Top

Published in:

2023 | OriginalPaper | Chapter

TLS Goes Low Cost: When TLS Meets Edge

Authors : Intae Kim, Willy Susilo, Joonsang Baek, Jongkil Kim, Yang-Wai Chow

Published in: Information Security Applications

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Recently, we have witnessed an upward trend in adopting the Transport Layer Security version 1.3 (TLS 1.3) to numerous applications (Google Cloud [25], Microsoft software products [20], CloudFlare [27]). Although TLS 1.3 provides higher efficiency than the previous versions of TLS, its handshake protocol still requires the server to send its certificate to the client which consumes a significant amount of network bandwidth. Moreover, the client becomes idle while it is waiting for the certificate to arrive. This latency is one of the causes of the TLS handshake delay. Adequate adoption of edge computing can increase the efficiency of traditional server client architectures. In this paper, we envision a new paradigm to adopt edge computing into TLS to improve the efficiency of session establishment. Our new architecture will motivate researchers to consider the edge in improving the TLS protocol in the future. TLS-EC (TLS with Edge Computing) protocol improves the TLS 1.3 handshake efficiency by reducing server-side certificate transmission overhead and network latency between server and client through edge computing. We also present the implementation of TLS-EC, which shows a reduction in both the handshake time and the bandwidth consumption between the server and the client during the TLS handshake. In particular, our experiments indicate that bandwidth consumption can be reduced by 33% and 49%, respectively, for ECDSA and RSA-based certificates with 128-bit security level compared to TLS 1.3 full handshake.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Software-Defined Network Based Secure Internet-Enabled Video Surveillance System

next chapter 5G-AKA, Revisited

Our TLS-EC protocol may not be used if Encrypted Server Name Indication [21] and Encrypted ClientHello are employed to prevent leaking private information about the connection. However, these two works are under discussion, and how they will actually work has yet to be determined. Therefore, we are not going to discuss this issue in this paper. Our work in this paper can serve as a stepping stone to construct a protocol that improves the efficiency of TLS 1.3 by applying edge computing to the standardization when these two works are standardized in the future.

Barker, E.: Nist special publication 800-57 part 1, revision 5. NIST, Technical report (2020). https://doi.org/10.6028/NIST.SP.800-57pt1r5, https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final

Benjamin, D.: Boringssl (2016). https://boringssl.googlesource.com/boringssl/

Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 483–502. IEEE (2017). https://doi.org/10.1109/SP.2017.26

Blanchet, B.: Composition theorems for CryptoVerif and application to TLS 1.3. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 16–30. IEEE (2018). https://doi.org/10.1109/CSF.2018.00009

Blanchet, B., Smyth, B., Cheval, V., Sylvestre, M.: ProVerif 2.00: automatic cryptographic protocol verifier, user manual and tutorial (2018), originally appeared as Bruno Blanchet and Ben Smyth (2011) ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial

Brendel, J., Fischlin, M., Günther, F.: Breakdown resilience of key exchange protocols: NewHope, TLS 1.3, and hybrids. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11736, pp. 521–541. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_25CrossRef

Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: RFC 5280: internet x. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. Internet Engineering Task Force (IETF) (2008)

Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1773–1788 (2017). https://doi.org/10.1145/3133956.3134063

Cremers, C., Horvat, M., Scott, S., van der Merwe, T.: Automated analysis and verification of TLS 1.3: 0-RTT, resumption and delayed authentication. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 470–485. IEEE (2016). https://doi.org/10.1109/SP.2016.35

10.

Cui, J., Wei, L., Zhang, J., Xu, Y., Zhong, H.: An efficient message-authentication scheme based on edge computing for vehicular ad hoc networks. IEEE Trans. Intell. Transp. Syst. 20(5), 1621–1632 (2018). https://doi.org/10.1109/TITS.2018.2827460CrossRef

11.

Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 1197–1210 (2015). https://doi.org/10.1145/2810103.2813653

12.

Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R.: Automated unbounded verification of stateful cryptographic protocols with exclusive or. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 359–373. IEEE (2018). https://doi.org/10.1109/CSF.2018.00033

13.

