performance investigations
play

Performance Investigations Hannes Tschofenig, Manuel Pgouri-Gonnard - PowerPoint PPT Presentation

Sep 28, 2023 •110 likes •604 views

Performance Investigations Hannes Tschofenig, Manuel Pgouri-Gonnard 25 th March 2015 1 Motivation In <draft-ietf-lwig-tls-minimal> we tried to provide guidance for the use of DTLS (TLS) when used in IoT deployments and included

  1. Performance Investigations Hannes Tschofenig, Manuel Pégourié-Gonnard 25 th March 2015 1

  2. Motivation § In <draft-ietf-lwig-tls-minimal> we tried to provide guidance for the use of DTLS (TLS) when used in IoT deployments and included performance data to help understand the design tradeoffs. § Later, work in the IETF DICE was started with the profile draft, which offers detailed guidance concerning credential types, communication patterns. It also indicates which extensions to use or not to use. § Goal of <draft-ietf-lwig-tls-minimal> is to offer performance data based on the recommendations in the profile draft. § This presentation is about the current status of gathering performance data for later inclusion into the <draft-ietf-lwig-tls-minimal> document. 2

  3. Performance Data § This is the data we want: § Flash code size § Message size / Communication Overhead § CPU performance § Energy consumption § RAM usage § Also allows us to judge the improvements of various extensions and gives engineers a rough idea what to expect when planning to use DTLS/TLS in an IoT product. § <draft-ietf-lwig-tls-minimal-01> offers preliminary data about § Code size of various basic building blocks (data from one stack only) § Memory (RAM/flash) (pre-shared secret credential only) § Communication overhead (high level only) 3

  4. Overview § Goal of the authors: Determine performance of asymmetric cryptography on ARM-based processors. § Next slides explains § Assumptions for the measurements, § ARM processors used for the measurements, § Development boards used, § Actual performance data, and § Comparison with other algorithms. 4

  5. Assumptions § Main focus of the measurements so far was on § raw crypto (and not on protocol exchanges) § ECC rather than RSA § Different ECC curves § Run-time performance (not energy consumption, RAM usage, code size) § No hardware acceleration was used. § Used open source software; code based on PolarSSL/mbed TLS stack. § No hardware-based random number generator in the development platform was used à Not fit for real deployment. 5

  6. ARM Cortex-M Processors Processors used in the performance tests Recently released; Best performance Digital Signal Control (DSC) Processor with DSP Accelerated SIMD Floating point (FP) Performance efficiency Feature rich connectivity Lowest power Outstanding energy efficiency Lowest cost Low power Processors use the 32-bit RISC architecture 6 http://www.arm.com/products/processors/cortex-m/index.php

  7. Prototyping Boards used in Performance Tests § ST Nucleo F401RE (STM32F401RET6) § ARM Cortex-M4 CPU with FPU at 84MHz § 512KB Flash, 96KB SRAM § ST Nucleo F103 (STM32F103RBT6) § ARM Cortex-M4 CPU with FPU at 72MHz § 128KB Flash, 20KB SRAM § ST Nucleo L152RE (STM32L152RET6) § ARM Cortex-M3 CPU at 32MHz § 512 KBytes Flash, 80KB RAM § ST Nucleo F091 (STM32F091RCT6) ST Nucleo § ARM Cortex-M0 CPU at 48MHz § 256 KBytes Flash, 32KB RAM § NXP LPC1768 § ARM Cortex-M3 CPU at 96MHz § 512KB Flash, 32KB RAM § Freescale FRDM-KL25Z § ARM Cortex-M0+ CPU at 48MHz § 128KB Flash, 16KB RAM FRDM-KL25Z 7 LPC1768

  8. ECC Curves § NIST curves: secp521r1, secp384r1, secp256r1, secp224r1, secp192r1 § “Koblitz curves”: secp256k1, secp224k1, secp192k1 § Brainpool curves: brainpoolP512r1, brainpoolP384r1, brainpoolP256r1 § Curve25519 (only preliminary results). § Note that FIPS186-4 refers to secp192r1 as P-192, secp224r1 as P-224, secp256r1 as P-256, secp384r1 as P-384, and secp521r1 as P-521. 8

