IPSec Overhead in Wireline and Wireless Networks

Similar documents
Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Protocol Security Where?

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Securing IP Networks with Implementation of IPv6

Introduction to Security and PIX Firewall

Network Security Part II: Standards

An Experimental Study of Cross-Layer Security Protocols in Public Access Wireless Networks

Lecture 17 - Network Security

An Experimental Study on Wireless Security Protocols over Mobile IP Networks

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

21.4 Network Address Translation (NAT) NAT concept

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Security vulnerabilities in the Internet and possible solutions

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Chapter 9. IP Secure

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Laboratory Exercises V: IP Security Protocol (IPSec)

IP Security. Ola Flygt Växjö University, Sweden

Chapter 32 Internet Security

Ethernet. Ethernet. Network Devices

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Chapter 4 Virtual Private Networking

IP SECURITY (IPSEC) PROTOCOLS

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Lecture 10: Communications Security

Network Security. Lecture 3

Internet Protocol: IP packet headers. vendredi 18 octobre 13

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6

VPN. VPN For BIPAC 741/743GE

Chapter 10. Network Security

Internet Protocol Security IPSec

Virtual Private Networks: IPSec vs. SSL

The BANDIT Products in Virtual Private Networks

CS 4803 Computer and Network Security

CCNA Security 1.1 Instructional Resource

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Chapter 5. Data Communication And Internet Technology

IPv6 Security: How is the Client Secured?

Implementing and Managing Security for Network Communications

High Performance VPN Solutions Over Satellite Networks

Branch Office VPN Tunnels and Mobile VPN

EITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Communication Security for Applications

IPsec Details 1 / 43. IPsec Details

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Using IPSec in Windows 2000 and XP, Part 2

How To Analyze The Security On An Ipa Wireless Sensor Network

Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Chapter 8 Virtual Private Networking

VPN. Date: 4/15/2004 By: Heena Patel

ReadyNAS Remote White Paper. NETGEAR May 2010

IP address format: Dotted decimal notation:

Web Security Considerations

Computer Networks CS321

Computer and Network Security

Chapter 7 Transport-Level Security

First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

Corso di Network Security a.a. 2012/2013. Collection of some exercises on the second part of the course

Chapter 5: Network Layer Security

Keying Mode: Main Mode with No PFS (perfect forward secrecy) SA Authentication Method: Pre-Shared key Keying Group: DH (Diffie Hellman) Group 1

Virtual Private Networks

Site to Site Virtual Private Networks (VPNs):

Network Security TCP/IP Refresher

Influence of the TCP packet setting and encryption for data transfer in medical applications

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN

Understanding the Cisco VPN Client

IPsec VPN Application Guide REV:

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

z/os Firewall Technology Overview

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

A Transport Protocol for Multimedia Wireless Sensor Networks

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

Internetwork Security

Internet Security Architecture

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform

Background Implementation Setup MAC Layer Protocols: Hardware Configuration Higher Layer Protocols:

Application Note: Onsight Device VPN Configuration V1.1

Insecure network services

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

LES: Layered Encryption Security

ETSF10 Part 3 Lect 2

Final for ECE374 05/06/13 Solution!!

Secure SCTP against DoS Attacks in Wireless Internet

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Transcription:

IPSec Overhead in Wireline and Wireless Networks Hafeth Hourani hafeth.hourani@nokia.com 1 /Title/ 16.02.2004 hafeth.hourani@nokia.com T-79.300 Postgraduate Course in Theoretical Computer Science

IPSec Overview and Architecture Contents Thesis Under Study IPSec Overhead in Wireline and Wireless Networks Other Studies and Researches Performance Evaluation of Data Transmission Using IPSec/IPv6 Evaluation of IPSec-based Wireline VPN Evaluation of IPSec-based Wireless VPN Wireline vs. Wireless VPN IPSec Performance Overall Conclusions Appendices References 2 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Developed by IETF IPSec Overview IPSec can be used for Authentication Make sure that the packets are from the indicated user Confidentiality Protect the payload content Data Integrity Protect the IP packet against accidental or deliberate modifications Anti-Reply & Access Control Prevent reply attacks Network layer security IP packet level authentication/encryption (IP datagram protection) No need for application layer security solutions (TLS, SSL, HTTPS,..) IPSec is not a protocol, it is a security solution IPSec Suite 3 /Title/ 16.02.2004 hafeth.hourani@nokia.com

