Overcoming
the Inconvenience Barrier
Overall goal: Develop tools that can be used to
predict the performance/usability of PKI components.
Why do we need to do this:
- Misconceptions about security (it's not just key length)
- Security/performance tradeoff (not all applications need highest level)
- Human factors questions, including:
- If people are going to choose their own security level, on what grounds
do they choose
- What kind of performance will people tolerate
- Off line vs on line
- Traditional CS models (count bit operations, all equal) are not very good.
We want something that will work across machines (which features most impact
performance?)
- Unusual hardware requirements (low power, smart cards, etc.)
Workplan:
Stage 1: Gather data. Look at Baltimore Unicert software, Condor PKI
packages and others. Separate timings into:
- basic crypto algorithms
- standard protocols (data shuffling etc)
- other
Do this on a variety of machines to get some feel for what processor, memory,
etc. features make the difference. Try to get a feel for how network features
impact this too (it's not just one machine anymore).
Experiment with changing crypto algorithms (is it easy to change to elliptic
curve, etc.), protocols, interfaces, ...
Stage 2: Develop quantititative ideas about what is impacting performance
- Try to adapt performance metrics a la CS 547, 747 to predict
- If we are lucky the models will be simple to understand and point out
key bottlenecks; if not, keep working
Stage 3:
- Test and validate the models Publicize findings
- If models are simple/accurate enough, design prediction procedures and
software tools that could extract model predictions automatically
Rough Timeline:
| Fall 2000 - Summer 2001 |
Stage 1: Gather data. |
| Fall 2001 - Spring 2002 |
Stage 2: Develop quantitative performance tools |
| Summer 2002 - Fall 2002 |
Stage 3: Test and validate the models |