  9. Optimizations § NIST Optimization § Utilizes special structure of NIST chosen curves. § Appendix 1 of http://csrc.nist.gov/groups/ST/toolkit/documents/dss/NISTReCur.pdf § Longer version in FIPS PUB 186-4: § http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf § Relevant configuration parameter: POLARSSL_ECP_NIST_OPTIM § Fixed Point Optimization: § Pre-computes points § Described in https://eprint.iacr.org/2004/342.pdf § Relevant configuration parameter: POLARSSL_ECP_FIXED_POINT_OPTIM § Window: § Technique for more efficient exponentation § Sliding window technique described in https://en.wikipedia.org/wiki/Exponentiation_by_squaring § Relevant configuration parameter: POLARSSL_ECP_WINDOW_SIZE (min=2, max=7). 9

  10. ECDSA, ECDHE, and ECDH § Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve variant of the Digital Signature Algorithm (DSA) or, as it is sometimes called, the Digital Signature Standard (DSS). § It is used in TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 ciphersuite recommended in CoAP (and consequently also in the DTLS profile draft). § ECDSA, like DSA, has the property that poor randomness used during signature generation can compromise the long-term signing key. § For this reason the deterministic variant of (EC)DSA (RFC 6979) is implemented, which uses the private key as a source or “entropy” to seed a PRNG. § Note: None of the prototyping boards listed in the slide deck provide true random number generation. § CoAP recommends this ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 that makes use of the Ephemeral Elliptic Curve Diffie-Hellman (ECDHE). § The Elliptic Curve Diffie-Hellman (ECDH) is only used for comparison purposes in this slide deck but not used in the recommended ciphersuites. 10

  11. Key Length § Tradeoff between security and performance. § Values based on recommendations from RFC 4492. § [I-D.ietf-uta-tls-bcp] recommends at least 112 bits symmetric keys. § A 2013 ENISA report states that an 80bit symmetric key is sufficient for legacy applications but recommends 128 bits for new systems. Symmetric ECC DH/DSA/RSA 80 163 1024 112 233 2048 128 283 3072 192 409 7680 256 571 15360 11

  12. Observations: Performance Figures § ECDSA signature operation is faster than ECDSA verify operation. § Brainpool curves are slower than NIST curves because Brainpool curves use random primes. § ECC key sizes above 256 bits are substantially slower than ECC curves with key size 192, 224, and 256. § ECDH is only slightly faster than ECDHE (when fixed point optimization is enabled). § CPU speed has a significant impact on the performance. § The performance of symmetric key cryptography (keyed hash functions, encryption functions) is neglectable. 12

  13. Observations: Optimizations § NIST curve optimization provides substantial benefit for NIST secp*r1 curves. § Fixed point optimization has a significant influence on the performance. § There is a performance – RAM usage tradeoff: increased performance comes at the expense of additional RAM usage. § ECC library increases code size but also requires a fair amount of RAM for optimizations (for most curves). 13

  14. ECC Performance of the Cortex M3/M4 14

  15. Performance of various NIST/Koblitz ECC Curves NIST curves: secp521r1, secp384r1, secp256r1, secp224r1, secp192r1 Koblitz curves: secp256k1, secp224k1, secp192k1 15

  16. Performance difference between signature vs. verify For comparison: secp256r1 (signature) needs 122msec. For comparison: secp192r1 (signature) needs 66msec. 16

  17. Performance of Brainpool Curves For comparison: Secp256r1 (signature) needs 122msec. 17

  18. Performance of Brainpool Curves For comparison: Secp256r1 (verify) needs 458msec. 18

  19. Performance impact of the “window” parameter For comparison: secp521r1 (signature, W=7) needs 351msec. For comparison: secp192r1 (signature, W=7) needs 66msec. 19

  20. The Performance Impact of the NIST Optimization secp192r1 (ECDHE): 5986 msec (F401RE, optimization disabled) vs. 638 msec (optimization enabled) 20

