IPSec is a suite of protocols that adds security to communications at the IP level. This suite of protocols is becoming more and more important as it is included as mandatory security mechanism in IPv6. In this paper we provide an evaluation of the hardware resources needed for supporting virtual private networking through IPSec. The target system of this study is a home secure gateway, therefore only the tunnel mode is considered. Focus is on ESP protocol, but also some evaluations on AH are provided. We discuss usage of the AES, HMAC-SHA-1, and HMAC-SHA-2 cryptographic algorithms. In this paper we show that enabling IPSec in a 100 Mbit/s network kills its performance in almost every case. In a 10 Mbit/s network the results obtained for performance and CPU usage are much better. An interesting case within this network configuration is that in which IPComp is enabled and used on compressible data: CPU usage grows to 100%, but network throughput rises over the 10 Mbit/s limit, due to data compression. This performance evaluation leads the conclusion that while a hardware crypto-accelerator is really key in reaching high performance, it may also be useful in small, slow systems (e.g. mall embedded systems) where it would help improving performance and security.
|Titolo:||IPSec hardware resource requirements evaluation|
|Settore Scientifico Disciplinare:||Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni|
|Data di pubblicazione:||2005|
|Digital Object Identifier (DOI):||10.1109/NGI.2005.1431672|
|Tipologia:||Book Part (author)|
|Appare nelle tipologie:||03 - Contributo in volume|