Imposed processing overheads via IP secure route
Daabaj, K. and Sijuk, H. (2006) Imposed processing overheads via IP secure route. In: 4th Libyan Arab International Conference on Electrical and Electronic Engineering (LAICEEE 2006), 20 - 23 March, Tripoli, Libya
As the Internet covers the entire globe, it becomes an information infrastructure for everyone, not just for scientists or professionals. Therefore, the next generation Internet must achieve secure, scalable, and liable infrastructure for data transmission. Network security has always been a significant issue, but a recognized priority today due to the popular of internet. The issue is not if security should be implemented on a network; rather, the question to ask is if security has been implemented properly and the interoperability with today’s network architecture. Although there are various ways to perform a secure network environment, but the most popular and the most progressive network security mechanism is Security Architecture for IP (IPSec), offered by IETF (Internet Engineering Task Force). IPSec comprises a core protocol suite for such transmission. In other words, IPSec technology provides essential functions for reliable and secure data exchange over the Internet. IPSec is a framework of open standards for ensuring secure private communications over IP networks. IPSec VPNs (Virtual Private Networks) use the services defined within IPSec to ensure confidentiality, integrity, and authenticity of data communications across public networks, such as the Internet. The security services within IPSec are provided by one of two protocols, the Authentication Header (AH) and the Encapsulating Security Payload (ESP). Each protocol provides certain services and may be used separately or together, although it is not usually necessary to use both protocols together. Such security guarantees provide the motivation for IPSec deployment. This security does, however, come at a performance cost brought about by the increased processing overheads. For large data transmissions, when the AH and the encryption ESP overheads are applied, it was found that the throughput degrades to about 1/9 compared to the throughput without AH or ESP. This paper presents an investigation into the employed overheads to establish security. In particular, this investigation will consider LAN-to-LAN overhead for IPSec deployments and seek to establish a relationship between this overhead and the number of applications being serviced. The performance of data transmission with the IPSec over IPv4 networks using an ordinary PC platform is also dealt with in this paper. The performance was evaluated using stream data transmission and request/response data transmission.
|Publication Type:||Conference Paper|
|Item Control Page|