Abstract
1 Introduction
With the phenomenal growth of popularity of the Internet, security is more and more important to the E-commerce business. For some sites such as finance and online payment system, it’s more important than performance. Much research has been sparked to improve data security . Some mechanisms are proposed to improve security of network attached storage systems. Freeman and Miller gave an architecture file system to
guarantee user data security using end-to-end encryption. A secure scheme to protect network-attached storage systems against different types of attacks using strong cryptography is proposed in . HTTP is the most popular protocol to transfer document over the Internet and Secure HTTP (HTTPS) is a protocol to transfer sensitive HTTP data over SSL (Secure Socket Layer) .
To understand how and to what extent the security mechanism of HTTPS affects the performance, we have been performing extensive measurements on the web servers environment. Our results show that HTTPS has different behaviors compared with HTTP and it costs more system resources on client side.
2 Preliminary Performance Analysis
We configured a standard http web server and a HTTPS server which is powered by a Verisign trial ID. Under HTTPS, all contents are encrypted through SSL (Secure Socket Layer). The system configurations are described in table l, and all machines are connected through a 100Mbps switch to form an isolated LAN.
The benchmark tool we are using is Micmsqj? Web Capacity Analysis Tool (WCAT).
WCAT runs simulated workloads on client-server configurations. WCAT measures how Internet Information Services and network configuration respond to a variety of different client requests for content, data, or html pages. The results of these tests can be used to determine the optimal server and network configuration. WCAT is specially designed to evaluate how Internet servers running Windows 2000 (or Windows NT) and Internet Information Services respond to various client workload simulations.
The server provides contents to the clients, and the controller collects the test data. The test suite we are using is Webstone, which is a standard benchmark and the size of the requested page ranges from lk to 200k. Each client runs 2 threads simultaneously. We started our experiments with measurement of system performance for HTTP and HTTPS under Webstone workload. Throughput get saturated under HTTP much faster that HTTPS. For HTTP, the server gets saturated at throughput being 600 connections/second with 5 clients. While for HTTPS, the throughput is steadily increasing and gets saturated at 400 connections/second with over 45 clients. That’s around 33% performance reduction compared to HTTP. The response times for HTTP (less than 5 seconds) are also significantly lower than that of HTTPS which ranges from
6 to 8 seconds.
For HTTP, the server processor gets saturated very quickly,while for HTTPS, the server processor has much idle time before it is saturated with over45 clients. This implies that some computation such as verification, SSL encryption is handled on the client side before a request is send to the server, which dramatically
reduces the overall system performance. Even the server is saturated, the total processor time spend on web server process are still less than 80% for both HTTP and HTTPS. Another 20% CPU time are used to operating system itself.
Our further investigations on internal system counters such as context switch and
system calls . For HTTP, with much more contexts witch and systems calls than HTTPS, the server provides much better system performance, that is, higher throughput and lower response time.
3 Conclusions
In this article, we have studied the security cost of HTTPS under Webstone workloads. Compared to standard HTTP, HTTPS costs more system resources on clients. Some computation such as verification, SSL encryption is handled on the client side before a request is send to the server, so much more clients are needed to saturate the server than that of HTTP. Once the server is saturated, the system performance of` HTTPS achieves around 67% of HTTP in terms of throughput.
The Gift
Decision Points