  21. ECC Performance of the Cortex M0/M0+ 21

  22. ECDHE Performance of the KL25Z 22

  23. ECDSA Performance of the KL25Z 23

  24. + FP optimization enabled 24

  25. + FP optimization enabled 25

  26. + FP optimization enabled 26

  27. CPU Speed Impact 27

  28. Performance of ECDHE: L152RE vs. LPC1768 L152RE: LPC1768: Cortex-M3 with 32MHz Cortex-M3 with 96MHz secp192r1 (ECDHE): 1155 msec (L152RE) vs. 229 msec (LPC1768) NIST optimization enabled. 28 Fixed-point speed-up enabled.

  29. Performance Comparison: Prototyping Boards ECDSA Performance (Signature Operation, w=7, NIST Optimization Enabled) 2000.00 1800.00 1600.00 1400.00 secp192r1 Time (msec) 1200.00 secp224r1 1000.00 secp256r1 800.00 secp384r1 600.00 secp521r1 400.00 200.00 0.00 LPC1768, 96 MHz, Cortex L152RE, 32 MHz, Cortex F103RB, 72 MHz, Cortex F401RE, 84 MHz, Cortex M3 M3 M4 M4 Prototyping Boards 29

  30. Curve25519 (Warning: Preliminary Results) 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FURTHER INVESTIGATIONS INTO THE IMPACT OF REOB &amp; PARAFFINIC OILS ON THE PERFORMANCE OF

FURTHER INVESTIGATIONS INTO THE IMPACT OF REOB &amp; PARAFFINIC OILS ON THE PERFORMANCE OF

FURTHER INVESTIGATIONS INTO THE IMPACT OF REOB &amp; PARAFFINIC OILS ON THE PERFORMANCE OF BITIUMINOUS MIXTURES BY Gerald Reinke, Andrew Hanz, Doug Herlitzka, Steve Engber, Mary Ryan BINDER ETG MEETING APRIL 9, 2015 FALL RIVER, MA Mathy

1.08k views • 60 slides
Inspections and Inspections and Inspections and Investigations Investigations Investigations

Inspections and Inspections and Inspections and Investigations Investigations Investigations

Lesson 6. Inspections February 3-10, 2004 Inspections and Inspections and Inspections and Investigations Investigations Investigations Lesson No. 6 ENV H 471 Environmental Health Regulation Winter Quarter 2004 Lesson Overview Lesson

361 views • 9 slides
Welcome CURRENT ISSUES IN Internal Corporate Internal Corporate Investigations Investigations

Welcome CURRENT ISSUES IN Internal Corporate Internal Corporate Investigations Investigations

Welcome CURRENT ISSUES IN Internal Corporate Internal Corporate Investigations Investigations Steven Wolowitz John M. Driscoll Director of Litigation Michael Martinez Alex Lakatos &amp; Regulatory Affairs Mayer Brown LLP Socit

694 views • 46 slides
On-going investigations in the ECC regarding coexistence with LTE Ongoing Investigations, Work

On-going investigations in the ECC regarding coexistence with LTE Ongoing Investigations, Work

Info to EC Workshop on Coexistence Challenges of LTE Deployment On-going investigations in the ECC regarding coexistence with LTE Ongoing Investigations, Work Items and available information inside the ECC WGSE, 2 work items: Creation of

321 views • 5 slides
Patrick Clavin Chief Bureau Officer Full Preliminary Total Investigations Investigations

Patrick Clavin Chief Bureau Officer Full Preliminary Total Investigations Investigations

Dublin South Central Area Joint Policing Committee Patrick Clavin Chief Bureau Officer Full Preliminary Total Investigations Investigations Investigations Division No. of Profilers per Division per Division per Division DMR East 6 5

625 views • 6 slides
WHISTLEBLOWER INVESTIGATIONS AND RETALIATION Jeffrey S. Harris, Esq. Christine K. D. Belcaid,

WHISTLEBLOWER INVESTIGATIONS AND RETALIATION Jeffrey S. Harris, Esq. Christine K. D. Belcaid,

WHISTLEBLOWER INVESTIGATIONS AND RETALIATION Jeffrey S. Harris, Esq. Christine K. D. Belcaid, Esq. Austin F. McCullough, Esq. Misconduct Performance Problems Explanation? Should Have Known? Clear Guideline? Who Is Hurt? Coworkers?

