Delivering Both Security and Performance for a Better Digital Experience
This is a guest author post by Norayr Mirakyan, specialist of data management and standards compliance auditor working with us in the spring of 2021. Norayr is a student of the European Politics and Society program.
As an enthusiast of data management, technologies and policy evaluator, I have been working with Vozni LLC this spring. Our goal was to improve the digital experience on website while keeping the high standards of security measure. Visitors and users notice the difference in performance of web applications, and it is statistical well established fact that slow websites increase – what is known in the fields SEO and marketing – “bounce rate.” However, what the users do not notice is the security measures beneath which can be computationally quite a heavy load. It is not only reasonable to protect data with security measures, it has also made it to regulatory frameworks like GDPR as a norm. Hence, we concluded that this is an area in the spirit of Vozni team to work together in order to deliver both security and performance to the end users. In this article, I will present a measure taken to achieve performance improvement for the in-transit data transfer while preserving high standard of security.
Websites and Certificates
When you visit a website that is secure, typically a green padlock appears to the left of the web address (address also start with “https://” instead of “http://”) indicating authenticity and encrypted transfer of data with the remote server. This is the basic that any person needs to know on the internet for secure use of technology. However, there is no single technology to exchange data between to points. Firstly, there are SSL and TLS technologies. SSL is being deprecated through the web due to its vulnerabilities, but its name seems to persist in the term “SSL certificate” even to refer TLS implementation. Thankfully, most of the up to date web servers are packed with TLS. At the time of writing this article, RSA is the default algorithm chosen by most of the software vendors. However, the choice of algorithm also matters and the formidable alternative is ECDSA.
How ECDSA compare to RSA
RSA has been the gold standard for asymmetric cryptography since 1977 and is available for use these days. The Elliptic curve digital signature algorithm (ECDSA) has been around for quite a while already and contends to be a powerful enough algorithm of choice with one remarkable advantage. As this is not typical white paper on technology, I will make an attempt to explain what puts ECDSA at an advantages position in as simple language as possible. Finally, it has to be noted that both of the algorithms are IETF RFC defined standards. Their recognition speaks of their strength, but ultimately their reliability will depend on one’s deployment and management of the technologies.
We have introduced the term “asymmetric cryptography” above, and understanding this concept is crucial to realize the advantage of the ECDSA. These two algorithms are regarded asymmetric because there two different strings – private key and public certificate – necessary encrypt and perform secure transfer of data. The private key is held by the website owner only, and they would use it to write and transfer encrypted data. On the other end, the visitors would use the public certificate provided by the website owner to decrypt and read data. What matters here is that ECDSA is assessed to provide the same level of security as RSA while using smaller private key sizes. It becomes computationally less costly to deploy ECDSA and, thus, yielding website performance improvements. For instance, Apple has started deploying ECDSA in its ecosystems where latency can be critical like in their iMessages to secure data transfer. At Vozni, ECDSA has been already deployed to the origin and edge servers alike. Along with other measures, it was possible to reduce the load time 500 ms and lower and, as a result, managing to keep fantastic user experience even during high load hours.
Elliptic curve cryptography is a formidable technology that can provide both faster and more secure data transfer across Internet. Vozni has joined increasing number of websites using ECDSA to deliver better digital experience starting this Spring. The use of ECDSA also opens perspectives of innovative projects, that would utilize micro devices with minimalist computational paradigm.