SSL Splitting Christopher Lesniewski-Laas and M. Frans Kaashoek { ctl,kaashoek } @mit.edu MIT LCS USENIX Security 2003 – p.
Bandwidth Offloading Server mypenguin.org (DSL) Mirror mirrors.kernel.org (OC12) Client Client ‘GET /tux.png’ USENIX Security 2003 – p.
Bandwidth Offloading Server mypenguin.org (DSL) Mirror Mirror mirrors.kernel.org daemonporn.com (OC12) Client Client Client ‘GET /tux.png’ USENIX Security 2003 – p.
Secure Bandwidth Offloading σ = Sign(tux.png) Server mypenguin.org σ (DSL) Mirror Mirror mirrors.kernel.org daemonporn.com σ (OC12) Client Client Client ‘GET /tux.png’ USENIX Security 2003 – p.
Secure Bandwidth Offloading σ = Sign(tux.png) Server mypenguin.org σ (DSL) Mirror Mirror mirrors.kernel.org daemonporn.com σ (OC12) ! Client Client Client ‘GET /tux.png’ USENIX Security 2003 – p.
Existing Solutions Aren’t Practica • Force users to install specialized browser - Ex: S-HTTP , SFSRO, BitTorrent, RPM+PGP • Operates at the channel level, not file level - Ex: SSL USENIX Security 2003 – p.
SSL’s Authentication Layer Client Server Hello Certificate Negotiate shared secret Handshak Done (knows shared secret k) (knows shared secret k) G E T / t u x . p n g A Request X X =MAC k ( ) X’ =MAC k ( ) File transf Y Check: X = X’? USENIX Security 2003 – p.
When All You Have Is A Hammer... Client Serve X =MAC k ( ) X X’ =MAC k ( ) Check: X = X’? USENIX Security 2003 – p.
SSL Splitting Client Proxy Serve X =MAC k ( ) X ‘tux.png(1/2)’ = Cache( ‘tux.png(1/2)’ ) X X’ =MAC k ( ) Check: X = X’? USENIX Security 2003 – p.
SSL Splitting 1. Connect Server Proxy Connect Client USENIX Security 2003 – p. 1
SSL Splitting 1. Connect Server Connect Proxy Connect Client USENIX Security 2003 – p. 1
SSL Splitting 1. Connect Server (knows k) 2. Handshake Proxy (cannot learn k) Negotiate shared key k Client (knows k) USENIX Security 2003 – p. 1
SSL Splitting 1. Connect Server 2. Handshake 3. Request Proxy GET /tux.png Client USENIX Security 2003 – p. 1
SSL Splitting: Cache Hit 1. Connect Server 2. Handshake 3. Request ID=SHA−1(tux.png), 4. Stub record X=MAC (tux.png) k ID Proxy Cache Client USENIX Security 2003 – p. 1
SSL Splitting: Cache Hit 1. Connect Server 2. Handshake 3. Request 4. Stub record 5. Spliced record Proxy Cache , X Client Check MAC X USENIX Security 2003 – p. 1
SSL Splitting: Cache Miss Server ID=SHA−1(tux.png), X=MAC (tux.png) k ID Proxy Cache miss! Client USENIX Security 2003 – p. 1
SSL Splitting: Cache Miss Server Get(ID) ID Proxy Cache miss! Client USENIX Security 2003 – p. 1
SSL Splitting: Cache Miss Server Get(ID) ID Proxy Cache miss! Client USENIX Security 2003 – p. 1
SSL Splitting: Cache Miss Server Get(ID) Insert Proxy Cache , X Client Check MAC X USENIX Security 2003 – p. 1
Caveats • No end-to-end confidentiality • Only distributes bandwidth load, not CPU USENIX Security 2003 – p. 2
Implementation • Server - Unmodified Apache - Modified OpenSSL library • Proxy: Perl and C - Splicing is not a cryptographic operation • Client: Netscape, IE, w3m... USENIX Security 2003 – p. 2
Performance Questions • How much data do we send over the server-proxy link? • How does overhead vary with file size? • How much overhead with realistic file size distributions? USENIX Security 2003 – p. 2
Experiments • Client replayed prerecorded request patterns • Measured bytes over server interfaces • Key performance metric is "rate" r : wire bytes sent by server r = total size of files received by clients - Smaller is better - If no caching, r = 1 + % overhead USENIX Security 2003 – p. 2
Experimental Setup • Server: 160 kbps upstream, 500 MHz AMD - CPU could push ≈ 4 Mbps using HTTPS • Client: 100 Mbps LAN, 1.2 GHz Athlon • Proxy: 100 Mbps LAN, 700 MHz P3 USENIX Security 2003 – p. 2
Single File Microbenchmark 100 HTTP HTTPS 10 Uncached 1 Rate 0.1 0.01 0.001 10 B 100 B 1 KB 10 KB 100 KB 1 MB 10 MB File size (bytes) USENIX Security 2003 – p. 2
Large Files Compress Well 100 HTTP HTTPS 10 Uncached Cached 1 Rate 0.1 0.01 Ideal SSL splitting performance 0.001 10 B 100 B 1 KB 10 KB 100 KB 1 MB 10 MB File size (bytes) USENIX Security 2003 – p. 2
Some Apache Quirks 100 Apache puts HTTP headers into HTTP separate record HTTPS 10 Uncached Cached 1 Rate 0.1 Apache bug: record size halved 0.01 0.001 10 B 100 B 1 KB 10 KB 100 KB 1 MB 10 MB File size (bytes) USENIX Security 2003 – p. 2
Understanding Single File Results • Model: r = f ( file size ) • Constant 1.5 KB overhead per file • Uncached: 5% overhead per byte • Cached: 62 bytes sent per 16 KB record - 8 KB records for files > 4 MB USENIX Security 2003 – p. 2
Real Workloads • Do real access patterns benefit from SSL splitting? • 7-month web traces taken from www.lcs.mit.edu and amsterdam.lcs.mit.edu USENIX Security 2003 – p. 2
How The Simulator Works • Input: list of file requests and sizes • Use microbenchmark results to predict number of bytes sent by server • Infinite cache USENIX Security 2003 – p. 3
Simulation Accuracy • 2 hours, 10 MB transferred, 4.43 MB of files 1.5 Simulate 3 3 1 1 Measure 6 6 . . 0 0 1 1 . . 1 1 1.0 Rate 6 2 5 5 . 4 0 . 4 0 . 0 0.5 0 1 1 . . 0 0 0.0 HTTP HTTPS Ideal SSL splitting SSL splittin cold cache cold cache 100% cache USENIX Security 2003 – p. 3
Long-Term Savings ≈ 83% • 7 months, 109 GB transferred, 10.6 GB of files 1.5 Simulate 0 5 1 0 . 1 . 1 1.0 Rate 0.5 8 1 0 . 8 0 1 0 . . 0 0 0.0 HTTP HTTPS Ideal SSL splitting SSL splittin cold cache cold cache 100% cache USENIX Security 2003 – p. 3
Summary • SSL Splitting does not: - Provide confidentiality - Reduce server CPU load • SSL Splitting does: - Reduce server bandwidth use by 25–90% - Guarantee end-to-end data integrity - Work with normal Web browsers! • You might use it if: you’re a Web site admin and you’re not sure you trust your mirrors. USENIX Security 2003 – p. 3
Availability http://pdos.lcs.mit.edu/barnraising/ USENIX Security 2003 – p. 3
Recommend
More recommend
