QoS-aware Optimization Strategies And Algorithms In SSL Protocol

With the popularization of on-line banking and E-commerce, the mode of Internet service has already changed from the traditional information browsing to electronic transaction. Secure Socket Layer (SSL) protocol is the most widely deployed protocol for securing communications on the Internet network. It guarantees privacy, integrity and authenticity of information exchanged between a Web server and a Web browser based on a multiple of public key cryptographical techniques and symmetrical encryption techniques. With the amazing growth of the Web and E-commerce on the Internet, it also must offer more and more reliability on Web services. How to offer some Quality of Service (QoS) that may be satisfied with Web users has become a new issue for study. In the Web context, one of the main factors is the direct consequence of expensive Public Key operations performed by servers as part of each SSL handshake. Since most SSL-enabled servers use RSA, the burden of performing many costly decryption operations can be very detrimental to server performance.Being aware of the computational imbalance between clients and server in the SSL handshake protocol, we proposed a Client Balanced Secret Exchange Algorithm (CBSEA) to overcome the problem. This technology facilitates more favoralble load distribution by requiring clients to perform more work (as part of encryption) and server to perform commensurately less work, thus resulting in better SSL throught in the server. The proposed algorithm using many cryptographical technologies can decrypt multiple cipher texts faster than decrypting them separately one after another. It is evident that CBSEA improves the performance of the decryption time in the SSL handshake protocol.QoS-aware optimization strategies and algorithms are proposed in this thesis. Combining the users' requirements for Quality of Service (QoS), these strategies aim to optimize the parameter b which means the size of multi-clients for aggregate decryption in CBSEA. The optimization strategy which is based on the constrained model considering the users' requirements for the stability of the system is proposed firstly. In the optimization strategy which is based on the constrained model considering the user's requirement for response time, to select the optimal parameter, not only the server's performance but also the client's requirement for tolerable time is considered. Based on the analysis of the mean queue time, the mean service time and the stability of the system, the initial value and bound of optimal parameter are determined. Semi-Markov model is used to compute the approximate solution of the mean queue time. The optimization strategy which is based on the constrained model considering the user's requirement for security rank focuses on the optimal result in different public key size. The algorithms implementing these optimization strategies are proposed in the following. The proposed algorithms are evaluated to be efficient and practical through both analysis and simulation studies.A QoS-aware optimal scheduling strategy is proposed in this thesis. Based on the optimal result of the parameter b which means the size of multi-clients for aggregate decryption in CBSEA, the strategy is deployed in a Web server with two-tier architecture. It is evident that the scheduling strategy reduces the response delay of the server. To guantee the minimum turnaround-time variance as scheduling designing criteria, the client's requirement for tolerable time is set as scheduling strategy's timeout. The mean respoose time in the proposed strategy is evaluated to be efficient through both analysis and simulation studies.Finally the key dispatching in QoS-aware optimal strategy is proposed in this thesis. The key dispatching strategy is based on unique certificate method issued by Certificate Authority (CA). This thesis indicates that using a multiple of CA's certificates method is impractical when the server sends the different public key exponents to multiple clients. The unique certificate method overcomes the disadvantages of existing key dispatching method: additional payment for CA's certificates; extra maintenance works of multiple CA's certificates. It is showed that significant benefits can be obtained from unique certificate method issued by Certificate Authority (CA) without significant increase of the computation cost and bandwidth cost.