IETF Logo Mail Archive

Re: [sidr] Keys and algorithms for Updates - feasibility analysis? (was Re: RPKI and private keys)

"Murphy, Sandra" <Sandra.Murphy@sparta.com> Fri, 11 May 2012 18:00 UTC

Return-Path: <Sandra.Murphy@sparta.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70C1421F86F8 for <sidr@ietfa.amsl.com>; Fri, 11 May 2012 11:00:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.644
X-Spam-Level:
X-Spam-Status: No, score=-102.644 tagged_above=-999 required=5 tests=[AWL=-0.045, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id avprliXR+gGF for <sidr@ietfa.amsl.com>; Fri, 11 May 2012 11:00:48 -0700 (PDT)
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by ietfa.amsl.com (Postfix) with ESMTP id 7468121F86F7 for <sidr@ietf.org>; Fri, 11 May 2012 11:00:48 -0700 (PDT)
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.14.4/8.14.4) with ESMTP id q4BI0cko006399; Fri, 11 May 2012 13:00:38 -0500
Received: from Hermes.columbia.ads.sparta.com ([157.185.80.107]) by Beta5.sparta.com (8.13.8/8.13.8) with ESMTP id q4BI0bKX017471; Fri, 11 May 2012 13:00:38 -0500
Received: from HERMES.columbia.ads.sparta.com ([2002:9db9:506b::9db9:506b]) by Hermes.columbia.ads.sparta.com ([::1]) with mapi id 14.01.0355.002; Fri, 11 May 2012 14:00:37 -0400
From: "Murphy, Sandra" <Sandra.Murphy@sparta.com>
To: "Sriram, Kotikalapudi" <kotikalapudi.sriram@nist.gov>, "Ross.Anderson@cl.cam.ac.uk" <Ross.Anderson@cl.cam.ac.uk>
Thread-Topic: [sidr] Keys and algorithms for Updates - feasibility analysis? (was Re: RPKI and private keys)
Thread-Index: Ac0sn4X5MzR08xoIOkyL58SFwPpB3QACMZ1AAAAFxZAAgD6ygAAJaygAAAyS9W8=
Date: Fri, 11 May 2012 18:00:36 +0000
Message-ID: <24B20D14B2CD29478C8D5D6E9CBB29F60F70871E@Hermes.columbia.ads.sparta.com>
References: <CAH1iCiruThFzpef5u9NVt+3AokGnuFhq-GrbqEOkkKnVhav4zQ@mail.gmail.com> <CAL9jLab2XT-4NWr8KyHKOiQMTWqE5cTavmEr4Uw+S4zhrA=YLA@mail.gmail.com> <CAH1iCiq3so54pE9XBM5Bp13xaERbmShipmCg=ckEySiDsh5ZPQ@mail.gmail.com> <D7A0423E5E193F40BE6E94126930C4930B990A66A8@MBCLUSTER.xchange.nist.gov> <CAH1iCirMKm1TbtBzWSKy=vHGLdYHvbtnXcwO1G9aG00n3DXmyw@mail.gmail.com> <D7A0423E5E193F40BE6E94126930C4930B990A6710@MBCLUSTER.xchange.nist.gov> <D7A0423E5E193F40BE6E94126930C4930B990A6716@MBCLUSTER.xchange.nist.gov>, <CABFLmSTVmEUMYZmXNkbhSac0_jb0o-2nPG2_58Si0SGmF0podA@mail.gmail.com>, <D7A0423E5E193F40BE6E94126930C4930B985DEF48@MBCLUSTER.xchange.nist.gov>
In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930B985DEF48@MBCLUSTER.xchange.nist.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.185.63.118]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "sidr wg list (sidr@ietf.org)" <sidr@ietf.org>
Subject: Re: [sidr] Keys and algorithms for Updates - feasibility analysis? (was Re: RPKI and private keys)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2012 18:00:51 -0000

Before we get too involved in discussing performance and different methods of measuring performance, I think it is very important to address the features of what Brian is suggesting;

such as:

what security services are being supplied?
who is involved in the service - where is the service applied and where validated?
what is being protected?
what are the components and the architecture?

etc.

--Sandy, speaking as wg co-chair


________________________________________
From: sidr-bounces@ietf.org [sidr-bounces@ietf.org] on behalf of Sriram, Kotikalapudi [kotikalapudi.sriram@nist.gov]
Sent: Thursday, May 10, 2012 9:05 AM
To: Ross.Anderson@cl.cam.ac.uk
Cc: sidr wg list (sidr@ietf.org)
Subject: Re: [sidr] Keys and algorithms for Updates - feasibility analysis? (was Re: RPKI and private keys)

Hi Ross,

The 10,000/s number is Brian Dickson's and
it is not related to ECDSA (or RSA) signing/verification of BGPSEC updates.

In my work on performance modeling of BGPSEC, I have used the basic
signing/verification measurement data from the eBACS benchmarking effort:
http://bench.cr.yp.to/results-sign.html
The measurement numbers they report are in the same ballpark as yours for RSA signing.
However, the BGPSEC spec draft specifies ECDSA-P256, which is much faster than RSA-2048 for signing.
(Side note: ECDSA-P256 was also preferred because it results in a much lower size for BGPSEC updates
and hence lower router RIB memory size.
http://www.nist.gov/itl/antd/upload/BGPSEC_RIB_Estimation.pdf  )

Regarding how the eBACS measurement data were used to model BGPSEC CPU performance,
please see:
http://ripe63.ripe.net/presentations/127-111102.ripe-crypto-cost.pdf
(slides 10 and 11 summarize signing/verification speeds for various latest Intel and Cavium processors)
or see,
http://www.ietf.org/proceedings/83/slides/slides-83-sidr-7.pdf
(slides 7 and 8).

The performance modeling and measurement work is still evolving and there is still ways to go
w.r.t. prototyping of BGPSEC and measurements with actual signed updates, etc.

Sriram

________________________________________
From: Ross.Anderson@cl.cam.ac.uk [rossjanderson@googlemail.com]
Sent: Thursday, May 10, 2012 4:35 AM
To: Sriram, Kotikalapudi
Cc: Brian Dickson (brian.peter.dickson@gmail.com) sidr wg list (sidr@ietf.org)
Subject: Re: [sidr] Keys and algorithms for Updates - feasibility analysis? (was Re: RPKI and private keys)

Sriram

You can't get 10,000 signature creations and verifications a second on
a standard Intel core. You can get maybe 100.

Your colleagues who work on smart grid standards have experience of
this. The IEC working group assumed that all LAN traffic in
electricity substations could be authenticated by digital signatures.
This turned out to not work, and caused a major stall in the smart
grid security program. Some substation LAN traffic has a hard
end-to-end latency bound of 4ms, and that simply can't be achieved on
standard cores using 1024-bit RSA signatures. You need custom
hardware, which brings serious export control headaches as well as
significant costs. We wrote this up in

  http://www.cl.cam.ac.uk/~sf392/publications/S4-1010.pdf

Ross
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

v2.29.0 | Report a Bug | By Email | System Status