Performance evaluation of customized opensource SSL/TLS solutions in resource constrained environment

From its-wiki.no
Jump to: navigation, search

Performance evaluation of customized opensource SSL/TLS solutions in resource constrained environment

by Mohammad Mushfiqur.Rahman Chowdhury
Supervisor(s) Mohammad M. R. Chowdhury, Judith Rossebø
Due date 2012/05/31
Status Planned
Problem description: Recently, embedded systems (ES) have advanced considerably in terms of processing capabilities, memory supports, operating system capabilities and tools support. However, until now, relevant systems mostly contain legacy ESs for which resource constraints limit the adoption of advanced applications such as enhancements for cyber security. It is both expensive and time consuming to replace hardware from the legacy ESs with hardware that has been enhanced with advanced capabilities (processing power, memory etc...). As a first step to integrate advanced security functionalities within the legacy embedded systems, one needs to investigate the performance of the available solutions in a resource constrained environment. In this context, this research would target open-source SSL/TLS solutions. Often in order to fit these solutions into such an environment, it is required to look for a custom-made solution as well. In this thesis, the targeted open-source candidates for providing SSL/TLS are openSSL, GnuTLS, PolarSSL, SharkSSL, nanoSSL-mocana, MatrixSSL. The research will most likely use Linux-based source code and target ARM-based hardware settings.

The thesis will start with a comprehensive study of the SSL/TLS protocol and algorithm in terms of message exchanges during session establishment, key generation processes and optional and mandatory parts of the algorithm. The capabilities of the open-source solutions for SSL/TLS will be briefly studied and most of the time will be spent on testing the performance of these solutions in a real hardware setting. Before starting the performance evaluation, one should also study the hardware platform to be used. It is expected that the performance measurement would allow us to choose the best possible candidate/candidates and the reasons such choice. In the investigations of the performance of SSL/TLS, we are looking for the following answers: - How do the solutions perform with encryption and without encryption (e.g., authentication and integrity protection only)? - How long it takes to establish a session? - How do the solutions perform if we increase the size of the keys? - How do the solutions perform for different cipher suites (a representative selection of cipher suites should be used)? - Analysis of flexibility/usability of library: How modular is the candidate library? Is it easy to manage which parts are needed and use only these? - Which one is the best candidate compared with the size of the solution and above performance criteria?

Requirements: - Relevant knowledge on Security (e.g. SSL/TLS protocol) - Good knowledge on C++ programming language - Knowledge on Linux OS Interested and competent students are asked to send in CV with necessary competence details as soon as possible to: Judith Rossebø, Judith.rossebo@no.abb.com Mohammad Mushfiqur Rahman Chowdhury, mohammad.chowdhury@no.abb.com

Methods and Tools:
Time schedule ASAP
Pre-Knowledge C/C++, IT security, SSL/TLS
Approved by
Keywords Cyber Security, TLS, Networked embedded systems, Encryption
Depiction

this page was created by Special:FormEdit/Thesis, and can be edited by Special:FormEdit/Thesis/Performance evaluation of customized opensource SSL/TLS solutions in resource constrained environment

Tools and Methods

(adapt and copy this part to the Methods section of the header)

The tools and methods in this thesis are based on

  • A set of scenario, describing the challenges
  • A list of requirements being extracted from the scenarios
  • A description and evaluation of technologies and tools being candidates for solutions
  • A functional architecture/description of the envisaged system
  • An implementation of the core concepts
  • A demonstration of the solution
  • An evaluation of the solution, including a critical review of the descisions taken earlier
  • Conclusions
  • References

Pre-Knowledge

(adapt and copy this part to the Pre-Knowledge section of the header)

  • This thesis includes a reasonable amount of programming,
  • This thesis is based on radio communications, thus expects the user to have followed at least two radio-related courses

Time schedule

(adapt and copy this part to the Pre-Knowledge section of the header)

T0 0 starting month, T0+m denotes the month where the contribution to a certain chapter shalle be finalized
T0+2 months: create an initial page describing the scenario
T0+3: Provide a list of technologies which you think are necessary for the thesis
T0+4: Establish the table of content (TOC) of the envisaged thesis. Each section shall contain 3-10 keywords describing the content of that section
T0+7: Provide a draft of section 2 (scenario) and 3 (technologies)
T0+10: Establish a draft on what to implement/architecture
T0+11: Set-up an implementation, testing and evaluation plan
T0+15: Evaluate your solution based on a set of parameters, keep in mind there is no such thing as a free lunch
T0+17: Deliver the thesis

Table of Content (TOC)

A typical example of a table of content (TOC) is provided in TOC