IPSec Architecture IPSec Architecture AH ESP Security Policy Authentication Algorithm Key Management Encryption Algorithm Domain of interoperation 4 /Title/ 16.02.2004 hafeth.hourani@nokia.com

IPSec implementation Transport Mode Protects the IP payload For end-to-end security Tunnel Mode IPSec Modes Protects the whole IP packet (header + payload) Used when the destination is not the end-point Considering the AH and ESP, four different combinations can exist: AH Transport Mode ESP Transport Mode AH Tunnel Mode ESP Tunnel Mode 5 /Title/ 16.02.2004 hafeth.hourani@nokia.com

6 /Title/ 16.02.2004 hafeth.hourani@nokia.com Thesis Under Discussion

About the Thesis Title: IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications By George C. Hadjichristofi In Faculty of Virginia Polytechnic Institute Date 2001 URL http://scholar.lib.vt.edu/theses/available/etd-11152001-181815/ 7 /Title/ 16.02.2004 hafeth.hourani@nokia.com

The research focused on: Research Goals The IPSec overhead introduced by using different combinations of IPSec policies and configurations ESP encryption and authentication vs. ESP encryption and AH authentication ESP authentication vs. AH authentication The overhead introduced by different authentication algorithms HMAC-MD5 vs. HMAC-SHA1 The network load overhead Compressed vs. Uncompressed files HTTP vs. SMTP protocol security overhead The IPSec overhead in Wireline vs. Wireless networks 8 /Title/ 16.02.2004 hafeth.hourani@nokia.com

File Edit Loc ate View H elp 500 400 300 200 100 0 1 2 3 4 5 6 7 Network Traffic E D C B A Mount 431 7437 1950 79% / 02 631963 Help 47358 93% /us File Edit Loc ate View H elp 500 400 300 200 100 0 1 2 3 4 5 6 7 Network Traffic E D C B A Mount 431 7437 1950 79% / 02 631963 Help 47358 93% /us Research Methodology: Configuration 1 Wireline testbed configuration 10 Mbps Ethernet LAN Server: Intel Celeron, 566 MHz, 128 MB Client: Pentium Pro, 200 MHz, 32 MB OS: RedHat Linux 7.0, kernel 2.2.16 FreeS/WAN IPSec client sniffer server Wireless testbed configuration 10 Mbps Ethernet LAN 2 Mbps IEEE 802.11 WLAN Wireless node: Pentium III, 1 GHz, 512 MB hub sniffer IPSec tunnel client Access point server hub IPSec tunnel 9 /Title/ 16.02.2004 hafeth.hourani@nokia.com

File E dit Locate View Help 500 400 300 200 100 0 1 2 3 4 5 6 7 Network Traffic E D C B A Mount 431 7437 1950 79% / 02 631963 Help 47358 93% /us File E dit Locate View Help 500 400 300 200 100 0 1 2 3 4 5 6 7 Network Traffic E D C B A Mount 431 7437 1950 79% / 02 631963 Help 47358 93% /us Research Methodology: Configuration 2 Wireline testbed configuration sniffer Wireless node client server hub Wireless testbed configuration hub IPSec tunnel sniffer Wireless node Access point client server hub hub IPSec tunnel 10 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Research Methodology: Test Scenarios Seven test scenarios were performed Combination of Authentication & Encryption with different algorithms Different file sizes Two protocols (HTTP & SMTP) 1) [null]-[null] 2) [AH-MD5]-[null] 3) [AH-SHA-1][null] 4) [ESP-MD5]-[ESP-3DES] 5) [ESP-SHA-1][ESP-3DES] 6) [AH-MD5][ESP-3DES] 7) [AH-SHA-1][ESP-3DES] 1 KB 10 KB 100 KB 1 MB 10 MB HTTP SMTP 11 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Number of Transactions From Server to Client (S2C) From Client to Server (C2S) Recorded Metrics Network Load => Throughput (bytes/sec) From Server to Client (S2C) From Client to Server (C2S) Transfer Time The time needed to transfer a file from the server to the client 12 /Title/ 16.02.2004 hafeth.hourani@nokia.com

1) Number of Transactions: Results Total number of transactions Increases as we go from [null][null] to [AH-SHA-1][ESP-3DES] But not for small files (1 KB & 10 KB)... Only for large files (100 KB, 1 MB, 10 MB) Same trend with SMTP 13 /Title/ 16.02.2004 hafeth.hourani@nokia.com

1) Number of Transactions: Analysis Facts: The Server is faster than the Client Connection-oriented scenarios Large files saturates the TCP buffers more than the small files The client needed to slow down the server continuously More control messages have been generated => More transactions when sending large files 14 /Title/ 16.02.2004 hafeth.hourani@nokia.com

