IPSec hardware resource requirements evaluation

IPSec is a suite of protocols that adds security to communications at the IP level. This suite of protocols is becoming more and more important as it is included as mandatory security mechanism in IPv6. In this paper we provide an evaluation of the hardware resources needed for supporting virtual pr...

Full description

Saved in:
Bibliographic Details
Published in2005 Next Generation Internet Networks pp. 240 - 246
Main Authors Ferrante, A., Piuri, V., Owen, J.
Format Conference Proceeding
LanguageEnglish
Published IEEE 2005
Subjects
Authentication
Cryptography
Data security
Electrostatic precipitators
Hardware
IP networks
Local area networks
Payloads
Protocols
Virtual private networks
Online AccessGet full text
ISBN9780780389007
078038900X
DOI10.1109/NGI.2005.1431672

Cover

Abstract IPSec is a suite of protocols that adds security to communications at the IP level. This suite of protocols is becoming more and more important as it is included as mandatory security mechanism in IPv6. In this paper we provide an evaluation of the hardware resources needed for supporting virtual private networking through IPSec. The target system of this study is a home secure gateway, therefore only the tunnel mode is considered. Focus is on ESP protocol, but also some evaluations on AH are provided. We discuss usage of the AES, HMAC-SHA-1, and HMAC-SHA-2 cryptographic algorithms. In this paper we show that enabling IPSec in a 100 Mbit/s network kills its performance in almost every case. In a 10 Mbit/s network the results obtained for performance and CPU usage are much better. An interesting case within this network configuration is that in which IPComp is enabled and used on compressible data: CPU usage grows to 100%, but network throughput rises over the 10 Mbit/s limit, due to data compression. This performance evaluation leads the conclusion that while a hardware crypto-accelerator is really key in reaching high performance, it may also be useful in small, slow systems (e.g. small embedded systems) where it would help improving performance and security.
AbstractList IPSec is a suite of protocols that adds security to communications at the IP level. This suite of protocols is becoming more and more important as it is included as mandatory security mechanism in IPv6. In this paper we provide an evaluation of the hardware resources needed for supporting virtual private networking through IPSec. The target system of this study is a home secure gateway, therefore only the tunnel mode is considered. Focus is on ESP protocol, but also some evaluations on AH are provided. We discuss usage of the AES, HMAC-SHA-1, and HMAC-SHA-2 cryptographic algorithms. In this paper we show that enabling IPSec in a 100 Mbit/s network kills its performance in almost every case. In a 10 Mbit/s network the results obtained for performance and CPU usage are much better. An interesting case within this network configuration is that in which IPComp is enabled and used on compressible data: CPU usage grows to 100%, but network throughput rises over the 10 Mbit/s limit, due to data compression. This performance evaluation leads the conclusion that while a hardware crypto-accelerator is really key in reaching high performance, it may also be useful in small, slow systems (e.g. small embedded systems) where it would help improving performance and security.
Author Piuri, V.
Ferrante, A.
Owen, J.
Author_xml – sequence: 1
  givenname: A.
  surname: Ferrante
  fullname: Ferrante, A.
  organization: Dept. of Inf. Technol., Milan Univ., Italy
– sequence: 2
  givenname: V.
  surname: Piuri
  fullname: Piuri, V.
  organization: Dept. of Inf. Technol., Milan Univ., Italy
– sequence: 3
  givenname: J.
  surname: Owen
  fullname: Owen, J.
BookMark eNotj11LwzAYhQMqqLP3gjf9A-3eNx9NcilDt8JQQb0eafIOI1urSav47524w4HnXD1wLtlpP_TE2DVCjQh2_rBsaw6gapQCG81PWGG1gUOFsQD6nBU5v8MhShllxAWbt0_P5Ms3l8K3S1QmysOU_N_4nGKiPfVjLunL7SY3xqG_Ymdbt8tUHDljr_d3L4tVtX5ctovbdRVRq7GSaNEhaWGDVx7JQCP1VjquORqnPSffBGlV13SiUyZosDY4A51ELVGAmLGbf28kos1HinuXfjbHW-IXhp5DFw
ContentType Conference Proceeding
DBID 6IE
6IL
CBEJK
RIE
RIL
DOI 10.1109/NGI.2005.1431672
DatabaseName IEEE Electronic Library (IEL) Conference Proceedings
IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume
IEEE Xplore All Conference Proceedings
IEEE Electronic Library (IEL)
IEEE Proceedings Order Plans (POP All) 1998-Present
DatabaseTitleList
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EndPage 246
ExternalDocumentID 1431672
Genre orig-research
GroupedDBID 6IE
6IF
6IK
6IL
6IN
AAJGR
AARBI
AAWTH
ALMA_UNASSIGNED_HOLDINGS
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CBEJK
IERZE
OCL
RIE
RIL
ID FETCH-LOGICAL-i175t-4191a1e739dc5c1e80647f4a27218a7c2ec6d495b6b3b58d7099da80b41741303
IEDL.DBID RIE
ISBN 9780780389007
078038900X
IngestDate Wed Aug 27 02:17:06 EDT 2025
IsPeerReviewed false
IsScholarly false
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-i175t-4191a1e739dc5c1e80647f4a27218a7c2ec6d495b6b3b58d7099da80b41741303
PageCount 7
ParticipantIDs ieee_primary_1431672
PublicationCentury 2000
PublicationDate 20050000
PublicationDateYYYYMMDD 2005-01-01
PublicationDate_xml – year: 2005
  text: 20050000
PublicationDecade 2000
PublicationTitle 2005 Next Generation Internet Networks
PublicationTitleAbbrev NGI
PublicationYear 2005
Publisher IEEE
Publisher_xml – name: IEEE
SSID ssj0000558583
Score 1.4224223
Snippet IPSec is a suite of protocols that adds security to communications at the IP level. This suite of protocols is becoming more and more important as it is...
SourceID ieee
SourceType Publisher
StartPage 240
SubjectTerms Authentication
Cryptography
Data security
Electrostatic precipitators
Hardware
IP networks
Local area networks
Payloads
Protocols
Virtual private networks
Title IPSec hardware resource requirements evaluation
URI https://ieeexplore.ieee.org/document/1431672
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NS8NAEB1qT3rxoxW_ycGjaTfZ3WR6FmsrtBS00FvZ3UxAhFbaFMFf7-4maVU8eJvkEHZJyLx5M-8twK3BnDIuMCSBSShQ6lBHPLcRaZTEe5EXiY3GyWAqnmZy1oC7rRaGiPzwGXVc6Hv52dJsHFXWjbxu2_5w9-xnVmq1tnwKkxb4IveVOTrXOMZqg536Oq3blKzXHT8OS0KleuaPw1V8bukfwqheVTlS8tbZFLpjPn8ZNv532UfQ3qn4gsk2Px1DgxYncPDNgLAF3eHkmUzglFcfakXBqiLzbeAmhD11uA52juBtmPYfXu4HYXWEQvhqcUHheryRiijlvcxIExE6bWkuVGwLP1Spickkma2RdKK5lpilFjBmCpkWtlJx6e0Umovlgs4gsNgCmcp5JA0TxBLFJaYxWXhl8pgwOYeW2_r8vXTJmFe7vvj79iXsexNUT2ZcQbNYbejapvdC3_j3-gV_gJ7V
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV09T8MwED1VZQAWPlrENxkYSWvHduLOiNJCW1WilbpVtnOREFKLSiokfj22k5QPMbBdMkS2Ivndvbv3DHBtZIYp4zJELuOQS6FDTVlmI9RSIOtQLxIbjuLelD_MxKwGNxstDCL64TNsudD38tOlWTuqrE29btseuFsW97ko1FobRoUIm_pK5mtz6XzjCKksdqrnpGpUkk57dN8vKJXyqz-uV_Ho0t2DYbWuYqjkpbXOdct8_LJs_O_C96H5peMLxhuEOoAaLg5h95sFYQPa_fETmsBpr97VCoNVSefbwM0Ie_LwLfjyBG_CtHs3ue2F5SUK4bPNDHLX5aWKYsI6qRGGonTq0oyryJZ-UiUmQhOntkrSsWZayDSxKWOqJNHc1ioO4I6gvlgu8BgCm11IojJGhSEcSayYkEmENsEyWYQyPoGG2_r8tfDJmJe7Pv379RVs9ybDwXzQHz2ewY63RPXUxjnU89UaLyzY5_rS_-NPCi6iIg
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2005+Next+Generation+Internet+Networks&rft.atitle=IPSec+hardware+resource+requirements+evaluation&rft.au=Ferrante%2C+A.&rft.au=Piuri%2C+V.&rft.au=Owen%2C+J.&rft.date=2005-01-01&rft.pub=IEEE&rft.isbn=9780780389007&rft.spage=240&rft.epage=246&rft_id=info:doi/10.1109%2FNGI.2005.1431672&rft.externalDocID=1431672
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9780780389007/lc.gif&client=summon&freeimage=true
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9780780389007/mc.gif&client=summon&freeimage=true
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=9780780389007/sc.gif&client=summon&freeimage=true