论文信息 - IPSec overhead in wireline and wireless networks for Web and email applications

IPSec overhead in wireline and wireless networks for Web and email applications

This paper focuses on characterizing the overhead of IP security (IPSec) for email and Web applications using a set of test bed configurations. The different configurations are implemented using both wireline and wireless network links. The testing considers different combinations of authentication algorithms and authentication protocols. Authentication algorithms include Hashed Message Authentication Code-Message Digest 5 (HMAC-MD5) and Hashed Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1). Authentication protocols include Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols. Triple Digital Encryption Standard (3DES) is used for encryption. Overhead is examined for scenarios using no encryption and no authentication, authentication and no encryption, and authentication and encryption. A variety of different file sizes are considered when measuring the overhead The results present a thorough analysis of the overhead of different IPSec configurations and provide practical guidance for choosing the IPSec configuration needed in a network environment.

Scott F. Midkiff | George C. Hadjichristofi | IV NathanielJ.Davis

[1] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.

[2] Stephen T. Kent,et al. Security Architecture for the Internet Protocol , 1998, RFC.

[3] David T. Marlow,et al. An Approach for Measuring IP Security Performance in a Distributed Environment , 1999, IPPS/SPDP Workshops.

[4] Naganand Doraswamy,et al. Ipsec: the new security standard for the internet , 1999 .

[5] Cheryl Madson,et al. The ESP DES-CBC Cipher Algorithm With Explicit IV , 1998, RFC.

[6] Cheryl Madson,et al. The Use of HMAC-MD5-96 within ESP and AH , 1998, RFC.

[7] Mike St. Johns. Identification Protocol , 1993, RFC.

[8] Ruby B. Lee,et al. Performance impact of data compression on virtual private network transactions , 2000, Proceedings 25th Annual IEEE Conference on Local Computer Networks. LCN 2000.

[9] Hugo Krawczyk,et al. HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[10] Casey Wilson,et al. Creating and Implementing Virtual Private Networks , 1999 .

[11] Steven M. Bellovin,et al. Problem Areas for the IP Security Protocols , 1996, USENIX Security Symposium.

[12] Stephen T. Kent,et al. IP Authentication Header , 1995, RFC.

[13] Dan Harkins,et al. The Internet Key Exchange (IKE) , 1998, RFC.

[14] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[15] Randall J. Atkinson,et al. IP Encapsulating Security Payload (ESP) , 1995, RFC.