Virtual Private Networks powered by Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) is fast becoming a viable alternative to traditional public-key cryptosystems (RSA, DSA, DH). Although ECC algorithms have been available for quite some time, most of the work in this field has been theoretical in nature, with few actual implementations. This situation has changed because of two factors. One is that processing power itself is increasing and hackers have more resources available to them than ever before. Although 1024-bit RSA keys are the most commonly used keys today, employment of 2048-bit keys is becoming more and more widespread. With the current rate of development for the IT infrastructure and machines, 10.000-bit keys are going to be needed in order to maintain the same level of security. The increase in key size, makes it impracticable to integrate traditional public-key cryptosystems into mobile/wireless devices, which are typically limited in terms of computational power, memory or network connectivity. The alternative is to use encryption based on elliptic curves. One of the major advantages of ECC is that it offers equivalent security with RSA but uses smaller key sizes. For example, a 224-bit ECC key offers the same level of protection as a 2048-bit RSA key. This leads to increased performance in Internet communication because of faster computation times and less bandwidth being used[1]. Another reason is growing acceptance of ECC as an industry standard, which has been reflected in the work of the Internet Engineering Task Force (IETF). Elliptic Curve Cryptography can now be found in the RFCs for all the key Internet security protocols: SSL/TLS, IPSec, PKIX and S/MIME. This paper focuses on the support for ECC present in Secure Sockets Layer protocol, particularly in the OpenSSL toolkit.