Secure Teleconference over SSLOutlinePurposeBackgroundOpenSSL Protocol LayersSSL Record StructureCertificate CheckingCertificate CheckingOpenSSL MessagesSoftware ArchitectureEnvironment/CompilerOther componentsPerformance metrics (1):Throughput of different symmetric ciphersPerformance metrics (2):The effect of the 1-bit transmission error Performance metrics (3):Codec ThroughputFour Given Different CPUs and Three Operating SystemsPerformance metrics (4):Authentication and key exchange delayIBM 1.1 GHz, RSA 3072 certificatePerformance metrics (4):Authentication and key exchange delayDell 2.0 GHz, RSA 3072 certificatePerformance metrics (4):Authentication and key exchange delayIBM 1.1 GHz, DSA 3072 certificatePerformance metrics (4):Authentication and key exchange delayDell 2.0 GHz, DSA 3072 certificatePerformance metrics (5):Network SpeedPerformance metrics (5):Network SpeedPerformance metrics (5):Network SpeedPerformance metrics (5):Network SpeedContributionsConclusionsSecure Teleconference over SSLInja YounECE 746 Project May 17, 2005 SpringOutline• Purpose• Background (OpenSSL)• Software Architecture• Experiments and Results• Contribution• ConclusionPurpose• Provide reliable security services for teleconference using OpenSSL• Address the performances represented by the following categories:–Certificate schemes –Key agreement schemes –Encryption algorithms –ComparisonBackground• OpenSSL - Good Enough?– Open source (free of charge)– Fully Featured SSL implementation• Provides strong cryptographic combinations of PKI, key exchange algorithms, symmetric key algorithms, message authentication codes• Secure Sockets Layer (SSL)– Capability of authentication of both client and server– Application independent – Capability of key agreement– Encryption, authentication and message authentication codes (MAC) for achieving the integrity of the transmissionOpenSSL Protocol LayersApplication Application Application– Sockets –TCP SSLTCPIPFragmentationCompressionAuthenticationCompressionIPInsecureTransportLayerSecureTransportLayerTransportSSL Record StructureCertificate CheckingCertificate RequestCertificate RequestCertificateRevocation ListCertificate AuthorityRoot CertificatePrivate keyK*RPublic keyKRClientPrivate keyK*CPublic keyKCServerPrivate keyK*SPublic keyKSCertificate CheckingSigned CertificateSigned CertificateCertificate AuthorityRoot CertificateCLRPrivate keyK*RPublic keyKRClientPrivate keyK*CPublic keyKCServerPrivate keyK*SPublic keyKSClientCert.pemKC: public key infoName: Inja YounPurpose: teleconf.clientValidity: from… to…State: VA, Country: USOrganization: ACME IncServerCert.pemKs: public key infoName: TeleconfPurpose: teleconf.serverValidity: from… to…State: VA, Country: USOrganization: ACME IncOpenSSL MessagesClient Hello (Cipher suite)Server Hello (Cipher Selected)Server CertificateGenerate Ephemeral KeyCertificate Request1TCP HandshakeServer Hello FinishedClient Certificate4Generate Ephemeral Key5Compute Shared SecretVerify Server Certificate3FinishedCompute Shared SecretVerify Client CertificateFinishedApplication DataApplication Data2SSL HandshakeSoftware ArchitectureTransmission Steps• Capture voice• Compress• Encrypt with K1• Send to server• Decrypt with K1• Encrypt with K2, K1• Forward to destinations• Decrypt with K2• Decompress•Play• Decrypt with K1• Decompress•PlayServerVoiceCaptureVoicePlaySSLSPEEXCodecSSLK1K1K2K2VoiceCaptureVoicePlaySPEEXCodecClient 1 Client NEnvironment/Compiler• Compiler: Visual C++.Net 2003 (7.1)• Install binary distribution for windows of OpenSSLhttp://www.slproweb.com/products/Win32OpenSSL.html– Copy the OpenSSL/include directory in Visual C++ /include directory– Copy the OpenSSL/lib/VC directory in Visual C++ /lib directory• Install Ms DirectX 9.0 SDK (summer 2004 update) for voice play and voice captureOther components• Secure RNG– Included in SSL– 255 random bits needed for initialization–Options• Linux: /dev/random• Windows: EGADS (slow)• Native Windows Cryptographic context (PROV_RSA_FULL)• Multimedia Codec– SPEEX open source codec (free of charge)– Patent free software– 7:1 compression rate– 8kHz sampling mono, 16-bit/sample in PCM• High resolution CPU tick counter– Created by J.M. McGuiness and P.J. Naughter– Benchmark of CPU speed is saved in the registry for later usePerformance metrics (1):Throughput of different symmetric ciphersEncryption Throughput (Mbit/s)0.0050.00100.00150.00200.00250.00300.00350.00400.00AES128 AES256 3DES IDEA RC4OpenSSL Benchmark (Mbit/s)020040060080010001200AES128 AES256 3DES IDEA RC4Decryption Throughput (Mbit/s)050100150200250300350400AES128 AES256 3DES IDEA RC4Performance metrics (2):The effect of the 1-bit transmission error• Saved the voice in raw (.wav) and compressed (.spx) format• Encrypt the file with different ciphers in different operation modes• Flip the 2ndbit of the 10,000thbyte of the file• Measured the effect of bit error for each cipher and operation mode• Decrypt/decompress (if necessary) and listen to the malformed file• The effect was as expected (1 block changed for ECB, 1 block and 1 byte changed for CBC and CFB and 1 byte changed for OFB mode• Surprisingly, the effect of an 1-bit change on the encrypted raw file (a click sound) can be heard when playing the file• I couldn’t hear any effect of an 1-bit change on the encrypted .spx fileCipher Mode # Bytes #BytesChanged ChangedRaw file .spx fileAES 128 ECB 16 16CBC 17 17CBF 17 17OBF 1 1AES 256 ECB 16 16CBC 17 17CBF 17 17OBF 1 13DES EEE CBC 9 9ECB 9 9CBF 9 9OBF 1 1RC4 128 ECB 1 1Performance metrics (3):Codec ThroughputSpeex Codec Compression Throughput (Mbit/s)00.20.40.60.811.21.41.6Dell 1GHz laptop Dell 1.5GHzdesktopIBM 1.1/1.8GHzlaptop Dell 2.0GHzdesktop• Measured the compression/decompression time on an about 10 seconds voice stream• The voice compression throughput is almost 10 times smaller than the voice decompression throughput• Even when working with slow ciphers (3DES), the compression delay is still a bottleneck of the software• Faster hardware platform is recommended to reduce compression time.Speex Codec Decompression Throughput (Mbit/s)0510152025Dell 1GHz laptop Dell 1.5GHzdesktopIBM 1.1/1.8GHzlaptop Dell 2.0GHzdesktopFour Given Different CPUs and Three Operating Systems–IBM1.1 GHz laptop, Windows 2000, Pentium4–Dell 2.0 GHz desktop,