Abstract
Recently, we have witnessed an upward trend in adopting the Transport Layer Security version 1.3 (TLS 1.3) to numerous applications (Google Cloud [25], Microsoft software products [20], CloudFlare [27]). Although TLS 1.3 provides higher efficiency than the previous versions of TLS, its handshake protocol still requires the server to send its certificate to the client which consumes a significant amount of network bandwidth. Moreover, the client becomes idle while it is waiting for the certificate to arrive. This latency is one of the causes of the TLS handshake delay. Adequate adoption of edge computing can increase the efficiency of traditional server client architectures. In this paper, we envision a new paradigm to adopt edge computing into TLS to improve the efficiency of session establishment. Our new architecture will motivate researchers to consider the edge in improving the TLS protocol in the future. TLS-EC (TLS with Edge Computing) protocol improves the TLS 1.3 handshake efficiency by reducing server-side certificate transmission overhead and network latency between server and client through edge computing. We also present the implementation of TLS-EC, which shows a reduction in both the handshake time and the bandwidth consumption between the server and the client during the TLS handshake. In particular, our experiments indicate that bandwidth consumption can be reduced by 33% and 49%, respectively, for ECDSA and RSA-based certificates with 128-bit security level compared to TLS 1.3 full handshake.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Our TLS-EC protocol may not be used if Encrypted Server Name Indication [21] and Encrypted ClientHello are employed to prevent leaking private information about the connection. However, these two works are under discussion, and how they will actually work has yet to be determined. Therefore, we are not going to discuss this issue in this paper. Our work in this paper can serve as a stepping stone to construct a protocol that improves the efficiency of TLS 1.3 by applying edge computing to the standardization when these two works are standardized in the future.
References
Barker, E.: Nist special publication 800-57 part 1, revision 5. NIST, Technical report (2020). https://doi.org/10.6028/NIST.SP.800-57pt1r5, https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final
Benjamin, D.: Boringssl (2016). https://boringssl.googlesource.com/boringssl/
Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 483–502. IEEE (2017). https://doi.org/10.1109/SP.2017.26
Blanchet, B.: Composition theorems for CryptoVerif and application to TLS 1.3. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 16–30. IEEE (2018). https://doi.org/10.1109/CSF.2018.00009
Blanchet, B., Smyth, B., Cheval, V., Sylvestre, M.: ProVerif 2.00: automatic cryptographic protocol verifier, user manual and tutorial (2018), originally appeared as Bruno Blanchet and Ben Smyth (2011) ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial
Brendel, J., Fischlin, M., Günther, F.: Breakdown resilience of key exchange protocols: NewHope, TLS 1.3, and hybrids. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11736, pp. 521–541. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_25
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: RFC 5280: internet x. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. Internet Engineering Task Force (IETF) (2008)
Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1773–1788 (2017). https://doi.org/10.1145/3133956.3134063
Cremers, C., Horvat, M., Scott, S., van der Merwe, T.: Automated analysis and verification of TLS 1.3: 0-RTT, resumption and delayed authentication. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 470–485. IEEE (2016). https://doi.org/10.1109/SP.2016.35
Cui, J., Wei, L., Zhang, J., Xu, Y., Zhong, H.: An efficient message-authentication scheme based on edge computing for vehicular ad hoc networks. IEEE Trans. Intell. Transp. Syst. 20(5), 1621–1632 (2018). https://doi.org/10.1109/TITS.2018.2827460
Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 1197–1210 (2015). https://doi.org/10.1145/2810103.2813653
Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R.: Automated unbounded verification of stateful cryptographic protocols with exclusive or. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 359–373. IEEE (2018). https://doi.org/10.1109/CSF.2018.00033
Drucker, N., Gueron, S.: Selfie: reflections on TLS 1.3 with PSK. J. Cryptol. 34(3), 1–18 (2021). https://doi.org/10.1007/s00145-021-09387-y
Evans, C., Palmer, C., Sleevi, R.: RFC 7469: public key pinning extension for http. Internet Engineering Task Force (IETF) (2015)
Hiller, J., Henze, M., Zimmermann, T., Hohlfeld, O., Wehrle, K.: The case for session sharing: relieving clients from TLS handshake overheads. In: 2019 IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium), pp. 83–91. IEEE (2019). https://doi.org/10.1109/LCNSymposium47956.2019.9000667
Holz, R., et al.: Tracking the deployment of TLS 1.3 on the web: a story of experimentation and centralization. ACM SIGCOMM Comput. Commun. Rev. 50(3), 3–15 (2020). https://doi.org/10.1145/3411740.3411742
Kim, J., Camtepe, S., Susilo, W., Nepal, S., Baek, J.: Identity-based broadcast encryption with outsourced partial decryption for hybrid security models in edge computing. In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 55–66 (2019). https://doi.org/10.1145/3321705.3329825
Laurie, B., Langley, A., Kasper, E.: RFC 6962: certificate transparency. Internet Engineering Task Force (IETF) (2013)
Li, P., Su, J., Wang, X.: iTLS: lightweight transport-layer security protocol for IoT with minimal latency and perfect forward secrecy. IEEE Internet Things J. 7(8), 6828–6841 (2020). https://doi.org/10.1109/JIOT.2020.2988126
Mackie, K.: Microsoft updates its TLS 1.3 support plans in windows, office 365 and.net (2020). https://redmondmag.com/articles/2020/08/20/microsoft-tls-1-3-support-plans.aspx
Rescorla, E., Oku, K., Sullivan, N., Wood, C.A.: Encrypted server name indication for TLS 1.3. IETF draft (2019). https://tools.ietf.org/html/draft-ietf-tls-esni-02. Accessed 14 Dec 2018
Rescorla, E., et al.: RFC 8446: the transport layer security (TLS) protocol version 1.3. Internet Engineering Task Force (IETF) (2018)
Santessona, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: RFC 6960: X. 509 internet public key infrastructure online certificate status protocol-OCSP. Internet Engineering Task Force (IETF) (2013)
Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Post-quantum authentication in TLS 1.3: a performance study. In: Network and Distributed Systems Security (NDSS) Symposium (2020). https://doi.org/10.14722/ndss.2020.24203
Silverlock, M., Redner, G.: Bringing modern transport security to google cloud with TLS 1.3 (2020). https://cloud.google.com/blog/products/networking/tls-1-3-is-now-on-by-default-for-google-cloud-services
Stebila, D., Sullivan, N.: An analysis of TLS handshake proxying. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 279–286. IEEE (2015). https://doi.org/10.1109/Trustcom.2015.385
Sullivan, N.: Introducing TLS 1.3 (2016). https://blog.cloudflare.com/introducing-tls-1-3
Toradmalle, D., Singh, R., Shastri, H., Naik, N., Panchidi, V.: Prominence of ECDSA over RSA digital signature algorithm. In: 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC) I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), pp. 253–257. IEEE (2018). https://doi.org/10.1109/I-SMAC.2018.8653689
Xiao, C., Zhang, L., Liu, W., Bergmann, N., Xie, Y.: Energy-efficient crypto acceleration with HW/SW co-design for HTTPS. Futur. Gener. Comput. Syst. 96, 336–347 (2019). https://doi.org/10.1016/j.future.2019.02.023
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this paper
Cite this paper
Kim, I., Susilo, W., Baek, J., Kim, J., Chow, YW. (2023). TLS Goes Low Cost: When TLS Meets Edge. In: You, I., Youn, TY. (eds) Information Security Applications. WISA 2022. Lecture Notes in Computer Science, vol 13720. Springer, Cham. https://doi.org/10.1007/978-3-031-25659-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-25659-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25658-5
Online ISBN: 978-3-031-25659-2
eBook Packages: Computer ScienceComputer Science (R0)