539 views • 11 slides
company Investigations Contents Introduction who, what, why? Disqualification

company Investigations Contents Introduction who, what, why? Disqualification

company Investigations Contents Introduction who, what, why? Disqualification misconduct types Criminal referrals Legislative developments Who? Investigations and Enforcement Services What and Where? Manchester

1.55k views • 14 slides
Responding to Internal Complaints: Complaints Procedures and the Investigations that Follow

Responding to Internal Complaints: Complaints Procedures and the Investigations that Follow

06/09/2017 Responding to Internal Complaints: Complaints Procedures and the Investigations that Follow Capacity Building for Residential Service Providers to Respond Effectively to Investigations Conducted by PACY Second Consultation Meeting

628 views • 34 slides
Diagnosis of CDG Diagnosis of CDG Enzyme Analysis Enzyme Analysis and Other Investigations and

Diagnosis of CDG Diagnosis of CDG Enzyme Analysis Enzyme Analysis and Other Investigations and

Diagnosis of CDG Diagnosis of CDG Enzyme Analysis Enzyme Analysis and Other Investigations and Other Investigations Biochemical Genetics Network Cambridge April 2005 Viki Worthington National Hospital for Neurology and Neurosurgery, London

304 views • 18 slides
Agenda Reasons for using outside experts for internal investigations Types of experts to

Agenda Reasons for using outside experts for internal investigations Types of experts to

6/5/2019 Use of Third-Party Assistance for Investigations Gerry Zack, CCEP, CFE, CIA CEO SCCE &amp; HCCA Minneapolis, MN gerry.zack@corporatecompliance.org 1 Agenda Reasons for using outside experts for internal investigations

345 views • 8 slides
1 National Western Center February 25, 2016 Environmental Investigations Presentation to the

1 National Western Center February 25, 2016 Environmental Investigations Presentation to the

1 National Western Center February 25, 2016 Environmental Investigations Presentation to the Citizens Advisory Committee 2 Why Conduct Environmental Investigations? Past industrial land uses may have contaminated soils and groundwater

423 views • 14 slides
Investigations of High-Level Employees and Executives Navigating Complex Legal, Ethical and PR

Investigations of High-Level Employees and Executives Navigating Complex Legal, Ethical and PR

Presenting a live 90-minute webinar with interactive Q&amp;A Investigations of High-Level Employees and Executives Navigating Complex Legal, Ethical and PR Issues in Internal and Government Investigations WEDNES DAY, MARCH 7, 2012 1pm East ern

690 views • 41 slides
Legal Privilege for Information in August 22, 2011 Investigations in Germany Practice Group(s):

Legal Privilege for Information in August 22, 2011 Investigations in Germany Practice Group(s):

Legal Privilege for Information in August 22, 2011 Investigations in Germany Practice Group(s): Corporate Summary Companies conducting internal investigations of potential misconduct often turn to outside counsel in order to maximize the

478 views • 3 slides
and Controlling HSE Investigations in Fatal

and Controlling HSE Investigations in Fatal

NII Lunchtime Lecture: Understanding and Controlling HSE Investigations in Fatal Accident Claims Subtitle goes here 20 January 2015 Chris Gough Name

651 views • 29 slides
Governmental NZILA Conference Investigations 14 September 2017 Michael Heron QC and Inquiries

Governmental NZILA Conference Investigations 14 September 2017 Michael Heron QC and Inquiries

Governmental NZILA Conference Investigations 14 September 2017 Michael Heron QC and Inquiries Overview What is the place of insurer funded reparation payments in regulatory investigations/prosecutions? Are they appropriate? What

441 views • 19 slides
Todays Investigation, Tomorrows Risk: How to avoid pitfalls in doing investigations

Todays Investigation, Tomorrows Risk: How to avoid pitfalls in doing investigations

Todays Investigation, Tomorrows Risk: How to avoid pitfalls in doing investigations RIMs 2013 E -Day Understanding the risks we are trying to avoid in doing investigations: Civil Liability, Criminal Liability, and Reputation

213 views • 5 slides
Bayesian generalized linear models and an appropriate default prior Andrew Gelman, Aleks Jakulin,

Bayesian generalized linear models and an appropriate default prior Andrew Gelman, Aleks Jakulin,

Logistic regression Weakly informative priors Conclusions Bayesian generalized linear models and an appropriate default prior Andrew Gelman, Aleks Jakulin, Maria Grazia Pittau, and Yu-Sung Su Columbia University 14 August 2008 Gelman,

1.44k views • 130 slides
When NVMe over Fabrics Meets Arm: Performance and Implications Yichen Jia * Eric Anger Feng

When NVMe over Fabrics Meets Arm: Performance and Implications Yichen Jia * Eric Anger Feng

When NVMe over Fabrics Meets Arm: Performance and Implications Yichen Jia * Eric Anger Feng Chen * * Louisiana State University Arm Inc MSST19 May 23 th , 2019 Table of Content Background Experimental Setup Experimental

1.1k views • 54 slides
Preliminary Match-up of AIRS to ARM CART Soundings and AVN Grids Eric Fetzer AIRS Science Team

Preliminary Match-up of AIRS to ARM CART Soundings and AVN Grids Eric Fetzer AIRS Science Team

Preliminary Match-up of AIRS to ARM CART Soundings and AVN Grids Eric Fetzer AIRS Science Team Meeting June, 2001 Pasadena E. Fetzer 1 AVN / ARM Match-ups June, 2001 ARM CART Matchup Procedure Match Dave Tobins ARM CART best

278 views • 13 slides
Load-reserve / Store-conditional on POWER and ARM Peter Sewell (slides from Susmit Sarkar) 1

Load-reserve / Store-conditional on POWER and ARM Peter Sewell (slides from Susmit Sarkar) 1

Load-reserve / Store-conditional on POWER and ARM Peter Sewell (slides from Susmit Sarkar) 1 University of Cambridge June 2012 Correct implementations of C/C++ on hardware Can it be done? . . . on highly relaxed hardware? What is involved?

579 views • 25 slides
Classical Planning George Konidaris gdk@cs.brown.edu Fall 2019 The Planning Problem Finding a

Classical Planning George Konidaris gdk@cs.brown.edu Fall 2019 The Planning Problem Finding a

Classical Planning George Konidaris gdk@cs.brown.edu Fall 2019 The Planning Problem Finding a sequence of actions to achieve some goal. Planning Fundamental to AI: Intelligence is about behavior. Shakey the Robot Research project

1.1k views • 40 slides
The Tor Censorship Arms Race: The Next Chapter 1 O n l i n e A n o n y mi t y

The Tor Censorship Arms Race: The Next Chapter 1 O n l i n e A n o n y mi t y

The Tor Censorship Arms Race: The Next Chapter 1 O n l i n e A n o n y mi t y O p e n S o u r c e O p e n N e t w o r k C o mmu n i t y o f r e s e a r c h e r s , d e v e l

1.31k views • 72 slides
Searching for Arms Daniel Fershtman Alessandro Pavan October 1, 2019 Motivation

Searching for Arms Daniel Fershtman Alessandro Pavan October 1, 2019 Motivation

Searching for Arms Daniel Fershtman Alessandro Pavan October 1, 2019 Motivation Experimentation/Sequential Learning central to many problems In many cases, endogenous set of alternatives/arms search Tradeoff: exploring existing alternatives

779 views • 61 slides
MOOSE Multi level Origin Organised Scalable Ethernet draft malc armd moose

MOOSE Multi level Origin Organised Scalable Ethernet draft malc armd moose

MOOSE Multi level Origin Organised Scalable Ethernet draft malc armd moose 00 Malcolm Scott University of Cambridge Computer Laboratory Malcolm Scott draft-malc-armd-moose-00 1 Aim: Hierarchical MAC address space

111 views • 9 slides

More recommend