2) Network Load : Results Network Load Network gets loaded more and more as we go from [null]-[null] to [AH-SHA-1][ESP- 3DES] Smaller files loads the network more than the bigger ones... Same trend with SMTP 15 /Title/ 16.02.2004 hafeth.hourani@nokia.com

2) Network Load : Analysis The Client is slower than the Server More control messages are needed Network get loaded Larger number of ACKs are needed to control the traffic flow for small files 16 /Title/ 16.02.2004 hafeth.hourani@nokia.com

3) Transfer Time: Results Transfer Time 17 /Title/ 16.02.2004 hafeth.hourani@nokia.com

3) Transfer Time: Analysis Again... The Client is slower than the Server and The transfer time increases because of the needed control message to control the data flow... 18 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Almost same as wireline results Wireless Case 19 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Thesis Conclusions [AH authentication & ESP encryption] results in a higher network load compared to [ESP authentication & ESP encryption] Network Load and Number of Transactions were the same for both the wireless and wireline environments In the wireless environment, the Transfer Time increases due to the additional overhead of the wireless link 20 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Thesis Critic (1/2) Quite Vague metrics Number of transactions What does this include? What is the transaction size? Network Load C2S vs. S2C Throughput should have been used instead of vague Network load... Transfer Time Most of the results can not be generalized Many un-identified HW and SW bottlenecks The MTU and its effect in the results was not studied quite well... 21 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Thesis Critic (2/2) The wireless transmission was not clear... No IPv6 consideration What about UDP... Personal Opinion: bad written thesis... 22 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Other Studies and Results This section is based on some literature research 23 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Performance Evaluation of Data Transmission Using IPSec over IPv6 Networks Ref[3] 24 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Overview and Test Configuration Evaluation system Host: Intel Pentium III 450 MHz, 128 MB OS: FreeBSD 2.2.8 Router Inter Pentium III 500 MHz, 256 MB OS: FreeBSD 2.28 The end-to-end throughput is evaluated in the following cases: Without IPSec Only with AH Only with ESP (3DES) With both AH and ESP TCP & UDP / IPv4 & IPv6 Test types Stream data For 60 minutes streaming- Request/Response Ping message Fast Ethernet 25 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Stream Data: TCP/IPSec Results MTU = 4 KB TCP socket buffers TCP_STREAM1 = 57,344 Bytes TCP_STREAM2 = 32,769 Bytes IPv4 End-to-End throughput With AH TP degrades ~ ½ With ESP TP degrades ~ ¼ Both AH & ESP TP degrades ~ < ¼ IPv6 26 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Stream Data: UDP/IPSec Results UDP socket buffer size = 32,768 bytes MTU UDP_STREAM1 = 4,096 bytes UDP_STREAM2 = 1,024 bytes IPv4 End-to-End throughput With AH TP degrades ~ 1/3 With ESP TP degrades ~ 1/9 Both AH & ESP TP degrades ~ < 1/9 When MTU is larger, the TP is better IPv6 27 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Request/Response : TCP & UDP Results Request/Response TCP_RR Request message = 1 byte Response message = 1 byte UDP_RR.1 Request message = 1 byte Response message = 1 byte UDP_RR.2 Request message = 512 bytes Response message = 4 bytes End-to-End throughput ESP TP > AH TP!! @ TCP_RR & UDP_RR.1 IPv4 IPv6 28 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Results Analysis: Stream Data TCP vs. UDP Without IPSec: TCP throughput is less than UDP throughput With IPSec: TCP throughput UDP throughput => The IPSec processing is much larger than both TCP and UDP The IPSec overhead dominates the difference between TCP and UDP AH vs. ESP AH throughput twice ESP throughput In stream data, the packet size is larger than the header length (basic IP + AH) The required processing for ESP is far larger than that for AH ESP vs. (AH/ESP) The processing of ESP dominates that of AH MTU Larger MTU less throughput 29 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Result Analysis: Request/Response Stream Data vs. Request/Response By applying IPSec; The throughput degradation with Request/Response data is less than Stream data The processing overhead of Request messages is far less than that of stream data 30 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Evaluation of IPSec-based Wireline VPN Ref[4] 31 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Test Bed Configuration Test setup Security tunnel is built using two VPN Routers SAMSUNG S3C4510, vlinux kernel 2.2.14 Client Pentium III, 850 MHz, Windows 2000 Server Pentium III, 850 MHz, Windows 2000 Two application protocols where evaluated FTP HTTP VPN Router VPN Router Client IPSec tunnel Server 32 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Results 800 FTP 700 800 700 HTTP 1 MB 10 MB throughput (Kbps) 600 500 400 300 200 1 MB 10 MB 100 MB throughput (Kbps) 600 500 400 300 200 100 MB 100 0 none AH- MD5 AH- SHA-1 ESP- Null- MD5 ESP- Null- SHA-1 ESP- DES- Null ESP- 3DES- Null ESP- DES- MD5 ESP- DES- SHA-1 ESP- 3DES- MD5 ESP- 3DES- SHA-1 100 0 none AH- MD5 AH- SHA-1 ESP- Null- MD5 ESP- Null- SHA-1 ESP- DES- Null ESP- 3DES- Null ESP- DES- MD5 ESP- DES- SHA-1 ESP- 3DES- MD5 ESP- 3DES- SHA-1 33 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Analysis Largest throughput degradation comes with [ESP-3DES-SHA-1] ~ 90 % compared to the [null] IPSec throughput is almost the same for both FTP and HTTP The end-to-end throughput will not be affected by the upper layer protocols In other words... The data type and payload will not have any influence in IPSec throughput 34 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Evaluation of IPSec-based Wireless VPN Ref[5] 35 /Title/ 16.02.2004 hafeth.hourani@nokia.com

