The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

SSLmTCP Handshake : Embedding the SSL Handshake into the TCP 3-Way Handshake

SSLmTCP 핸드쉐이크 : SSL 핸드쉐이크를 포함하는 TCP 3-단계 핸드쉐이크

  • Byun, Ki-Seok (Cryptosystem Development PKI Team, Penta Security Systems) ;
  • Park, Jun-Cheol (Department of Computer Engineering, Hongik University)
  • Received : 2016.12.28
  • Accepted : 2017.02.15
  • Published : 2017.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

We propose a scheme to reduce the time for the SSL/TLS handshake by embedding it into the TCP 3-way handshake. The scheme can be selectively applied on the standard TCP for making the SSL/TCP handshake happen within the TCP handshake, rather than performing the TCP handshake and SSL/TLS handshake in sequence. We implemented a prototype of the scheme and did some experiments on its performance. Experimental results showed that, compared to the sequential handshakes of the TCP and the SSL/TLS, the time reduction achieved by the scheme varied in the range of 3.2% and 14%(when the elapsed time by the ping program from the client to the server was 11.6ms). The longer the time measured by the ping program, which would grow as the propagation and queuing delays do, the larger the reduction rate. It accords with the supposition that the reduced time due to the scheme will increase in proportion to the amount of the elapsed time measured by the ping program.

본 논문에서는 SSL/TLS 핸드쉐이크를 TCP 3-단계 핸드쉐이크에 포함시켜 SSL/TLS 핸드쉐이크 시간을 단축하는 방식을 제안한다. 제안 방식은 기존 TCP에 선택적으로 추가하여 사용할 수 있으며, 적용 시 TCP와 SSL/TLS 핸드쉐이크가 순차적으로 일어나는 대신 겹쳐서 진행되도록 한다. 제안 방식의 프로토타입을 구현하였고, 성능측정을 위한 실험을 진행했다. 실험 결과, 기존 TCP 및 SSL/TLS의 순차적 핸드쉐이크에 비해, 제안 방식은 3.2%부터 14%(클라이언트에서 서버까지의 핑 프로그램에 의한 소요시간이 11.6ms일 때) 수준의 시간 절감을 달성하였다. 클라이언트와 서버 간의 핑 프로그램의 측정된 소요시간이 늘어남에 따라 실행시간 감소율 또한 증가하였는데, 여기서 핑 프로그램의 소요시간은 전파지연 및 큐잉지연이 커짐에 따라 증가하게 된다. 실험 결과는 제안 방식으로 인해 절감된 시간이 핑 프로그램의 측정된 소요시간에 비례하여 커질 것이라는 예측과 잘 부합한다.

Keywords

References

  1. E. Rescorla and A.Schiffman, The Secure HyperText Transfer Protocol(1999), Retrieved Dec., 20, 2016, from https://tools.ietf.org/html/rfc2660
  2. HTTPS usage statistics on top websites(2016), Retrieved Nov., 29, 2016, from statoperator, https://statoperator.com/research/https-usage-statistics-on-top-websites/
  3. Josh Aas, Enabling HTTP Over SSL(2016), Retrieved Nov., 29, 2016, from https://letsenc rypt.org/2016/06/22/https-progress-june-2016.html
  4. J. Hodges and C. Jackson, HTTP Strict Transport Security(2012), Retrieved Dec., 20, 2016, from https://tools.ietf.org/html/rfc6797
  5. T. Socolofsky and C. Kale, A TCP/IP Tutorial(1991), Retrieved Dec., 20, 2016, from https://tools.ietf.org/html/rfc1180
  6. W. J. Choi, Ramneek, and W. J. Seok, "Yellow-light TCP: Energy-saving protocol for mobile data transmission," J. KICS, vol. 40, no. 03, pp. 478-490, Mar. 2015. https://doi.org/10.7840/kics.2015.40.3.478
  7. Microsoft, Explanation of the 3-way Handshake via TCP/IP, Retrieved Nov., 28, 2016, from https://support.microsoft.com/en-us/kb/172983
  8. A. Freier, P. Karlton, and P. Kocher, The Secure Sockets Layer(SSL) Protocol Version 3.0(2001), Retrieved Nov, 21, 2016, from https://tools.ietf.org/html/rfc6101
  9. T. Dierks and C. Allen, The TLS Protocol Version 1.0(1991), Retrieved Nov., 21, 2016, from https://www.ietf.org/rfc/rfc2246.txt
  10. IBM, Supported SSL and Transport Layer Security protocols, Retrieved Nov., 26, 2016, from http://www.ibm.com/support/knowledgecenter/ko/ssw_ibm_i_72/rzain/rzainrzaintls.htm
  11. G. T. Park, H. J. Han, and J. H. Lee, "Design and implementation of lightweight encryption algorithm on OpenSSL," J. KICS, vol. 39B, no. 12, pp. 822-830, Dec. 2014. https://doi.org/10.7840/kics.2014.39B.12.822
  12. S. M. Kim, J. S. Park, S. H. Yoon, J. H. Kim, S. O. Choi, and M. S. Kim, "Service identification method for encrypted traffic based on SSL/TLS," J. KICS, vol. 40, no. 11, pp. 2160-2168, Nov. 2015. https://doi.org/10.7840/kics.2015.40.11.2160
  13. IBM, How SSL and TLS provide identification, authentication, confidentiality, and integrity, Retrieved Nov., 26, 2016, from http://www.ibm.com/support/knowledgecenter/en/SSFKSJ_7.1.0/com.ibm.mq.doc/sy10670_.htm
  14. A. Langley, Transport Layer Security (TLS) Snap Start(2010), Retrieved Nov., 26, 2016, from https://tools.ietf.org/html/draft-agl-tls-snapstart-00
  15. E. Stark, LS. Huang, D. Israni, C. Jackson, and D. Boneh, "The case for prefetching and prevalidating TLS server certificate," in Proc. Netw. and Distrib. Sys. Secur. Symp. 2012, San Diego, USA, Feb. 2012.
  16. Gordon McKinney, TCP state Transition Diagram(2002), Retrieved Dec., 17, 2016, from http://www.cs.northwestern.edu/-agupta/cs340/project2/TCPIP_State_Transition_Diagram.pdf
  17. R. Braud, Measuring Performance with HTTP Proxies(2013), Retrieved Feb., 13, 2017, from https://blog.thousandeyes.com/measuring-performance-with-http-proxies