Review of Naylor, A. Finamore, I. Leontiadis, Y. Grunenberger, M. Mellia, M. Munafò, K. Papagiannaki, P. Steenkiste. The Cost of The “S” in HTTPS in ACM CoNEXT 2014, Sydney, Australia, December 2014.
This paper, authored by researchers from Carnegie Mellon University, Politecnico di Torino and Telefónica Research, mainly discussed the infrastructure costs, communications latency, data usage, and even energy consumption due to wide adoption of HTTPS.
The hypertext transfer protocol was introduced at the end of ’80s and is the most widely used protocol by Internet users. In the beginning, HTTP is used to share documents (static contents), however due to Internet growth HTTP is now engineered to bring many types of content such as video, audio, etc.
Due to users’ growing concern about security and privacy on the Internet, many companies adopted encryption by default in all HTTP communication.
In the first section of this paper, the authors describe HTTPS adoption over the past three years. Based on authors’ measurement from a major European residential ISP, the number of volume shares is increasing from below 10% to almost 50% and the number of flows is increasing from around 18% to around 45%. There is HTTPS usage jump in April 2013 due to adoption of HTTPS by Facebook and Youtube. Almost half of HTTP traffic is HTTPS traffic!
In the second section, the authors quantify the HTTPS page load time overhead through active experiments. The authors targeted Alexa Top 500 sites 20 times, first using HTTP and then using HTTPS. The test PC is connected using 3G USB modem and then via fiber (FTTH) – both are typical real-world environments. The test results show HTTPS significantly increases load time, especially for 3G. About 90% for websites added larger than 500 ms latency. On the fiber (FTTH), extra latency is small however around 40% of websites, HTTPS adds more than 500 ms extra latency.
Is the extra latency cause by protocol overhead or network latency? The authors try to answer above question by extracting TLS handshake duration datasets.
Since full a TLS handshake requires at least 2xRTT, the services handled by outside the country (in the USA servers such as Hotmail, Twitter, Amazon) experience huge extra costs. Google’s services have the smallest TLS negotiation delays even though 10% of measurement of TLS negotiation to Google’s services still have more than 300 ms. This observation shows that even with good network connectivity a client can still suffer significantly from TLS handshake overhead.
In the third section, the authors describe data usage of HTTPS flows since they impact the volume of data consumed by users due to size of TLS handshake and inability to use proxy cache (including compression). On average, TLS negotiation overhead amounts to 5% of the total volume. HTTPS prevents in-network content optimizations, like proxies to perform caching and compression.
The authors analyze logs from two HTTP proxies for mobile networks and observed the decreasing of cache hit in their datasets. However it is not possible to conclude this decrease is related to the adoptions of HTTPS, or for other reasons.
The authors also suggest content delivery network (CDN) moves entirely to HTTPS. In this section the authors conclude that most users will experience a jump in data usage due to loss of compression, but ISPs will see a large increase in traffic due to loss of caching.
In the last section, the authors describe the impact of HTTPS to mobile users battery life. The authors fitted a Samsung Galaxy S II with a power meter that measured energy used every 200 micro seconds. There are two experiments in this section:
- Firstly, static content. The authors configured a server to serve objects range from 1kB to 1MB. In this experiment, the authors do not see a noticeable overhead of cryptographic operations.
- Secondly, real content. The authors did two experiments: a) mirrored the CNN website in a controlled webserver and download it 50 times. The authors do not see increase in energy cost. B) Playing a Youtube video. In this experiment, the authors’ result show that there are two distinct results due to proxy behavior.
HTTPS’s cryptographic operations have no impact to energy consumption. However the usage of proxies can have both significantly positive impact and negative impact to battery life.
The final words below to the authors: “What is clear is this: the \S” is here to stay, and the network community needs to work to mitigate the negative repercussions of ubiquitous encryption.”
Mohamad Dikshie Fauzie is a researcher at Keio University Graduate School of Media and Governance, Japan.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.