Skip to main content
Springer Nature Link
Log in

Performance and Security Aspects of Client-Side SSL/TLS Processing on Mobile Devices

  • Conference paper
Cryptology and Network Security (CANS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6467))

Included in the following conference series:

Abstract

The SSL/TLS protocol is the de-facto standard for secure Internet communications, and supported by virtually all modern e-mail clients and Web browsers. With more and more PDAs and cell phones providing wireless e-mail and Web access, there is an increasing demand for establishing secure SSL/TLS connections on devices that are relatively constrained in terms of computational resources. In addition, the cryptographic primitives executed on the client side need to be protected against side-channel analysis since, for example, an attacker may be able to monitor electromagnetic emanations from a mobile device. Using an RSA-based cipher suite has the advantage that all modular exponentiations on the client side are carried out with public exponents, which is uncritical regarding performance and side-channel leakage. However, the current migration to AES-equivalent security levels makes a good case for using an Elliptic Curve Cryptography (ECC)-based cipher suite. We show in this paper that, for high security levels, ECC-based cipher suites outperform their RSA counterparts on the client side, even though they require the integration of diverse countermeasures against side-channel attacks. Furthermore, we propose a new countermeasure to protect the symmetric encryption of messages (i.e. “bulk data”) against Differential Power Analysis (DPA) attacks. This new countermeasure, which we call Inter-Block Shuffling (IBS), is based on an “interleaved” encryption of a number of data blocks using a non-feedback mode of operation (such as counter mode), and randomizes the order in which the individual rounds of the individual blocks are executed. Our experimental results indicate that IBS is a viable countermeasure as it provides good DPA-protection at the expense of a slight degradation in performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Atasu, K., Breveglieri, L., Macchetti, M.: Efficient AES implementations for ARM based platforms. In: Proceedings of the 19th ACM Symposium on Applied Computing (SAC 2004), pp. 841–845. ACM Press, New York (2004)

    Google Scholar 

  2. Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)

    Book  MATH  Google Scholar 

  3. Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., Möller, B.: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). Internet Engineering Task Force, Network Working Group, RFC 4492 (May 2006)

    Google Scholar 

  4. Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic methods in side-channel collision attacks and practical collision detection. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 251–265. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  5. Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  6. Dierks, T., Rescorla, E.K.: The transport layer security (TLS) protocol version 1.2. Internet Engineering Task Force, Network Working Group, RFC 5246 (August 2008)

    Google Scholar 

  7. Dworkin, M.: Recommendation for block cipher modes of operation: Galois/Counter mode and GMAC. NIST Special Publication 800-38D (November 2007), http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf

  8. Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol Version 3.0. Internet Draft (November 1996), http://wp.netscape.com/eng/ssl3/draft302.txt

  9. Gebotys, C.H., Ho, S.C., Tiu, C.C.: EM analysis of Rijndael and ECC on a wireless Java-based PDA. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 250–264. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Guajardo, J., Mennink, B.: Towards side-channel resistant block cipher usage or can we encrypt without side-channel countermeasures? Cryptology ePrint Archive, Report 2010/015 (2010), http://eprint.iacr.org/

  11. Gupta, V., Gupta, S., Chang Shantz, S., Stebila, D.: Performance analysis of elliptic curve cryptography for SSL. In: Proceedings of the 3rd ACM Workshop on Wireless Security (WiSe 2002), pp. 87–94. ACM Press, New York (2002)

    Chapter  Google Scholar 

  12. Gupta, V., Stebila, D., Fung, S., Chang Shantz, S., Gura, N., Eberle, H.: Speeding up secure Web transactions using elliptic curve cryptography. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS 2004), pp. 231–239. Internet Society, San Diego (2004)

    Google Scholar 

  13. Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)

    MATH  Google Scholar 

  14. Hanley, N., Tunstall, M., Marnane, W.P.: Unknown plaintext template attacks. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 148–162. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Herbst, C., Oswald, E., Mangard, S.: An AES smart card implementation resistant to power analysis attacks. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 239–252. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  16. Jaffe, J.: A first-order DPA attack against AES in counter mode with unknown initial counter. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 1–13. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Karatsuba, A.A., Ofman, Y.P.: Multiplication of multidigit numbers on automata. Soviet Physics - Doklady 7(7), 595–596 (1963)

    Google Scholar 

  18. Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  19. Kaufman, C., Perlman, R., Speciner, M.: Network Security: Private Communication in a Public World. Prentice Hall, Englewood Cliffs (2002)

    Google Scholar 

  20. Knuth, D.E.: Seminumerical Algorithms, 3rd edn. The Art of Computer Programming, vol. 2. Addison-Wesley, Reading (1998)

    MATH  Google Scholar 

  21. Koç, Ç.K., Acar, T., Kaliski, B.S.: Analyzing and comparing Montgomery multiplication algorithms. IEEE Micro. 16(3), 26–33 (1996)

    Article  Google Scholar 

  22. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  23. Koschuch, M., Großschädl, J., Payer, U., Hudler, M., Krüger, M.: Workload characterization of a lightweight SSL implementation resistant to side-channel attacks. In: Franklin, M.K., Hui, L.C., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 349–365. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  24. Mangard, S.: Hardware countermeasures against DPA – A statistical analysis of their effectiveness. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 222–235. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  25. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  26. Marsaglia, G.: Xorshift RNGs. Journal of Statistical Software 8(14), 1–6 (2003)

    Article  Google Scholar 

  27. McEvoy, R., Tunstall, M., Murphy, C.C., Marnane, W.P.: Differential power analysis of HMAC based on SHA-2, and countermeasures. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 317–332. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  28. McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  29. Meynard, O., Guilley, S., Danger, J.-L., Sauvage, L.: Far correlation-based EMA with a precharacterized leakage model. In: Proceedings of the 13th Conference on Design, Automation and Test in Europe (DATE 2010), pp. 977–980. IEEE Computer Society Press, Los Alamitos (2010)

    Google Scholar 

  30. Mills, E.: Leaking crypto keys from mobile devices. CNET News (October 2009), http://news.cnet.com/8301-27080_3-10379115-245.html

  31. Modadugu, N., Rescorla, E.K.: AES Counter Mode Cipher Suites for TLS and DTLS. Internet draft (June 2006), http://tools.ietf.org/pdf/draft-ietf-tls-ctr-01.pdf

  32. National Institute of Standards and Technology (NIST). Recommendation for Key Management – Part 1: General (Revised). Special Publication 800-57 (March 2007), http://csrc.nist.gov/publications/PubsSPs.html

  33. OpenSSL Project. OpenSSL 0.9.7k (September 2006), http://www.openssl.org

  34. PeerSec Networks, Inc. MatrixSSL 1.7.1 (September 2005), http://www.matrixssl.org

  35. Rivain, M., Prouff, E., Doget, J.: Higher-order masking and shuffling for software implementations of block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 171–188. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  36. Salowey, J.A., Choudhury, A.K., McGrew, D.A.: AES Galois Counter Mode (GCM) Cipher Suites for TLS. Internet Engineering Task Force, Network Working Group, RFC 5288 (August 2008)

    Google Scholar 

  37. Thomas, S.A.: SSL and TLS Essentials: Securing the Web. John Wiley & Sons, Inc., Chichester (2000)

    Google Scholar 

  38. Tillich, S., Herbst, C.: Attacking state-of-the-art software countermeasures – A case study for AES. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 228–243. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  39. Tillich, S., Herbst, C., Mangard, S.: Protecting AES software implementations on 32-bit platforms against power analysis. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 141–157. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  40. Tirtea, R., Deconinck, G.: Specifications overview for counter mode of operation. Security aspects in case of faults. In: Proceedings of the 12th IEEE Mediterranean Electrotechnical Conference (MELECON 2004), vol. 2, pp. 769–773. IEEE, Los Alamitos (2004)

    Google Scholar 

  41. VeriSign, Inc. Secure Wireless E-Commerce with PKI from VeriSign. White paper (January 2000), https://www.verisign.com/server/rsc/wp/wap/index.html

  42. Zhang, M., Carroll, C., Chan, A.: The software-oriented stream cipher SSC2. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 31–48. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory of Algorithmics, Cryptology and Security (LACS), University of Luxembourg, 6, rue Richard Coudenhove-Kalergi, L–1359, Luxembourg, Luxembourg

    Johann Großschädl & Ilya Kizhvatov

Authors
  1. Johann Großschädl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ilya Kizhvatov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Information Science and Technology, Multimedia University, Jalan Ayer Keroh Lama, 75450, Melaka, Malaysia

    Swee-Huay Heng

  2. Department of Computer Science, Rutgers University, 96 Frelinghuysen Road, 08854, Piscataway, NJ, USA

    Rebecca N. Wright

  3. Faculty of Engineering and Science, Universiti Tunku Abdul Rahman, Kuala Lumpur Campus, Jalan Genting Klang, 53300, Kuala Lumpur, Malaysia

    Bok-Min Goi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Großschädl, J., Kizhvatov, I. (2010). Performance and Security Aspects of Client-Side SSL/TLS Processing on Mobile Devices. In: Heng, SH., Wright, R.N., Goi, BM. (eds) Cryptology and Network Security. CANS 2010. Lecture Notes in Computer Science, vol 6467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17619-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17619-7_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17618-0

  • Online ISBN: 978-3-642-17619-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics