Performance Improvements on the Network Security Protocols

10.6633/IJNS.200801.6(1).13

Tarek S. Sobh；Ashraf Elgohary；M. Zaki

Certificate authority ； client-side caching ； security protocols ； session management ； session sharing ； SSL/TLS

International Journal of Network Security

6卷1期（2008 / 01 / 01）

103 - 115

英文

In a subscription-based remote service, a user is charged a flat fee for a period of time independent of the actual number of times the service is requested. The main concern of the service manager is to make sure that only customers that have paid the fee for the current period are granted access to the service. To do this, the service manager might give each user a username and a password to be used for accessing the service. An SSL/TLS (Security Sockets Layer/ Transport Layer Security) session is started each time a user requests the service. As a part of the handshake protocol of SSL/TLS, the user hands a certificate to the server and proves to be the legitimate owner of the certificate. Then, the server application matches the certificate against a list of qualified certificates and decides whether to grant access. The most time-consuming phase of the SSL/TLS security protocol is the handshaking process between the client and the server, since many messages should be sent until successful negotiation is done and a secure session is created. In this paper we introduce a security management system in order to: 1) improve the handshaking process by making use of SSL/TLS client-side session caching, and 2) allowing trusted users to share sessions with others. According to our experimental setup, the proposed enhancement of SSL/TLS has improved its performance relative to the corresponding traditional handshaking of SSL/TLS protocol.