Drucker, N., Gueron, S.: Selfie: reflections on TLS 1.3 with PSK. J. Cryptol. 34(3), 1–18 (2021). https://doi.org/10.1007/s00145-021-09387-yMathSciNetCrossRef

14.

Evans, C., Palmer, C., Sleevi, R.: RFC 7469: public key pinning extension for http. Internet Engineering Task Force (IETF) (2015)

15.

Hiller, J., Henze, M., Zimmermann, T., Hohlfeld, O., Wehrle, K.: The case for session sharing: relieving clients from TLS handshake overheads. In: 2019 IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), pp. 83–91. IEEE (2019). https://doi.org/10.1109/LCNSymposium47956.2019.9000667

16.

Holz, R., et al.: Tracking the deployment of TLS 1.3 on the web: a story of experimentation and centralization. ACM SIGCOMM Comput. Commun. Rev. 50(3), 3–15 (2020). https://doi.org/10.1145/3411740.3411742CrossRef

17.

Kim, J., Camtepe, S., Susilo, W., Nepal, S., Baek, J.: Identity-based broadcast encryption with outsourced partial decryption for hybrid security models in edge computing. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 55–66 (2019). https://doi.org/10.1145/3321705.3329825

18.

Laurie, B., Langley, A., Kasper, E.: RFC 6962: certificate transparency. Internet Engineering Task Force (IETF) (2013)

19.

Li, P., Su, J., Wang, X.: iTLS: lightweight transport-layer security protocol for IoT with minimal latency and perfect forward secrecy. IEEE Internet Things J. 7(8), 6828–6841 (2020). https://doi.org/10.1109/JIOT.2020.2988126CrossRef

20.

Mackie, K.: Microsoft updates its TLS 1.3 support plans in windows, office 365 and.net (2020). https://redmondmag.com/articles/2020/08/20/microsoft-tls-1-3-support-plans.aspx

21.

Rescorla, E., Oku, K., Sullivan, N., Wood, C.A.: Encrypted server name indication for TLS 1.3. IETF draft (2019). https://tools.ietf.org/html/draft-ietf-tls-esni-02. Accessed 14 Dec 2018

22.

Rescorla, E., et al.: RFC 8446: the transport layer security (TLS) protocol version 1.3. Internet Engineering Task Force (IETF) (2018)

23.

Santessona, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: RFC 6960: X. 509 internet public key infrastructure online certificate status protocol-OCSP. Internet Engineering Task Force (IETF) (2013)

24.

Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Post-quantum authentication in TLS 1.3: a performance study. In: Network and Distributed Systems Security (NDSS) Symposium (2020). https://doi.org/10.14722/ndss.2020.24203

25.

Silverlock, M., Redner, G.: Bringing modern transport security to google cloud with TLS 1.3 (2020). https://cloud.google.com/blog/products/networking/tls-1-3-is-now-on-by-default-for-google-cloud-services

26.

Stebila, D., Sullivan, N.: An analysis of TLS handshake proxying. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 279–286. IEEE (2015). https://doi.org/10.1109/Trustcom.2015.385

27.

Sullivan, N.: Introducing TLS 1.3 (2016). https://blog.cloudflare.com/introducing-tls-1-3

28.

Toradmalle, D., Singh, R., Shastri, H., Naik, N., Panchidi, V.: Prominence of ECDSA over RSA digital signature algorithm. In: 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC) I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), pp. 253–257. IEEE (2018). https://doi.org/10.1109/I-SMAC.2018.8653689

29.

Xiao, C., Zhang, L., Liu, W., Bergmann, N., Xie, Y.: Energy-efficient crypto acceleration with HW/SW co-design for HTTPS. Futur. Gener. Comput. Syst. 96, 336–347 (2019). https://doi.org/10.1016/j.future.2019.02.023CrossRef

Title: TLS Goes Low Cost: When TLS Meets Edge
Authors: Intae Kim
Willy Susilo
Joonsang Baek
Jongkil Kim
Yang-Wai Chow
Publisher: Springer Nature Switzerland
Book: Information Security Applications
Print ISBN: 978-3-031-25658-5

Electronic ISBN: 978-3-031-25659-2

Copyright Year: 2023
DOI: https://doi.org/10.1007/978-3-031-25659-2_8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner