Skip to main content
SpringerLink
Log in

TLS Goes Low Cost: When TLS Meets Edge

  • Conference paper
  • First Online:
Information Security Applications (WISA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13720))

Included in the following conference series:

  • 437 Accesses

Abstract

Recently, we have witnessed an upward trend in adopting the Transport Layer Security version 1.3 (TLS 1.3) to numerous applications (Google Cloud [25], Microsoft software products [20], CloudFlare [27]). Although TLS 1.3 provides higher efficiency than the previous versions of TLS, its handshake protocol still requires the server to send its certificate to the client which consumes a significant amount of network bandwidth. Moreover, the client becomes idle while it is waiting for the certificate to arrive. This latency is one of the causes of the TLS handshake delay. Adequate adoption of edge computing can increase the efficiency of traditional server client architectures. In this paper, we envision a new paradigm to adopt edge computing into TLS to improve the efficiency of session establishment. Our new architecture will motivate researchers to consider the edge in improving the TLS protocol in the future. TLS-EC (TLS with Edge Computing) protocol improves the TLS 1.3 handshake efficiency by reducing server-side certificate transmission overhead and network latency between server and client through edge computing. We also present the implementation of TLS-EC, which shows a reduction in both the handshake time and the bandwidth consumption between the server and the client during the TLS handshake. In particular, our experiments indicate that bandwidth consumption can be reduced by 33% and 49%, respectively, for ECDSA and RSA-based certificates with 128-bit security level compared to TLS 1.3 full handshake.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Our TLS-EC protocol may not be used if Encrypted Server Name Indication [21] and Encrypted ClientHello are employed to prevent leaking private information about the connection. However, these two works are under discussion, and how they will actually work has yet to be determined. Therefore, we are not going to discuss this issue in this paper. Our work in this paper can serve as a stepping stone to construct a protocol that improves the efficiency of TLS 1.3 by applying edge computing to the standardization when these two works are standardized in the future.

References

  1. Barker, E.: Nist special publication 800-57 part 1, revision 5. NIST, Technical report (2020). https://doi.org/10.6028/NIST.SP.800-57pt1r5, https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final

  2. Benjamin, D.: Boringssl (2016). https://boringssl.googlesource.com/boringssl/

  3. Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 483–502. IEEE (2017). https://doi.org/10.1109/SP.2017.26

  4. Blanchet, B.: Composition theorems for CryptoVerif and application to TLS 1.3. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 16–30. IEEE (2018). https://doi.org/10.1109/CSF.2018.00009

  5. Blanchet, B., Smyth, B., Cheval, V., Sylvestre, M.: ProVerif 2.00: automatic cryptographic protocol verifier, user manual and tutorial (2018), originally appeared as Bruno Blanchet and Ben Smyth (2011) ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial

    Google Scholar 

  6. Brendel, J., Fischlin, M., Günther, F.: Breakdown resilience of key exchange protocols: NewHope, TLS 1.3, and hybrids. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11736, pp. 521–541. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_25

    Chapter  Google Scholar 

  7. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: RFC 5280: internet x. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. Internet Engineering Task Force (IETF) (2008)

    Google Scholar 

  8. Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1773–1788 (2017). https://doi.org/10.1145/3133956.3134063

  9. Cremers, C., Horvat, M., Scott, S., van der Merwe, T.: Automated analysis and verification of TLS 1.3: 0-RTT, resumption and delayed authentication. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 470–485. IEEE (2016). https://doi.org/10.1109/SP.2016.35

  10. Cui, J., Wei, L., Zhang, J., Xu, Y., Zhong, H.: An efficient message-authentication scheme based on edge computing for vehicular ad hoc networks. IEEE Trans. Intell. Transp. Syst. 20(5), 1621–1632 (2018). https://doi.org/10.1109/TITS.2018.2827460

    Article  Google Scholar 

  11. Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 1197–1210 (2015). https://doi.org/10.1145/2810103.2813653

  12. Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R.: Automated unbounded verification of stateful cryptographic protocols with exclusive or. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 359–373. IEEE (2018). https://doi.org/10.1109/CSF.2018.00033

  13. Drucker, N., Gueron, S.: Selfie: reflections on TLS 1.3 with PSK. J. Cryptol. 34(3), 1–18 (2021). https://doi.org/10.1007/s00145-021-09387-y

    Article  MathSciNet  Google Scholar 

  14. Evans, C., Palmer, C., Sleevi, R.: RFC 7469: public key pinning extension for http. Internet Engineering Task Force (IETF) (2015)

    Google Scholar 

  15. Hiller, J., Henze, M., Zimmermann, T., Hohlfeld, O., Wehrle, K.: The case for session sharing: relieving clients from TLS handshake overheads. In: 2019 IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), pp. 83–91. IEEE (2019). https://doi.org/10.1109/LCNSymposium47956.2019.9000667

  16. Holz, R., et al.: Tracking the deployment of TLS 1.3 on the web: a story of experimentation and centralization. ACM SIGCOMM Comput. Commun. Rev. 50(3), 3–15 (2020). https://doi.org/10.1145/3411740.3411742

    Article  Google Scholar 

  17. Kim, J., Camtepe, S., Susilo, W., Nepal, S., Baek, J.: Identity-based broadcast encryption with outsourced partial decryption for hybrid security models in edge computing. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 55–66 (2019). https://doi.org/10.1145/3321705.3329825

  18. Laurie, B., Langley, A., Kasper, E.: RFC 6962: certificate transparency. Internet Engineering Task Force (IETF) (2013)

    Google Scholar 

  19. Li, P., Su, J., Wang, X.: iTLS: lightweight transport-layer security protocol for IoT with minimal latency and perfect forward secrecy. IEEE Internet Things J. 7(8), 6828–6841 (2020). https://doi.org/10.1109/JIOT.2020.2988126

    Article  Google Scholar 

  20. Mackie, K.: Microsoft updates its TLS 1.3 support plans in windows, office 365 and.net (2020). https://redmondmag.com/articles/2020/08/20/microsoft-tls-1-3-support-plans.aspx

  21. Rescorla, E., Oku, K., Sullivan, N., Wood, C.A.: Encrypted server name indication for TLS 1.3. IETF draft (2019). https://tools.ietf.org/html/draft-ietf-tls-esni-02. Accessed 14 Dec 2018

  22. Rescorla, E., et al.: RFC 8446: the transport layer security (TLS) protocol version 1.3. Internet Engineering Task Force (IETF) (2018)

    Google Scholar 

  23. Santessona, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: RFC 6960: X. 509 internet public key infrastructure online certificate status protocol-OCSP. Internet Engineering Task Force (IETF) (2013)

    Google Scholar 

  24. Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Post-quantum authentication in TLS 1.3: a performance study. In: Network and Distributed Systems Security (NDSS) Symposium (2020). https://doi.org/10.14722/ndss.2020.24203

  25. Silverlock, M., Redner, G.: Bringing modern transport security to google cloud with TLS 1.3 (2020). https://cloud.google.com/blog/products/networking/tls-1-3-is-now-on-by-default-for-google-cloud-services

  26. Stebila, D., Sullivan, N.: An analysis of TLS handshake proxying. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 279–286. IEEE (2015). https://doi.org/10.1109/Trustcom.2015.385

  27. Sullivan, N.: Introducing TLS 1.3 (2016). https://blog.cloudflare.com/introducing-tls-1-3

  28. Toradmalle, D., Singh, R., Shastri, H., Naik, N., Panchidi, V.: Prominence of ECDSA over RSA digital signature algorithm. In: 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC) I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), pp. 253–257. IEEE (2018). https://doi.org/10.1109/I-SMAC.2018.8653689

  29. Xiao, C., Zhang, L., Liu, W., Bergmann, N., Xie, Y.: Energy-efficient crypto acceleration with HW/SW co-design for HTTPS. Futur. Gener. Comput. Syst. 96, 336–347 (2019). https://doi.org/10.1016/j.future.2019.02.023

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing and Information Technology, Institute of Cybersecurity and Cryptology, University of Wollongong, Wollongong, NSW, 2522, Australia

    Intae Kim, Willy Susilo, Joonsang Baek & Yang-Wai Chow

  2. Department of Cyber Security, Ewha Womans University, Seoul, 03760, Republic of Korea

    Jongkil Kim

Authors
  1. Intae Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Willy Susilo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joonsang Baek
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jongkil Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yang-Wai Chow
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Intae Kim .

Editor information

Editors and Affiliations

  1. Soonchunhyang University, Asan-Si, Korea (Republic of)

    Ilsun You

  2. Dankook University, Yongin, Korea (Republic of)

    Taek-Young Youn

Rights and permissions

Reprints and permissions

Copyright information

© 2023 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kim, I., Susilo, W., Baek, J., Kim, J., Chow, YW. (2023). TLS Goes Low Cost: When TLS Meets Edge. In: You, I., Youn, TY. (eds) Information Security Applications. WISA 2022. Lecture Notes in Computer Science, vol 13720. Springer, Cham. https://doi.org/10.1007/978-3-031-25659-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25659-2_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25658-5

  • Online ISBN: 978-3-031-25659-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation