6.6 Secure Downloads

Management wants to add secure file downloads. However, before this option is implemented, it is important to assess the likely impact on performance of this change.

Transport Layer Security (TLS) [1], which is similar to Secure Sockets Layer (SSL) version 3.0, has been selected for user authentication and for secure file downloads. TLS has two phases. The first one, the handshake phase, is used by the browser and Web server to exchange secrets. These secrets are used to generate a confidential symmetric key that is subsequently used for data exchange in the second phase of the protocol. Public key encryption is used during the handshake phase to exchange the secrets and the symmetric encryption key is used for message exchange after the handshake is complete.

Public key encryption is computationally intensive and adds to the CPU service demand. Also, during file download, symmetric encryption is performed on the file before it is downloaded. This also adds to the service demand on the CPU. A quantitative description and analysis of TLS is given by Menascé and Almeida [4], which also provides the timings for the various encryption operations used here to estimate the additional demand on the CPU due to secure file downloads. Using the data in [4], the analyst builds a table of the CPU times needed for three security alternatives: low security, medium security, and high security. The security level alternative depends on the size of the key used in the handshake phase and on the strength of the encryption and message digest algorithms used in the data transfer phase. The required CPU times for the alternatives are shown in Table 6.3.

Column 2 of Table 6.3 represents the total CPU time required by the server for the handshake phase for each downloaded file. This time is added to the CPU service demand for each download, independent of file size. The third column of the table shows the amount of additional CPU time required for each KB downloaded. Thus, the total additional CPU time required is equal to the handshake time plus the average file size multiplied by the CPU processing time. Consider for example the low-security option and PDF files, whose average file size is 377.6 KB. The additional CPU time required for secure file downloads is 49.5 (= 10.2 + 0.104 x 377.6) msec. Table 6.4 summarizes the amount of time that has to be added to the CPU demands for both PDF and ZIP downloads for each of the three security options.

Using the new CPU service demands, the QN model is re-solved. Table 6.5 shows the throughputs (i.e., X_PDF and X_ZIP) and download times (i.e., R_PDF and R_ZIP) for PDF and ZIP files under the three security options for various concurrency levels. The model, ClosedQN-Secure.XLS, is used to obtain the results in this table. Under the low security option, the SLAs for both types of files are violated for 80 concurrent users. When medium security is used, the download times for PDF and ZIP files reach their SLAs for a load of 43 users. When the high-security option is used, no more than 22 concurrent downloads can be supported.

In all secure download options, the CPU is the bottleneck. Higher levels of concurrency can be supported by upgrading to a faster CPU (see Exercise 6.7).