ACM Digital Library home
ACM home
Advanced Search
10.1145/1851182.1851200acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article
Free Access

Encrypting the internet

Authors Info & Claims
SIGCOMM '10: Proceedings of the ACM SIGCOMM 2010 conferenceAugust 2010 Pages 135–146https://doi.org/10.1145/1851182.1851200
Online:30 August 2010Publication History
  • 31citation
  • 1,223
    • Downloads
Metrics
Total Citations31
Total Downloads1,223
Last 12 Months47
Last 6 weeks15

ABSTRACT

End-to-end communication encryption is considered necessary for protecting the privacy of user data in the Internet. Only a small fraction of all Internet traffic, however, is protected today. The primary reason for this neglect is economic, mainly security protocol speed and cost. In this paper we argue that recent advances in the implementation of cryptographic algorithms can make general purpose processors capable of encrypting packets at line rates. This implies that the Internet can be gradually transformed to an information delivery infrastructure where all traffic is encrypted and authenticated. We justify our claim by presenting technologies that accelerate end-to-end encryption and authentication by a factor of 6 and a high performance TLS 1.2 protocol implementation that takes advantage of these innovations. Our implementation is available in the public domain for experimentation.

References

  1. "Advanced Encryption Standard". Website. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.Google ScholarGoogle Scholar
  2. "Cisco WebVPN Services Module - Cryptographic Accelerator". Website, hardware.com. http://us.hardware.com/store/cisco/WS-SVC-WEBVPN-K9=/campaign/1-85819001.Google ScholarGoogle Scholar
  3. "Crypto++". Crypto++ Website. http://www.cryptopp.com.Google ScholarGoogle Scholar
  4. "Data-stealing Malware on the Rise, Solutions to Keep Businesses and Consumers Safe". Website. http://us.trendmicro.com/imperia/md/content/us/pdf/ threats/securitylibrary/data_stealing_malware_focus_ report_-_june_2009.pdf.Google ScholarGoogle Scholar
  5. The Galois/Counter Mode of Operation (GCM). Website, NIST. http://csrc.nist.gov/groups/ST/toolkit/BCM/ documents/proposedmodes/gcm/gcm-spec.pdf.Google ScholarGoogle Scholar
  6. "Intel AVX, Intel Software Network". Intel Website. http://software.intel.com/en-us/avx/.Google ScholarGoogle Scholar
  7. "Internet Passes 600,000 SSL Sites". Website, SSL Shopper. http://www.sslshopper.com/ article-internet-passes-600000-ssl-sites.html/.Google ScholarGoogle Scholar
  8. "OpenSSL Library". OpenSSL Website. http://www.openssl.org.Google ScholarGoogle Scholar
  9. "OProfile". OProfile Website. http://oprofile.sourceforge.net/news/.Google ScholarGoogle Scholar
  10. "PowerEdge Rack Servers". Website, dell.com. http://www.dell.com/us/en/gen/servers/rack_ optimized/cp.aspx?refid=rack_optimized&s=gen.Google ScholarGoogle Scholar
  11. "SSL Acceleration and Offloading: What Are the Security Implications?". Website, WindowSecurity.com. http://www.windowsecurity.com/articles/SSL-Acceleration-Offloading-Security-Implications.html.Google ScholarGoogle Scholar
  12. "SSL Decryption and Re-encryption". Website, zeus.com. http://www.zeus.com/products/traffic-manager/secure/ssl.html.Google ScholarGoogle Scholar
  13. "The Total Number of Web Sites on Earth". Website, Get Netted. http://www.wlug.net/the-total-number-of-websites-on-earth/.Google ScholarGoogle Scholar
  14. "TLS 1.2 Open Source Release". Website. http://www.mail-archive.com/[email protected]/msg27172.html.Google ScholarGoogle Scholar
  15. "Two Year Study of Global Internet Traffic, NANOG47". Website, Internet Society. http://isoc-dc.org/wordpress/?p=920.Google ScholarGoogle Scholar
  16. P. Barrett. "Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor". Masters Thesis, University of Oxford, UK, 1986.Google ScholarGoogle Scholar
  17. A. Bosselaers, R. Govaerts, and J. Vandewalle. "Comparison of Three Modular Reduction Functions". Proceedings, Advances in Cryptology (CRYPTO 1993), 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. D. Canright. "A Very Compact S-Box for AES". Proceedings, Workshop on Cryptographic Hardware and Embedded Systems (CHES 2005), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. A. J. Elbirt. "Fast and Efficient Implementation of AES via Instruction Set Extensions". Proceedings, 21st International Conference on Advanced Information Networking and Applications Workshops, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. N. Farrell. "google tightens Gmail security". Website, January 2010. http://www.theinquirer.net/inquirer/ news/1586138/google-tightens-gmail-security.Google ScholarGoogle Scholar
  21. M. Feldhofer, J. Wolkerstorfer, and V. Rijmen. "AES Implementation on a Grain of Sand". IEE Proceedings on Information Security, 2005.Google ScholarGoogle ScholarCross RefCross Ref
  22. D. Feldmeier. "Fast Software Implementation of Error Detection Codes". IEEE Transactions on Networking, pages 640--651, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. A. M. Fiskiran and R. B. Lee. "On Chip Lookup Tables for Fast Symmetric Key Encryption". Proceedings, IEEE International Conf. on Application-Specifoc Systems, Architectures and Processors, pages 356--363, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. K. Grewal and M. Miller. "Next Generation Scalable, Cost-e ective E2E Security". RSA Conference, 2010.Google ScholarGoogle Scholar
