computation time required for authentication and negotiation procedures. Apostolopou
los et al.  showed that session reuse is essential to improve the performance of Web
Table 4.1 shows the cost of cryptographic algorithms used in SSL. We measured
the execution time of the algorithms in a 500MHz UltraSPARC uni processor, running
Solaris 2.9 with 1GBytes memory. The algorithms we measured are RSA, RC4 and MD5,
which are the most widely used cipher suite provided by a Web server and a Web browser.
RSA is measured using SSLeay's RSA private encrypt(), RSA public decrypt() functions
and RC4 and MD5 are measured using RC4() and MD5() functions, respectively .
Since the RSA algorithm is optimized for the public key operation, the operation time
for the public key is relatively fast compared to the private key operation. In the SSL
protocol, a server needs to compute a private key to establish a secure channel with a
client. Thus, to negotiate the session key between a server and a client, the client uses
the server's public key to encrypt a session key and the server has to decrypt it using its
own private key. This process increases the server side overhead. The key size of RSA
impacts the level of the security. The 2048 bit RSA key can provide a much stronger
security level than a 1024 bit RSA key, while the former requires more than six times
the computation cost as shown in Table 4.1.
The computation costs for the RC4 and MD5 in Table 4.1 are the encryption and
message digesting time for the 1KBytes data blocks with a 128 bit key. These costs are
relatively small compared to the cost for an RSA algorithm.