Design, Implementation and Performance Analysis of a Secure Messaging Application Using TLS 1.3 Over TCP
摘要
The Transport Layer Security (TLS) 1.3 protocol, introduced in 2018, has rapidly gained popularity due to its enhanced security features and improved performance. This paper presents the design, implementation, and evaluation of a secure messaging system built directly over the TLS cryptographic model, without reliance on HTTP-based frameworks. The system implements two protocol variants: one inspired by TLS 1.2 (RSA for key exchange, AES-CBC for symmetric encryption) and a modern variant based on TLS 1.3 (X25519 elliptic curve key exchange, ECDSA digital signatures, and AES-256-GCM for authenticated encryption). The selection of X25519 and ECDSA was driven by their superior performance-to-security ratio and reduced computational overhead compared to traditional RSA. AES-256-GCM was chosen for its authenticated encryption with associated data (AEAD) capabilities, providing both confidentiality and integrity in a single operation, contrasting with need of AES-CBC for separate HMAC computation. Performance benchmarking demonstrates significant advantages of TLS 1.3 cryptographic primitives. Across message sizes ranging from 7,500 to 100,000 bytes, the TLS 1.3-style implementation achieves speed improvements between 53% and 96%, with a 100% performance gain observed for 500-byte messages. CPU utilization tests further show that elliptic curve key exchange and GCM-based encryption significantly reduce processing overhead during connection establishment and sustained communication, notably decreasing server CPU usage from an average of 7.96% (peak 22.90%) to 5.14% (peak 15.50%) when handling 300 clients connecting within 60 s, each joining rooms and sending 10 messages. This study validates the practical benefits of modern secure communication techniques, emphasizing the performance and efficiency of TLS 1.3 principles in direct TCP-based messaging. Our system is designed to function as a modular and transparent reference model for the development of future secure communication platforms, with particular emphasis on ensuring user-controlled over security measures.