Recent research in sensor networks has raised security issues for small embedded devices. Security concerns are motivated by the deployment of a large number of sensory devices in the field. Limitations in processing power, battery life, communication bandwidth and memory constrain the applicability of existing cryptography standards for small embedded devices. A mismatch between wide arithmetic for security (32 bit word operations) and embedded data bus widths (often only 8 or 16 bits) combined with lack of certain operations (e.g., multiply) in the ISA present other challenges. This paper

Current software implementations of current cryptographic algorithms are orders of magnitude slower than required to secure a gigabit network. This paper examines three different approaches to improving the performance of cryptographic software: new algorithm design, parallelization, and algorithm independent hardware support. We believe that in combination these approaches could go a long way to improving cryptographic protocol performance without the inflexibility required for the current generation of cryptographic hardware support. Department of Computer Science The University of Arizona Tucson, AZ 85721 1 This research supported in part by NSF under grant NCR-9206908, by ARPA under contract F19628-92-C-0089, by ARPA under contract DABT63-94-C-0002, and by NCSC under contract MDA 904-94-C-6110. Protocol Performance MD5 80 Mbits/sec DES 15 Mbits/sec 3-DES 5 Mbits/sec RSA Crypt-Decrypt 10 Kbits/sec RSA Signature 20 signatures/sec Diffie-Hellman 5 keys/sec Key Exchange Table 1: Cur...

Many HTTP resources (pages, graphics, etc.) are exact duplicates of other resources with different URLs. If an HTTP cache contains a duplicate of a requested resource, and could detect this, it could avoid substantial network costs by returning the cached duplicate in place of the requested URL. Previous studies have shown that there is substantial duplication of content in both HTTP and FTP, and several protocols have been proposed to support efficient and safe duplicate suppression in HTTP. We use traces covering millions of HTTP requests to quantify the potential benefit of an HTTP duplicate-suppression extension. In particular, we show that the benefits vary depending on content-type, and that a small fraction of Web servers account for most of the duplicated resources.

Security and privacy are growing concerns in the Internet community, due to the Internet's rapid growth and the desire to conduct business over it safely. This desire has led to the advent of several proposals for security standards, such as secure IP, secure HTTP, and the Secure Socket Layer. All of these standards propose using cryptographic protocols such as DES and RSA. Thus, the need to use encryption protocols is increasing. Shared-memory multiprocessors make attractive server platforms, for example as secure World-Wide Web servers. These machines are becoming more common, as shown by recent vendor introductions of platforms such as SGI's Challenge, Sun's SPARCCenter, and DEC's AlphaServer. The spread of these machines is due both to their relative ease of programming and their good price/performance. This paper is an experimental performance study that examines how encryption protocol performance can be improved by using parallelism. We show linear speedup for several different ...

. After many years, cryptography is coming to the Internet. Some protocols are in common use; more are being developed and deployed. The major issue has been one of cryptographic engineering : turning academic papers into a secure, implementable specification. But there is missing science as well, especially when it comes to efficient implementation techniques. 1 Introduction In early 1994, CERT announced 1 that widespread password monitoring was occuring on the Internet. In 1995, Joncheray published a paper explaining how an eavesdropper could hijack a TCP connection [Jon95]. In mid-1998, there is still very little use of cryptography. Finally, though, there is some reason for optimism. A number of factors have combined to change people's behavior. First, of course, there is the rise of the Internet as a mass medium, and along with it the rise of Internet commerce. Consider the following quote from a popular Web site: How does ------.com protect my credit card if I order online? --...

To enhance system performance computer architectures tend to incorporate an increasing number of parallel execution units. This paper shows that the new generation of MD4-based customized hash functions (RIPEMD-128, RIPEMD-160, SHA-1) contains much more software parallelism than any of these computer architectures is currently able to provide. It is conjectured that the parallelism found in SHA-1 is a design principle. The critical path of SHA-1 is twice as short as that of its closest contender RIPEMD-160, but realizing it would require a 7-way multiple-issue architecture. It will also be shown that, due to the organization of RIPEMD-160 in two independent lines, it will probably be easier for future architectures to exploit its software parallelism.

Abstract. Without any additional hardware, CEFT-PVFS utilizes the existing disks on each cluster node to provide RAID-10 style parallel I/O service. In CEFT-PVFS, all servers are also computational nodes and can be heavily loaded by different applications running on the cluster, thus potentially degrading the I/O performance. To minimize the degradation, I/O requests can be scheduled on a less loaded server in each mirroring pair. To help define the meaning of “load ” in face of multiple resources such as CPU, memory, disk and network, this paper examines the impacts of these resources by measuring aggregate I/O throughput of the simplest CEFT-PVFS configurations, under specific and isolated workload stresses. Based on the heuristic rules found from the experimental results, a scheduling algorithm for dynamic load balancing is developed. In a CEFF-PVFS with 16 data servers, we evaluate this algorithm under different workloads. The results show that the proposed scheduling algorithm significantly improves the overall performance.

Due to the ever-widening performance gap between processors and disks, I/0 operations tend to become the major performance bottleneck of data-intensive applications on modern clusters. If all the existing disks on the nodes of a cluster are connected together to establish high performance parallel storage systems, the cluster's overall performance can be boosted at no additional cost. CEFT-PVFS (a RAID 10 style parallel file system that extends the original PVFS), as one such system, divides the cluster nodes into two groups, stripes the data across one group in a round-robin fashion, and then duplicates the same data to the other group to provide storage service of high performance and high reliability. Previous research has shown that the system reliability is improved by a factor of more than 40 with mirroring while maintaining a comparable write performance. This paper presents another benefit of CEFT-PVFS in which the aggregate peak read performance can be improved by as much as 100% over that of the original PVFS by exploiting the increased parallelism.

Service Level Agreements (SLAs) specify the Quality of Services (QoS) negotiated between provider and customer. QoS Measurements provide a suitable way to proof the fulfillment of the given guarantees. During service usage the traffic of interest is already present in the network. This traffic can be utilized for passive (non-intrusive) measurement methods avoiding the disadvantages of sending test traffic for active (intrusive) measurements. Some applications (e.g. interactive applications like IP telephony) rely on guarantees for one-way metrics like one-way delay. One-way metrics usually cannot be derived from round trip measurements. Therefore specific methods are required to measure one-way metrics.

Fault tolerance is one of the most important issues for parallel file systems. This paper presents the design, implementation and performance evaluation of a cost-e#ective, faulttolerant parallel virtual file system (CEFT-PVFS) that provides parallel I/O service without requiring any additional hardware by utilizing existing commodity disks on cluster nodes and incorporates fault tolerance in the form of disk mirroring. While mirroring is a straightforward idea, we have implemented this open source system and conducted extensive experiments to evaluate the feasibility, e#ciency and scalability of this fault tolerant approach on one of the current largest clusters, where the issues of data consistency and recovery are also investigated. Four mirroring protocols are proposed, reflecting whether the fault-tolerant operations are client driven or server driven; synchronous or asynchronous. Their relative merits are assessed by comparing their write performances, measured in the real systems, and their reliability and availability measures, obtained through analytical modeling. The results indicate that, in cluster environments, mirroring can improve the reliability by a factor of over 40 (4000%) while sacrificing the peak write performance by 33-58% when both systems are of identical sizes (i.e., counting the 50% mirroring disks in the mirrored system). In addition, protocols with higher peak write performance are less reliable than those with lower peak write performance, with the latter achieving a higher reliability and availability at the expense of some write bandwidth. A hybrid protocol is proposed to optimize this tradeo#.