File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: Predictive eviction: a novel policy for optimizing tls session cache performance

TitlePredictive eviction: a novel policy for optimizing tls session cache performance
Authors
Issue Date2015
Citation
Proceedings - IEEE Global Communications Conference, GLOBECOM, 2015, article no. 7417274 How to Cite?
AbstractTransport Layer Security (TLS) is the most commonly used security protocol to encrypt web traffic. TLS connections are computationally expensive to set up, so the TLS protocol supports session resumption, where previously negotiated connection parameters can be used to short- circuit the TLS handshake. The server assigns new sessions a session identifier (ID) and caches each session by its ID so it can be retrieved later. As clients come and go, sessions in the server's cache will have to be evicted according to the server's eviction policy. We find that first-in-first-out (FIFO) and least-recently- used (LRU) are the most common session cache eviction policies among popular TLS libraries, however, for applications whose clients connect at regular intervals, such as mobile advertising, the performance of these policies may be far worse than randomly evicting policies from the cache. To handle this, we propose a novel eviction policy for TLS session caches, predictive eviction, that relies on the server knowing the next time each client will connect again. Using a real-world application of such a policy, Android in-application advertising, we build a client that is able to simulate the behavior of a large number of devices requesting mobile advertisements over TLS. We use this simulated client to benchmark the hit rate of the predictive policy compared with eviction policies found in popular TLS library implementations. In addition, we demonstrate that our policy can be implemented efficiently by benchmarking its performance in transactions per second compared with OpenSSL's session cache implementation, and compared with TLS session tickets (an alternative to session caching for resuming TLS sessions). We find that our policy has better hit rate performance than other eviction policies, and can achieve comparable performance to session tickets. To the best of our knowledge, this is the first study of the performance of TLS session resumption strategies.
Persistent Identifierhttp://hdl.handle.net/10722/346589
ISSN

 

DC FieldValueLanguage
dc.contributor.authorStevens, Ryan-
dc.contributor.authorChen, Hao-
dc.date.accessioned2024-09-17T04:11:53Z-
dc.date.available2024-09-17T04:11:53Z-
dc.date.issued2015-
dc.identifier.citationProceedings - IEEE Global Communications Conference, GLOBECOM, 2015, article no. 7417274-
dc.identifier.issn2334-0983-
dc.identifier.urihttp://hdl.handle.net/10722/346589-
dc.description.abstractTransport Layer Security (TLS) is the most commonly used security protocol to encrypt web traffic. TLS connections are computationally expensive to set up, so the TLS protocol supports session resumption, where previously negotiated connection parameters can be used to short- circuit the TLS handshake. The server assigns new sessions a session identifier (ID) and caches each session by its ID so it can be retrieved later. As clients come and go, sessions in the server's cache will have to be evicted according to the server's eviction policy. We find that first-in-first-out (FIFO) and least-recently- used (LRU) are the most common session cache eviction policies among popular TLS libraries, however, for applications whose clients connect at regular intervals, such as mobile advertising, the performance of these policies may be far worse than randomly evicting policies from the cache. To handle this, we propose a novel eviction policy for TLS session caches, predictive eviction, that relies on the server knowing the next time each client will connect again. Using a real-world application of such a policy, Android in-application advertising, we build a client that is able to simulate the behavior of a large number of devices requesting mobile advertisements over TLS. We use this simulated client to benchmark the hit rate of the predictive policy compared with eviction policies found in popular TLS library implementations. In addition, we demonstrate that our policy can be implemented efficiently by benchmarking its performance in transactions per second compared with OpenSSL's session cache implementation, and compared with TLS session tickets (an alternative to session caching for resuming TLS sessions). We find that our policy has better hit rate performance than other eviction policies, and can achieve comparable performance to session tickets. To the best of our knowledge, this is the first study of the performance of TLS session resumption strategies.-
dc.languageeng-
dc.relation.ispartofProceedings - IEEE Global Communications Conference, GLOBECOM-
dc.titlePredictive eviction: a novel policy for optimizing tls session cache performance-
dc.typeConference_Paper-
dc.description.naturelink_to_subscribed_fulltext-
dc.identifier.doi10.1109/GLOCOM.2014.7417274-
dc.identifier.scopuseid_2-s2.0-84964866417-
dc.identifier.spagearticle no. 7417274-
dc.identifier.epagearticle no. 7417274-
dc.identifier.eissn2576-6813-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats