The analysis of performance costs of security operations in multifaceted secure Web servers is extremely odd. Is it feasible to ascertain an exact model for simulating the behaviors of secure replicated clusters of Web servers with load-balancing switches and backend databases? Is it easy to discern, segregate, and gauge the unique sources of bottlenecks of secure Web servers when inputs and outputs overlap computations in convoluted ways?
Transport layer security (TLS) offers abstract secure sockets over transmission control protocol/Internet protocol (TCP/IP) sockets for secure applications such as secure shell connections and secure Web servers. Unfortunately, the TLS protocol supports authentication, data confidentiality, integrity, and interoperability of cryptographic parameters [1] at pricey computation overheads. However, e-commerce sites often use TLS for secure communication to avoid leaking priceless information.
The autho!rs study the performance costs of securing Web servers with the TLS protocol. Components of TLS are replaced with no-ops in trace-driven workloads of a profile TLS Web server that is used to investigate factors affecting page-serving throughput. The authors present meticulous discussions of the TLS protocol, platforms, and workload experiments used to investigate performance bottlenecks attributable to RSA operations, session cache, network connection delay, and central processing unit (CPU) latency due to cryptographic operations on packets. The throughput of a secure Web server under diverse circumstances was measured by emulating an ideal hardware accelerator, rather than by micro-benchmarking the CPU time of specific operations. The relative cost of each operation performed by the TLS Web server was projected using Amdahl’s Law for speedup.
The experimental results expose public key cryptography as the principal performance cost incurred by the TLS Web server!. However, the addition of an RSA accelerator to surmount the TLS issues produces a remarkable performance improvement. Although the study does not fully mimic secure enterprise Web sites, the paper provides reliable evidence to endorse the use of high-performance CPUs for reducing TLS overhead, and the use of a dual CPU server (instead of a single CPU server) with an RSA accelerator for exploiting throughput.