reconciling performance and security in high load
play

Reconciling Performance and Security in High Load Environments - PowerPoint PPT Presentation

Mar 10, 2023 •101 likes •1.45k views

Reconciling Performance and Security in High Load Environments Ignat Korchagin @ignatkn $ whoami Performance and security at Cloudflare Passionate about security and crypto Enjoy low level programming @ignatkn Performance vs

  1. HTTP/2 and HTTP/3 HTTP/2 (2015) @ignatkn

  2. HTTP/2 and HTTP/3 HTTP/2 (2015) ● major rework from HTTP/1 (1991) binary protocol ○ connection multiplexing ○ server push ○ @ignatkn

  3. HTTP/2 and HTTP/3 HTTP/2 (2015) ● major rework from HTTP/1 (1991) binary protocol ○ connection multiplexing ○ server push ○ ● HTTP/3 (in progress) transport over QUIC/UDP ○ @ignatkn

  4. HTTP/2 performance (2015) https://blog.cloudflare.com/introducing-http2/ @ignatkn

  5. HTTP/2 performance https://imagekit.io/demo/http2-vs-http1 @ignatkn

  6. HTTP/2 performance @ignatkn https://www.flickr.com/photos/smemon/15944989872/

  7. HTTP/2 performance @ignatkn https://www.flickr.com/photos/smemon/15944989872/

  8. SSL/TLS https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/ @ignatkn

  9. SSL/TLS: RSA vs ECC https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/ @ignatkn

  10. SSL/TLS: RSA vs ECC ● RSA “older” cryptosystem (1977) ○ factoring problem of large numbers ○ sub-exponential complexity cracking algorithms ○ large keys (>=2048 bit) ○ @ignatkn

  11. SSL/TLS: RSA vs ECC ● RSA “older” cryptosystem (1977) ○ factoring problem of large numbers ○ sub-exponential complexity cracking algorithms ○ large keys (>=2048 bit) ○ ● ECC “newer” cryptosystem (1985) ○ discrete logarithm problem over elliptic curves ○ exponential complexity cracking algorithms ○ small keys (>=256 bit) ○ @ignatkn

  12. SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa @ignatkn

  13. SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 @ignatkn

  14. SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 faster TLS handshakes (~15 times faster from above) ● @ignatkn

  15. SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 faster TLS handshakes (~15 times faster from above) ● less CPU utilisation ● @ignatkn

  16. SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 faster TLS handshakes (~15 times faster from above) ● less CPU utilisation ● less key storage ● @ignatkn

  17. SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 faster TLS handshakes (~15 times faster from above) ● less CPU utilisation ● less key storage ● better security ● @ignatkn

  18. SSL/TLS: RSA vs ECC (2017) https://blog.cloudflare.com/how-expensive-is-crypto-anyway/ @ignatkn

  19. The Internet: network of networks https://www.cloudflare.com/en-au/learning/security/glossary/what-is-bgp/ @ignatkn

  20. The Internet: AS and BGP I have 1.1.1.1 @ignatkn

  21. The Internet: AS and BGP I have 8.8.8.8 I have 1.1.1.1 @ignatkn

  22. The Internet: packet switching By Oddbodz - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=29033823 @ignatkn

  23. The Internet: BGP security I have 8.8.8.8 I have 1.1.1.1 @ignatkn

  24. The Internet: BGP security I have 8.8.8.8 I have 1.1.1.1 I have 1.2.3.4 @ignatkn

  25. The Internet: BGP security I have 8.8.8.8 I have 1.1.1.1 I have 1.2.3.4 I have 1.2.3.4 @ignatkn

  26. The Internet: BGP with RPKI I have 8.8.8.8 I have 1.1.1.1 I have 1.2.3.4 I have 1.2.3.4 @ignatkn

  27. The Internet: BGP with RPKI I have 8.8.8.8 I have 1.1.1.1 I have 1.2.3.4 I have 1.2.3.4 @ignatkn

  28. The Internet: BGP with RPKI ● RPKI prevents bad actors from claiming resources they don’t own @ignatkn

  29. The Internet: BGP with RPKI ● RPKI prevents bad actors from claiming resources they don’t own ● however, not all “false claimers” are bad actors bugs in network equipment software ○ network equipment misconfigurations ○ @ignatkn

  30. The Internet: BGP with RPKI ● RPKI prevents bad actors from claiming resources they don’t own ● however, not all “false claimers” are bad actors bugs in network equipment software ○ network equipment misconfigurations ○ ● RPKI improves network throughput by ensuring routes validity some misconfigurations cause severe outages ○ minor misconfigurations create packet loss ○ https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/ @ignatkn

  31. Security and process performance

  32. Cloudflare Network @ignatkn

  33. Datacentre provisioning ● connect hardware @ignatkn

  34. Datacentre provisioning ● connect hardware ● verify hardware @ignatkn

  35. Datacentre provisioning ● connect hardware ● verify hardware setup initial network ○ @ignatkn

  36. Datacentre provisioning ● connect hardware ● verify hardware setup initial network ○ configure OOB ○ @ignatkn

Recommend

Load Security Pilot Nina Day Mark Horton Why is load security an issue? On the road,

