Qualities of protection available with AMS

There are three qualities of protection for Advanced Message Security, Integrity, Privacy, and Confidentiality.

Integrity protection is provided by digital signing, which provides assurance on who created the message, and that the message has not been altered or tampered with.

Privacy protection is provided by a combination of digital signing and encryption. Encryption ensures that message data is only viewable to the intended recipient, or recipients. Even if unauthorized recipients obtain a copy of the encrypted message data, they are unable to view the actual message data itself.

Confidentiality protection is provided by encryption only with optional key reuse. Significant CPU cost savings can be made with Confidentiality policies through symmetric key reuse. This new mode of operation continues to use the PKCS#7 format to share a symmetric encryption key. However, there is no digital signature, which eliminates some of the per message asymmetric key operations. The symmetric key still needs to be encrypted with asymmetric key operations for each recipient, but the symmetric key can be optionally reused over multiple messages that are destined for the same recipients. If key reuse is permitted by policy, then only the first message requires asymmetric key operations. Subsequent messages only need to use symmetric key operations.


Effect on performance

AMS uses a combination of symmetric and asymmetric cryptographic routines to provide digital signing and encryption. As symmetric key operations are very fast in comparison to asymmetric key operations, which are CPU intensive, this in turn can have a significant impact on the costs of protecting large numbers of messages with AMS.

    Asymmetric cryptographic routines
    For example, when putting a signed message, the message hash is signed using an asymmetric key operation.
    When getting a signed message, a further asymmetric key operation is used to verify the signed hash.
    Therefore, a minimum of two asymmetric key operations are required per message to sign and verify the message data.

    Asymmetric and symmetric cryptographic routines
    When putting an encrypted message, a symmetric key is generated and then encrypted using an asymmetric key operation for each intended recipient of the message.
    The message data is then encrypted with the symmetric key. When getting the encrypted message the intended recipient needs to use an asymmetric key operation to discover the symmetric key in use for the message.

All three qualities of protection, therefore, contain varying elements of the CPU intensive asymmetric key operations, which will significantly impact the maximum achievable messaging rate for applications putting and getting messages.


Key reuse

Confidentiality policies do, however, allow for symmetric key reuse over a sequence of messages.

We can use this approach to significantly reduce the costs involved in encrypting a number of messages intended for the same recipient or recipients.

For example, when putting 10 encrypted messages to the same set of recipients, a symmetric key is generated, and then encrypted for the first message, using an asymmetric key operation for each intended recipient of the message.

Based upon policy controlled limits, the encrypted symmetric key can then be reused by subsequent messages that are intended for the same recipients. An application that is getting encrypted messages can apply the same optimization, in that the application can detect when a symmetric key has not changed and avoid the expense of retrieving the symmetric key.

In this example 90% of the asymmetric key operations can be avoided by both the putting and getting applications by reusing the same key.

For more information on how to use key reuse, see:

Parent topic: Overview of Advanced Message Security