36 /Title/ 16.02.2004 hafeth.hourani@nokia.com Test Bed Configuration Test setup Clients Intel PC, RedHat Linux 6.2, kernel 2.2.16 Mobile Nodes Apple 4G computers, OS9 IPSec Gateway Pentium 1, 32 MB, FreeS/WAN 1.5 Base Stations : IEEE 802.11 Wireless LAN Base station (hugs) : ~5 meters away from the mobile nodes Base station (kisses): ~25 meters away from the mobile nodes => The signal strength of kisses is 150% higher than that of hugs client client client IPSec Gateway LAN BS: hugs BS: kisses Mobile node Mobile node

Results (1/2) Throughput The UDP throughput of kisses and hugs is about the same The gap increases for larger packet sizes Packet Loss The signal from hugs is weaker than kisses When the packet size increase, the loss rate increases as well With IPSec [ESP-?] 37 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Results (2/2) TCP throughput without IPSec is about 3 times that with IPSec When packet size increased from 1 KB to 1.5 KB TCP TP increased for the connection via kisses TCP TP decreased for the connection via hugs => For different signal strength, TCP has different optimal => strong signal strength supports larger optimal packet size With IPSec [ESP-?] 38 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Analysis UDP UDP Packet loss favors small packet sizes UDP throughout favors strong signals and large packet size TCP There exist an optimal packet size for highest throughput 39 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Wireline vs. Wireless VPN IPSec performance Ref[6] 40 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Test Bed Configuration Client Windows 2000, 11 Mbps wireless connection Server Windows 2000, 100 Mbps wireless connection 41 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Test Results For wired connection ~ 4.5% throughput degradation for TCP ~ 8.5% throughput degradation for UDP For wireless connection ~ 7% throughput degradation for TCP ~ 20% throughput degradation for UDP 10 9 8 throughput (MBps) 7 6 5 4 3 2 1 TCP UDP 0 42 /Title/ 16.02.2004 hafeth.hourani@nokia.com non-encrypted wired encrypted wired non-encrypted wireless encrypted wireless

43 /Title/ 16.02.2004 hafeth.hourani@nokia.com Overall Conclusions

Conclusions (1/2) Without IPSec, TCP throughput is less than that of UDP (with no IPSec) With IPSec, the gap between TCP and UDP throughputs vanishes IPSec processing overhead is dominant to TCP and UDP overheads IPSec/IPv4 exhibits the same throughput as IPSec/IPv6 For streaming data, the AH throughput is almost twice that of ESP The overhead of ESP is larger than that of AH For the streaming data; larger MTU results in less throughput By applying IPSec, the throughput degradation with Request/Response data is less than streaming data The processing overhead of the Request/Response messages is far less than that of streaming data 44 /Title/ 16.02.2004 hafeth.hourani@nokia.com

Conclusions (2/2) The [ESP-3DES-SHA-] causes the largest throughput degradation amongst other IPSec scenarios The IPSec throughout is independent than upper layer protocols In wireless environment, there exist an optimal TCP packet size for the highest throughput as a function of wireless signal strength In wireless environment, the UDP throughput degradation is higher than that of TCP 45 /Title/ 16.02.2004 hafeth.hourani@nokia.com

