode), and randomizes the order in which the individual rounds of the individual blocks are executed. Our experimental results indicate that IBS is a viable countermeasure as it provides good DPA-protection at the expense of a slight degradation in performance.