NJIT eTD::njit-etd2006-049::Anantharam, Kirthikar::"Separation of SSL protocol phases across process boundaries"

Secure Sockets Layer is the de-facto standard used in the industry today for secure communications through web sites. An SSL connection is established by performing a Handshake, which is followed by the Record phase. While the SSL Handshake is computationally intensive and can cause of bottlenecks on an application server, the Record phase can cause similar bottlenecks while encrypting large volumes of data.

SSL Accelerators have been used to improve the performance of SSL-based application servers. These devices are expensive, complex to configure and inflexible to customizations. By separating the SSL Handshake and the Record phases into separate software processes, high availability and throughput can be achieved using open-source software and platforms. The delegation of the SSL Record phase to a separate process by transfer of necessary cryptographic information was achieved. Load tests conducted, showed gains with the separation of the Handshake and Record phases at nominal data sizes and the approach provides flexibility for enhancements to be carried out for performance improvements at higher data sizes.

Title:	Separation of SSL protocol phases across process boundaries
Author:	Anantharam, Kirthikar
Document Type:	Thesis
Department:	Department of Computer Science
Degree:	Master of Science
Major:	Computer Science
Advisory Committee:	Sohn, Andrew Gerbessiotis, Alexandros V. Ott, Teunis J.
Thesis Date:	2006, May
Keywords:	Secure Socket Layer (SSL) Secure communications
Availability:	Unrestricted
Abstract:	Secure Sockets Layer is the de-facto standard used in the industry today for secure communications through web sites. An SSL connection is established by performing a Handshake, which is followed by the Record phase. While the SSL Handshake is computationally intensive and can cause of bottlenecks on an application server, the Record phase can cause similar bottlenecks while encrypting large volumes of data. SSL Accelerators have been used to improve the performance of SSL-based application servers. These devices are expensive, complex to configure and inflexible to customizations. By separating the SSL Handshake and the Record phases into separate software processes, high availability and throughput can be achieved using open-source software and platforms. The delegation of the SSL Record phase to a separate process by transfer of necessary cryptographic information was achieved. Load tests conducted, showed gains with the separation of the Handshake and Record phases at nominal data sizes and the approach provides flexibility for enhancements to be carried out for performance improvements at higher data sizes.
Complete Thesis:	njit-etd2006-049 (78 pages ~ 5,138 KB pdf)
Feedback:	Please complete this Feedback Form to inform us about your experience using this website. It will assist us in better serving your information needs in the future. Thank You!