46 /Title/ 16.02.2004 hafeth.hourani@nokia.com Appendices

IPSec Extension Headers: ESP Encapsulation Security Protocol Provides confidentiality 0 7 15 23 31 Security Parameter Index (SPI) Sequence Number Initialization Vector + Protected Data (variable) Padding Pad length Authentication Data Next Header Transport Mode ESP Original IP header TCP/UDP Data Original IP header ESP header TCP/UDP Data ESP trailer ESP Authentication Tunnel Mode ESP Encrypted Authenticated New IP header 47 /Title/ 16.02.2004 hafeth.hourani@nokia.com ESP header Original IP header TCP/UDP Data ESP trailer ESP Authentication Encrypted Authenticated Back Back

IPSec Extension Headers: AH Authentication Header Provides the services of authentication and data integrity Next Header Payload length Reserved Security Parameter Index (SPI) Sequence number Authentication data Original IP header TCP/UDP Data Transport Mode AH Original IP header AH TCP/UDP Data Authenticated Tunnel Mode AH New IP header AH Original IP header TCP/UDP Data Authenticated 48 /Title/ 16.02.2004 hafeth.hourani@nokia.com Back Back

Authentication & Encryption Algorithms Authentication Algorithms MAC Used by the two parties to validate the exchanged messages MD5 An algorithm that takes as input a message of any length, and produces as an output a 128-bits message digest of the input SHA-1 An algorithm that takes as input a message of any length, and produces as an output a 160-bits authenticator value Encryption Algorithms DES A symmetric key encryption method. It uses 56-bit key and them breaks the message into 64-bits blocks and encrypts them 3DES Triple-DES. Three keys are involved in the operation 49 /Title/ 16.02.2004 hafeth.hourani@nokia.com Back Back

IPSec Management Key Management IKE (Internet Key Exchange) Protocol used to negotiate the cryptographic keys used by IPSec Security Policy AS (Security Association) A contract between two IPSec peers. It defines the security services that will be used SAD (Security Association Database) A database containing all SA s that are currently established SPD (Security Policy Database) Contains the defined security policies to be enforced for any SA Domain of Interoperations Parameters used and negotiated by different peers 50 /Title/ 16.02.2004 hafeth.hourani@nokia.com Back Back

Abbreviations 3DES Triple-DES AH Authenticated Header DES Data Encryption Standard ESP Encapsulated Security Protocol HMAC keyed-hashing Message Authentication Code HTTP HyperText Transfer Protocol ICV Integrity Check Value IKE Internet Key Exchange ISAKMP Internet Security Association and Key Management Protocol MAC Message Authentication Code MD5 Message Digest 5 MTU Maximum Transfer Unit SHA Secured Hash Algorithm SMTP Simpel Message Transfer Protocol VPN Virtual Private Network 51 /Title/ 16.02.2004 hafeth.hourani@nokia.com

References [1] George C. Hadjichristofi, MSc. thesis, IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications [2] Hadjichristofi, G.C.; Davis, N.J., IV; Midkiff, S.F.; IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications, Performance, Computing, and Communications Conference, 2003. Conference Proceedings of the 2003 IEEE International, 9-11 April 2003 Pages:543-547 [3] S. Ariga, et. al, Performance Evaluation of Data Transmission Using IPSec over IPv6 Networks, URL: http://www.isoc.org/inet2000/cdproceedings/1i/1i_1.htm, 10.2.2004 [4] Jin-Cherng Lin; Ching-Tien Chang; Wei-Tao Chung; Design, implementation and performance evaluation of IP-VPN, Advanced Information Networking and Applications, 2003. AINA 2003. 17th International Conference on, 27-29 March 2003 Pages:206-209 [5] Wei Qu; Srinivas, S.; IPSec-based secure wireless virtual private network ; MILCOM 2002. Proceedings, Volume: 2, 7-10 Oct. 2002,Pages:1107-1112 vol.2 [6] Jeff Custard; Wireless VPN Performance Tests ; URL: http://www.scd.ucar.edu/nets/projects/wireless/performance.tests.vpn.html, 12.2.2004 [7] Alain Jourez; An IPsec Primer, URL: http://www.iihe.ac.be/scimitar/j1000/ipsec/, 12.2.2004 52 /Title/ 16.02.2004 hafeth.hourani@nokia.com

53 /Title/ 16.02.2004 hafeth.hourani@nokia.com Thank You!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information