Loading…
Attending this event?
Back To Schedule
Thursday, February 18 • 2:45pm - 3:25pm
Mathematics and development of fast TLS handshakes

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tempesta TLS is an implementation of TLS handshakes for the Linux kernel. Since the kernel already provides symmetric ciphers, we focus on asymmetric cryptography only, elliptic curves in particular.

Use used the mbed TLS library as the foundation and almost fully rewrote it to make is x40 faster. During our development we also use parts of WolfSSL library. While WolfSSL outperforms OpenSSL, it uses the same algorithms, which are 5-7 years of old. Tempesta TLS uses newer and more efficient algorithms from the modern cryptography research.

While we still improving performance of Tempesta TLS, the implementation already establishes 40-80% more TLS handshakes per second than OpenSSL/Nginx and provides up to x4 lower latency in several tests.

This talk covers following topics with plenty of benchmarks:

* The fundamentals of elliptic curve computations and the most "hot spots"

* Side channel attacks (SCA) and methods to prevent them

* How the recent CPU vulnerabilities impact TLS handshakes

* Basics of the new fast algorithms used in the Tempesta TLS

* The design trade offs in OpenSSL, WolfSSL, mbed TLS, and Tempesta TLS

* The funny assembly code with is more straightforward than C

Speakers
avatar for Alexander Krizhanovsky

Alexander Krizhanovsky

Tempesta Technologies
Alexander is the CEO of Tempesta Technologies, Inc., and is the architect of Tempesta FW, a high performance open source Linux application delivery controller. Alexander is responsible for the design and performance of several products in the areas of network traffic processing and... Read More →


Thursday February 18, 2021 2:45pm - 3:25pm CET
Session Room 1
Feedback form isn't open yet.