|
TLS Acceleration
TLS acceleration (formerly known as SSL acceleration) is a method of offloading processor-intensive public-key encryption for Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) to a hardware accelerator. Typically this means having a separate card that plugs into a PCI slot in a computer that contains one or more coprocessors able to handle much of the SSL processing. TLS accelerators may use off-the-shelf CPUs, but most use custom ASIC and RISC chips to do most of the difficult computational work. Principle of TLS acceleration operation The most computationally expensive part of a TLS session is the TLS handshake, where the TLS server (usually a webserver) and the TLS client (usually a web browser) agree on a number of parameters that establish the security of the connection. During the TLS handshake the server and the client establish session keys (symmetric keys, used for the duration of a given session), but the encryption and signature of the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
System-on-chip
A system on a chip (SoC) is an integrated circuit that combines most or all key components of a computer or electronic system onto a single microchip. Typically, an SoC includes a central processing unit (CPU) with memory, input/output, and data storage control functions, along with optional features like a graphics processing unit (GPU), Wi-Fi connectivity, and radio frequency processing. This high level of integration minimizes the need for separate, discrete components, thereby enhancing power efficiency and simplifying device design. High-performance SoCs are often paired with dedicated memory, such as LPDDR, and flash storage chips, such as eUFS or eMMC, which may be stacked directly on top of the SoC in a package-on-package (PoP) configuration or placed nearby on the motherboard. Some SoCs also operate alongside specialized chips, such as cellular modems. Fundamentally, SoCs integrate one or more processor cores with critical peripherals. This comprehensive integr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Computer Optimization
Mathematical optimization is the theory and computation of extrema or stationary points of functions. Optimization, optimisation, or optimality may also refer to: * Engineering optimization * Feedback-directed optimisation, in computing * Optimality model in biology * Optimality theory, in linguistics * Optimization (role-playing games), a gaming play style * ''Optimize'' (magazine) * Process optimization, in business and engineering, methodologies for improving the efficiency of a production process * Product optimization, in business and marketing, methodologies for improving the quality and desirability of a product or product concept * Program optimization, in computing, methodologies for improving the efficiency of software * Search engine optimization, in internet marketing *Supply chain optimization, a methodology aiming to ensure the optimal operation of a manufacturing and distribution supply chain *Social media optimization, in internet marketing, involves optimizing s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hardware Acceleration
Hardware acceleration is the use of computer hardware designed to perform specific functions more efficiently when compared to software running on a general-purpose central processing unit (CPU). Any transformation of data that can be calculated in software running on a generic CPU can also be calculated in custom-made hardware, or in some mix of both. To perform computing tasks more efficiently, generally one can invest time and money in improving the software, improving the hardware, or both. There are various approaches with advantages and disadvantages in terms of decreased latency, increased throughput, and reduced energy consumption. Typical advantages of focusing on software may include greater versatility, more rapid development, lower non-recurring engineering costs, heightened portability, and ease of updating features or patching bugs, at the cost of overhead to compute general operations. Advantages of focusing on hardware may include speedup, reduced power c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
TLS Offloading
A TLS termination proxy (or SSL termination proxy, or SSL offloading) is a proxy server that acts as an intermediary point between client and server applications, and is used to terminate and/or establish TLS (or DTLS) tunnels by decrypting and/or encrypting communications. This is different from TLS pass-through proxies that forward encrypted (D)TLS traffic between clients and servers without terminating the tunnel. Uses TLS termination proxies can be used to: * secure plaintext communications over untrusted networks by tunnelling them in (D)TLS, * allow inspection of encrypted traffic by an intrusion detection system to detect and block malicious activities, * allow network surveillance and analyze encrypted traffic, * enable otherwise unsupported integration with other applications that provide additional capabilities such as content filtering or Hardware security module, * enable (D)TLS protocol versions, extensions, or capabilities (e.g. OCSP stapling, ALPN, DANE, CT va ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Stunnel
Stunnel is an open-source multi-platform application used to provide a universal TLS/SSL tunneling service. Stunnel is used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. It runs on a variety of operating systems, including most Unix-like operating systems and Windows. Stunnel relies on the OpenSSL library to implement the underlying TLS or SSL protocol. Stunnel uses public-key cryptography with X.509 digital certificates to secure the SSL connection, and clients can optionally be authenticated via a certificate. If linked against libwrap, it can be configured to act as a proxy–firewall service as well. Stunnel is maintained by Polish programmer Michał Trojnara and released under the terms of the GNU General Public License (GPL) with OpenSSL exception. Example A stunnel can be used to provide a secure SSL connection to an existing non-SSL-aware SMTP mail server. Assuming the SMTP server expects TCP connections ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hardware Security Module
A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), and performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips. Design HSMs may have features that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the HSM inoperable, or tamper responsiveness such as deleting keys upon tamper detection. Each module contains one or more secure cryptoprocessor chips to prevent tampering and bus probing, or a combination of chips in a module that is protected by the tamper evident, tamper resistant, or tamper responsive packaging. A ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Pseudo-random Number Generator
A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG), is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by an initial value, called the PRNG's ''seed'' (which may include truly random values). Although sequences that are closer to truly random can be generated using hardware random number generators, ''pseudorandom number generators'' are important in practice for their speed in number generation and their reproducibility. PRNGs are central in applications such as simulations (e.g. for the Monte Carlo method), electronic games (e.g. for procedural generation), and cryptography. Cryptographic applications require the output not to be predictable from earlier outputs, and more elaborate algorithms, which do not inherit the linearity of simpler PRNGs, are needed. Good statist ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptographic Hash Function
A cryptographic hash function (CHF) is a hash algorithm (a map (mathematics), map of an arbitrary binary string to a binary string with a fixed size of n bits) that has special properties desirable for a cryptography, cryptographic application: * the probability of a particular n-bit output result (hash value) for a random input string ("message") is 2^ (as for any good hash), so the hash value can be used as a representative of the message; * finding an input string that matches a given hash value (a ''pre-image'') is infeasible, ''assuming all input strings are equally likely.'' The ''resistance'' to such search is quantified as security strength: a cryptographic hash with n bits of hash value is expected to have a ''preimage resistance'' strength of n bits, unless the space of possible input values is significantly smaller than 2^ (a practical example can be found in ); * a ''second preimage'' resistance strength, with the same expectations, refers to a similar problem of f ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Symmetric-key Algorithm
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. The requirement that both parties have access to the secret key is one of the main drawbacks of symmetric-key encryption, in comparison to public-key encryption (also known as asymmetric-key encryption). However, symmetric-key encryption algorithms are usually better for bulk encryption. With exception of the one-time pad they have a smaller key size, which means less storage space and faster transmission. Due to this, asymmetric-key encryption is often used to exchange the secret key for symmetric-key encryption. Types Symmetric-key encryption can use either stream ciphers or block ci ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
RSA (cryptosystem)
The RSA (Rivest–Shamir–Adleman) cryptosystem is a public-key cryptosystem, one of the oldest widely used for secure data transmission. The initialism "RSA" comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly described the algorithm in 1977. An equivalent system was developed secretly in 1973 at Government Communications Headquarters (GCHQ), the British signals intelligence agency, by the English mathematician Clifford Cocks. That system was declassified in 1997. In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private). An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be encrypted by anyone via the public key, but can only be decrypted by someone who knows the private key. The security of RSA relies on the practical difficulty of factoring the product o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
