Transport Layer Security (TLS) is widely used in Secure Internet communication, especially for securing Web / HTTP traffic. TLS is a replacement for the Secure Sockets Layer (SSL) protocol, which provides similar protections. TLS provides cryptographic services to application traffic payloads in the form of data authenticity and optionally data confidentiality. Each pairwise (P2P) secure session maintains independent cryptographic state for that session, which can aggregate to a large amount of state held on TLS terminators / servers, when millions of TLS connections are terminating at the same destination or domain (e.g. ecommerce / banks / eBay /etc.). Furthermore because TLS operates at the application layer, all cryptographic operations are performed on large application buffers, which require reassembly of all network packet fragments before operating on that buffer. This results in the need to provision expensive TLS aggregators at the front of each domain providing secure web communications and the solution does not scale well with increase in demand.
In this video, researchers from Intel Labs demonstrate a novel approach for providing a cryptographic scale free TLS solution, which can scale with increase demand. This is achieved by using a cryptographic key derivation technique, where using a ‘master key’ and some identifiers located in the packet, we can dynamically compute unique session keys on a per packet basis, instead of storing individual session keys for each and every session. The technique essentially trades compute for storage, thus allowing a larger number of TLS connections to be supported to a given server / domain. Furthermore, by providing the cryptographic operations on a per-network-packet basis (instead of operating on application payload buffers), it allows early validation of data integrity, allowing bad packets to be rejected without having to wait until the application buffer is reconstructed and applying the crypto operations / buffer validation at a later stage of the network pipeline.
Recent Comments
- scott skillman on Reinventing DRAM with the Hybrid Memory Cube
- Stephan Herhut on Building a Computing Highway for Web Applications
- MySchizoBuddy on Building a Computing Highway for Web Applications
- Hadar on Building a Computing Highway for Web Applications
- JD on Reinventing DRAM with the Hybrid Memory Cube
Categories
Tags
#IntelR&Dday
80-core
@idf08
Cloud Computing
Ct
CTO
DARPA Urban Challenge
energy efficient
Future Lab
Future Lab Radio
IDF
IDF2008
IDF 2010
Immersive Connected Experiences
innovation
Intel
Intel Labs
Intel Labs Europe
Intel Research
ISSCC
Justin Rattner
many core
MID
mobility
multi-core
parallel computing
parallel programming
programming models
radio
Rattner
ray tracing
research
Research@Intel
Research At Intel Day
Robotics
security
silicon photonics
software development
Stanford
technology
terascale
virtual worlds
Wi-Fi
WiMAX
wireless
The prospect of TLS is huge but the crypography is for how many bits ?