  25. S. Gueron. "Intel's New AES Instructions for Enhanced Performance and Security". Proceedings, 16th International Workshop on Fast Software Encryption (FSE 2009), LNCS 5665, pages 51 -- 66, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. A. Hodjat, D. Hwang, B.-C. Lai, K. Tiri, and I. Verbauwhede. "A 3.84 Gbits/s AES Crypto Coprocessor with Modes of Operation in a 0.18-um CMOS Technology". Proceedings, 15th ACM Great Lakes Symposium on VLSI, pages 60--63, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. A. Hodjat and I. Verbauwhede. "A 21.54 Gbits/s Fully Pipelined AES Processor on FPGA". Proceedings, 12th IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM 2004), pages 308--309, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. D. Knuth. "Seminumerical Algorithms". The Art of Computer Programming, Addison-Wesley, 2, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. C. K. Koc. "Analysis of Sliding Window Techniques for Exponentiation". Computers and Mathematics with Application, 30(10):17--24, 1995.Google ScholarGoogle ScholarCross RefCross Ref
  30. C. K. Koc, T. Acar, and B. S. Kaliski. "Analyzing and Comparing Montgomery Multiplication Algorithms". IEEE Micro, 16(3):26--33, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. Kounavis. "A New Method for Fast Integer Multiplication and its Application to Cryptography". Proceedings, 2007 International Symposium on Performance Evaluation of Computer and Telecommunication Systems, 2007.Google ScholarGoogle Scholar
  32. M. Kounavis and L. Xu. "AES-NI: New Technology for Improving Encryption Efficiency and Enhancing Data Security in the Enterprise Cloud". Intel Developer Forum, 2009. https://intel.wingateweb. com/us09/scheduler/sessions.do?searchGroup= 9&searchGroupID=10133&profileItem_id=10004.Google ScholarGoogle Scholar
  33. D. McGrew. "An Interface and Algorithms for Authenticated Encryption". Website, January 2008. http://www.faqs.org/rfcs/rfc5116.html.Google ScholarGoogle Scholar
  34. A. Menezes, P. Oorschot, and S. Vanstone. "Handbook of Applied Cryptography". CRC Press, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. N. Mentens, L. Batina, B. Preneel, and I. Verbauwhede. "A Systematic Evaluation of Compact Hardware Implementations for the Rijndael S-Box". Proceedings of CT-RSA 2005, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. P. Montgomery. "Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor". Masters Thesis, University of Oxford, UK, 1986.Google ScholarGoogle Scholar
  37. P. Montogomery. "Five, Six and Seven-term Karatsuba-like Formulae". IEEE Transactions on Computers, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. S. Moriokah and A. Satoh. "An Optimized S-Box Circuit Architecture for Low Power AES Design". Proceedings, Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002), pages 172--186, May 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. K. K. Peretti. "Data Breaches: What the Underground World of Carding Reveals". the Santa Clara Computer and High Technology Journal, 25(2):375--413, January 2009.Google ScholarGoogle Scholar
  40. C. Rebeiro, D. Selvakumar, and A. S. L. Devi. "Bitslice Implementation of AES". Cryptology and Network Security, LNCS 4301, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. A. Rudra, P. K. Dubey, C. S. Jutla, V. Kumar, J. R. Rao, and P. Rohatgi. "Efficient Rijndael Encryption with Composite Field Arithmetic". Proceedings, Workshop on Cryptographic Hardware and Embedded Systems (CHES 2001), pages 175--188, May 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. A. Satoh, S. Moriokah, K. Takano, and S. Munetoh. "A Compact Rijndael Hardware Architecture with SBox Optimization". Lecture Notes in Computer Science, LNCS 2248, pages 239--254, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. S. Schillace. "Default HTTPS Access for gmail". Website, January 2010. http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html.Google ScholarGoogle Scholar
  44. SecurityFocus. "Data Breach Costs Rise, Response Costs Fall". Website, February 2009. http://www.securityfocus.com/brief/900.Google ScholarGoogle Scholar
  45. I. Verbauwhede, P. Schaumont, and H. Kuo. "Design and Performance Testing of a 2.29 Gb/s Rijndael Processor". IEEE Journal of Solid-State Circuits, pages 569--572, 2003.Google ScholarGoogle ScholarCross RefCross Ref
  46. A. Weimerskirch and C. Paar. "Generalizations of the Karatsuba Algorithm for Efficient Implementations. Technical Report, University of Ruhr, Bochum, Germany, 2003.Google ScholarGoogle Scholar
  47. A. Whitten. "HTTPS Security for Web Applications". Website, June 2009. http://googleonlinesecurity.blogspot.com/2009/06/https-security-for-web-applications.html.Google ScholarGoogle Scholar
  48. J. Wolkerstorfer, E. Oswald, and M. Lamberger. "An ASIC Implementation of the AES SBoxes". Proceedings, CT-RSA 2002, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Encrypting the internet

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      Get this Publication

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      View Table of Contents
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!