Load Security Pilot Nina Day Mark Horton Why is load security an issue? On the road,

Health and Safety Executive Load Security Pilot Nina Day Mark Horton Why is load security an issue? On the road, poorly-loaded and insecure loads can result in load shifts, vehicle rollover, or loss of control. In the workplace, loads

349 views • 17 slides
Reconciling High Server U0liza0on and Sub-millisecond

Reconciling High Server U0liza0on and Sub-millisecond

Reconciling High Server U0liza0on and Sub-millisecond Quality-of-Service Jacob Leverich and Christos Kozyrakis, Stanford University EuroSys 14, April

1.08k views • 68 slides
Parallel Programming and High-Performance Computing Part 6: Dynamic Load Balancing Dr.

Parallel Programming and High-Performance Computing Part 6: Dynamic Load Balancing Dr.

Technische Universitt Mnchen Parallel Programming and High-Performance Computing Part 6: Dynamic Load Balancing Dr. Ralf-Peter Mundani CeSIM / IGSSE Technische Universitt Mnchen 6 Dynamic Load Balancing Overview definitions

1.49k views • 52 slides
Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of

Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of

Load Balancing with nftables by Laura Garca (Zen Load Balancer Team) Netdev 1.1 Prototype of Load Balancing with nftables Goal: High Performance Load Balancer Load Balancing Solutions Load Balancing Solutions Linux Virtual Server

1.31k views • 40 slides
Parallel Programming and High-Performance Computing Part 6: Dynamic Load Balancing Dr.

Parallel Programming and High-Performance Computing Part 6: Dynamic Load Balancing Dr.

Technische Universitt Mnchen Parallel Programming and High-Performance Computing Part 6: Dynamic Load Balancing Dr. Ralf-Peter Mundani CeSIM / IGSSE / CiE Technische Universitt Mnchen Technische Universitt Mnchen 6 Dynamic Load

1.07k views • 41 slides
Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High

Getting the Performance Out Of Getting the Performance Out Of High Performance Computing High Performance Computing Jack Dongarra I nnovative Computing Lab University of Tennessee and Computer Science and Math Division Oak Ridge Nat ional

380 views • 13 slides
Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National

Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National

OOPSLA 18 Boston Reconciling High-Level Optimizations and Low-Level Code in LLVM Juneyoung Lee Seoul National Univ. Chung-Kil Hur MPI-SWS Ralf Jung Zhengyang Liu University of Utah John Regehr Nuno P. Lopes Microsoft Research

1.3k views • 127 slides
Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski contact@paulk.fr Monday July 4 th 2016 Introducing Verified Boot and Related Issues Introducing Verified Boot and Related Issues Bootup Process BIOS History

947 views • 39 slides
Reconciling finite and infinite-array approaches with the help of macro basis functions

Reconciling finite and infinite-array approaches with the help of macro basis functions

Reconciling finite and infinite-array approaches with the help of macro basis functions Christophe Craeye Universit catholique de Louvain Goals Tackle medium-to-large size arrays of complex elements with high accuracy, while exploiting as

267 views • 23 slides
Cloud-based Global Load Balancing Improve Performance and reliability while reducing IT costs

Cloud-based Global Load Balancing Improve Performance and reliability while reducing IT costs

Cloud-based Global Load Balancing Improve Performance and reliability while reducing IT costs Presenter Name(s) Month, Year The Right Tool For The Right Job Local Load Balancer: Great for routing requests within the data center Layer

101 views • 6 slides
Browser Enhancements to Help Improve Page Load Performance Using Delta Delivery W3C Performance

Browser Enhancements to Help Improve Page Load Performance Using Delta Delivery W3C Performance

Browser Enhancements to Help Improve Page Load Performance Using Delta Delivery W3C Performance Working Group November 8th, 2012 Robert Hundt (rhundt@google.com) Mark Heffernan (meheff@google.com) Ian Flanigan (flan@google.com) Google

326 views • 32 slides
Does data security rule out high performance? Adam Huffman 2018-02-04 FOSDEM HPC & Big Data

Does data security rule out high performance? Adam Huffman 2018-02-04 FOSDEM HPC & Big Data

Does data security rule out high performance? Adam Huffman 2018-02-04 FOSDEM HPC & Big Data Dev Room Adam Huffman 04/02/2018 Agenda The background brains of HPC More ambitious science HPC meets the Real World Data security dj

376 views • 36 slides
High Performance Actors Kiki, principal enterprise architect @ Lightbend What we mean by

High Performance Actors Kiki, principal enterprise architect @ Lightbend What we mean by

High Performance Actors Kiki, principal enterprise architect @ Lightbend What we mean by Reactive React to React to React to Users Failures Load Variance Low latency Graceful, Non-catastrophic Responsive in the face of Recovery

