Evaluation of the effect of SSL overhead in the performance of e-business servers operating in B2B scenarios

In the current business to business environments, transactions between e-business servers must be carried out with a high security level. To carry out secure transactions, the servers must do additional tasks, such us exchanging encryption keys and encrypting and decrypting the information interchanged during the transactions. The combination of several specific algorithms for these tasks constitutes a cipher suite. The additional tasks degrade the server performance and the challenge is to quantify the degradation as a function of the cipher suite selected.Until now, several research works have evaluated the impact of security on the performance provided by web servers using static and very simple dynamic contents. However there is a lack of research into the impact of security on the performance of e-business servers which execute complex transactions, some of them involving additional transactions with other servers.This work presents an evaluation of the impact of using SSL, with several representative configurations, on the performance of e-business servers. The business application used to carry out this execution is the TPC-App benchmark, which is a good representation of business-to-business environments. The benchmark runs on a cluster of two layers.The results of this evaluation are unexpected, because the impact of SSL on performance is small compared to the results of previous works that evaluate web servers, for which the impact of SSL on performance is very high. Therefore, this work provides insight to solve the tradeoff between security and performance when an SSL cipher suite must be selected for a complex e-business system rather than for a simple web server.