Transport Layer Security (TLS) is widely used in Secure Internet communication, especially for securing Web / HTTP traffic. TLS is a replacement for the Secure Sockets Layer (SSL) protocol, which provides similar protections. TLS provides cryptographic services to application traffic payloads in the form of data authenticity and optionally data confidentiality. Each pairwise (P2P) secure session maintains independent cryptographic state for that session, which can aggregate to a large amount of state held on TLS terminators / servers, when millions of TLS connections are terminating at the same destination or domain (e.g. ecommerce / banks / eBay /etc.). Furthermore because TLS operates at the application layer, all cryptographic operations are performed on large application buffers, which require reassembly of all network packet fragments before operating on that buffer. This results in the need to provision expensive TLS aggregators at the front of each domain providing secure web communications and the solution does not scale well with increase in demand.In this video, researchers from Intel Labs demonstrate a novel approach for providing a cryptographic scale free TLS solution, which can scale with increase demand. This is achieved by using a cryptographic key derivation technique, where using a ‘master key’ and some identifiers located in the packet, we can dynamically compute unique session keys on a per packet basis, instead of storing individual session keys for each and every session. The technique essentially trades compute for storage, thus allowing a larger number of TLS connections to be supported to a given server / domain. Furthermore, by providing the cryptographic operations on a per-network-packet basis (instead of operating on application payload buffers), it allows early validation of data integrity, allowing bad packets to be rejected without having to wait until the application buffer is reconstructed and applying the crypto operations / buffer validation at a later stage of the network pipeline.
Connect With Us
- nhat phat on How do you package ‘must-have’ security in the Internet of Things world?
- fille infidele on How do you package ‘must-have’ security in the Internet of Things world?
- Divya Kolar on Face Age Progression: Technology that can help bring missing children home
- Edilizia popolare on Face Age Progression: Technology that can help bring missing children home
- Divya Kolar on Intel Labs at Intel Developer Forum 2014
- Big Data
- Connected Car
- Context Aware
- Data Society
- Energy Efficiency
- High Performance Computing
- Intel Labs
- Intel Labs Europe
- People & Practices Research
- Research Day
- Social Computing
- US Innovation
Tags#IntelR&Dday @idf08 Big Data circuits Cloud Computing Ct CTO energy efficient Future Lab Future Lab Radio HPC IDF IDF2008 IDF 2010 Immersive Connected Experiences innovation Intel Intel Labs Intel Labs Europe Intel Research ISSCC Justin Rattner many core microprocessor mobility multi-core parallel computing parallel programming radio Rattner ray tracing research Research@Intel Research At Intel Day Robotics security silicon photonics software development Stanford technology terascale virtual worlds Wi-Fi WiMAX wireless