Research On The SSL Connection Migration Mechanism With ECC Algorithm

Abstract:With the rapid popularity of E-commerce and the improvement of the service quality of online payment, the mode of Internet service has already changed from the traditional information browsing to electronic transaction. Owing to the openness of the Internet itself, many web services have rather particular security demands. The Secure Socket Layer (SSL) protocol and its successor Transport Layer Security (TLS) protocol are widely utilized to guarantee secure web communication between two communicating entities on the Internet.Undoubtedly, providing services with low communication interruption probability is very critical for the web services with high security demand. Occasionally, the connection interruptions happen frequently due to overload of the server for SSL protocol. The traditional solution is to reestablish a new SSL connection for the original communication, which may cause the data transmission delay and lower the quality of web service.Based on the situation above, the selective partial recovery (SPR) strategy in the SSL connection migration mechanism with Elliptic Curve Cryptography (ECC) algorithm is proposed in this thesis. We introduce a set of techniques to provide the recovery strategy for SSL connection with ECC cipher suites for the mechanism. Besides, in order to efficiently satisfy the system stability, in this mechanism, we have proposed an analytical model for parameter optimization of server pool which considers the ratio of successful recovery process. Besides, this model can avoid running all of the servers in the cluster and reduce the energy consumption effectively.The server pool is a subset of the server cluster, which can respond a great number of SSL requests from the users simultaneously and can migrate the SSL connections via the recovery server when server crashes in the server pool. As the implementation is transparent to the client, it can be integrated into the existing infrastructure without changing TCP/IP protocol or the client. At it is shown in the simulation results, the use of ECC cipher suites in SSL can speed up SSL handshake effectively and is more efficient than the RSA cipher suites in SSL. Besides, the SPR-based strategy can accelerate the SSL session recovery process apparently and maintain the recovery time within the customer’s tolerable response time. Moreover, the analytical model for parameter optimization in server pool, satisfies not only the requirement of system stability but also the relative high ratio of successful migration in SPR-based connection migration mechanism.