987 views • 64 slides
Detecting Application Load Imbalance on Cray Systems Heidi Poxon Technical Lead, Performance

Detecting Application Load Imbalance on Cray Systems Heidi Poxon Technical Lead, Performance

Detecting Application Load Imbalance on Cray Systems Heidi Poxon Technical Lead, Performance Tools Cray Inc. Outline Cray Performance Tools Overview Motivation for Load Imbalance Analysis Metrics Offered by Cray Performance Tools Examples

477 views • 21 slides
High-performance FLOSS tooling for DPA Ilya Kizhvatov Digital Security group Joint work with

High-performance FLOSS tooling for DPA Ilya Kizhvatov Digital Security group Joint work with

High-performance FLOSS tooling for DPA Ilya Kizhvatov Digital Security group Joint work with Cees-Bart Breunesse (Riscure North America) CRYPTACUS workshop, Nijmegen, 2017-11-17 Main points In many applications, attack time and not the

386 views • 10 slides
Reconciling Human Development Reconciling Human Development and Climate Protection -

Reconciling Human Development Reconciling Human Development and Climate Protection -

Reconciling Human Development Reconciling Human Development and Climate Protection - Perspectives from the Developing Countries on Perspectives from the Developing Countries on Post-Kyoto Climate Regime Jing Cao School of Economics and

585 views • 9 slides
Exercises for 8.1.3 1. Give a parse tree with semantic records for the statement Z = 2 + 2. Show

Exercises for 8.1.3 1. Give a parse tree with semantic records for the statement Z = 2 + 2. Show

326 Chapter 8 Computer Languages TABLE 4. Semantic record label Address Code Expression translated T6 3 The variable Y. T7 Load 0,A The assignment statement Load 2,B Y = 3 + 2*X. Mult A,B,4 Load 4,A Load 1,B Add A,B,5 Load 5,A

427 views • 8 slides
Load Balancing Load Balancing Load balancing: distributing data and/or computations across

Load Balancing Load Balancing Load balancing: distributing data and/or computations across

Load Balancing Load Balancing Load balancing: distributing data and/or computations across multiple processes to maximize efficiency for a parallel program. Static load-balancing: the algorithm decides a priori how to divide the workload.

444 views • 27 slides
Horus: Fine-Grained Encryption- Based Security for High Performance Petascale Storage Ranjana

Horus: Fine-Grained Encryption- Based Security for High Performance Petascale Storage Ranjana

Horus: Fine-Grained Encryption- Based Security for High Performance Petascale Storage Ranjana Rajendran Ethan L. Miller Darrell D. E. Long Storage Systems Research Center University of California, Santa Cruz Sunday, November 13, 11

532 views • 16 slides
DEFCon: High-Performance Event Processing with Information Security Matteo Migliavacca, Ioannis

DEFCon: High-Performance Event Processing with Information Security Matteo Migliavacca, Ioannis

DEFCon: High-Performance Event Processing with Information Security Matteo Migliavacca, Ioannis Papagiannis, Peter Pietzuch Imperial College London David M. Eyers, Jean Bacon Cambridge Computer Laboratory Peter R. Pietzuch Brian Shand

494 views • 35 slides
High-Performance Network Security Monitoring at the Lawrence Berkeley National Lab Strategies for

High-Performance Network Security Monitoring at the Lawrence Berkeley National Lab Strategies for

High-Performance Network Security Monitoring at the Lawrence Berkeley National Lab Strategies for Monitoring External and Internal Activity Robin Sommer Lawrence Berkeley National Laboratory & International Computer Science Institute

841 views • 52 slides
Industry vs the Planet A Christian Perspective on Reconciling Environmental

Industry vs the Planet A Christian Perspective on Reconciling Environmental

Industry vs the Planet A Christian Perspective on Reconciling Environmental Stewardship with Industrial Advancement by Michael Whelan, P.E. CSM 90 and Anchor QEA, L.L.C. Industry vs. the Planet: Reconciling

375 views • 20 slides
wearable data for performance, load, and recovery analytics Tero Myllymki Head of physiology

wearable data for performance, load, and recovery analytics Tero Myllymki Head of physiology

Applications of wearable data for performance, load, and recovery analytics Tero Myllymki Head of physiology 17 May 2019 Fir irstbeat help lps every ry in indiv ivid idual l to reach their ir health and performance potential wit

643 views • 35 slides
Demystifying Page Load Performance with WProf Xiao (Sophia) Wang, Aruna Balasubramanian, Arvind

Demystifying Page Load Performance with WProf Xiao (Sophia) Wang, Aruna Balasubramanian, Arvind

Demystifying Page Load Performance with WProf Xiao (Sophia) Wang, Aruna Balasubramanian, Arvind Krishnamurthy, and David Wetherall University of Washington Web is the critical part of the Internet 1 Page load is critical Amazon can

1.01k views • 81 slides

More recommend