Optimizations for high-performance IPsec execution

Michael G. Iatrou, Artemios G. Voyiatzis, Dimitrios N. Serpanos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The requirement for accessing, through the public Internet, private resources in a secure fashion from anywhere has turned Virtual Private Network (VPN) connectivity into a necessity. Internet Protocol Security (IPsec) is the de facto standardized VPN technology with support for multiple connectivity scenarios. The cryptographic transformations of IPsec are widely considered as a performance bottleneck and the usual target for optimization. We present a set of system conguration optimizations on Linux that achieve signicant throughput gains, supported by extensive measurements. Our work demonstrates that IPsec performance can be significantly improved without altering the implementation of the cryptographic algorithms.

Original languageEnglish
Title of host publicationCommunications in Computer and Information Science
Pages199-211
Number of pages13
Volume130 CCIS
DOIs
Publication statusPublished - 1 Dec 2011
Externally publishedYes
Event6th International Joint Conference on e-Business and Telecommunications, ICETE 2009 - Milan, Italy
Duration: 7 Jul 200910 Jul 2009

Publication series

NameCommunications in Computer and Information Science
Volume130 CCIS
ISSN (Print)18650929

Other

Other6th International Joint Conference on e-Business and Telecommunications, ICETE 2009
CountryItaly
CityMilan
Period7/7/0910/7/09

Fingerprint

Internet protocols
Virtual private networks
Throughput
Internet

Keywords

  • IPsec
  • Networking
  • Performance
  • Protocol optimization
  • Security

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Iatrou, M. G., Voyiatzis, A. G., & Serpanos, D. N. (2011). Optimizations for high-performance IPsec execution. In Communications in Computer and Information Science (Vol. 130 CCIS, pp. 199-211). (Communications in Computer and Information Science; Vol. 130 CCIS). https://doi.org/10.1007/978-3-642-20077-9_14

Optimizations for high-performance IPsec execution. / Iatrou, Michael G.; Voyiatzis, Artemios G.; Serpanos, Dimitrios N.

Communications in Computer and Information Science. Vol. 130 CCIS 2011. p. 199-211 (Communications in Computer and Information Science; Vol. 130 CCIS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Iatrou, MG, Voyiatzis, AG & Serpanos, DN 2011, Optimizations for high-performance IPsec execution. in Communications in Computer and Information Science. vol. 130 CCIS, Communications in Computer and Information Science, vol. 130 CCIS, pp. 199-211, 6th International Joint Conference on e-Business and Telecommunications, ICETE 2009, Milan, Italy, 7/7/09. https://doi.org/10.1007/978-3-642-20077-9_14
Iatrou MG, Voyiatzis AG, Serpanos DN. Optimizations for high-performance IPsec execution. In Communications in Computer and Information Science. Vol. 130 CCIS. 2011. p. 199-211. (Communications in Computer and Information Science). https://doi.org/10.1007/978-3-642-20077-9_14
Iatrou, Michael G. ; Voyiatzis, Artemios G. ; Serpanos, Dimitrios N. / Optimizations for high-performance IPsec execution. Communications in Computer and Information Science. Vol. 130 CCIS 2011. pp. 199-211 (Communications in Computer and Information Science).
@inproceedings{caae01b0c28e481485cc0149c82d6e01,
title = "Optimizations for high-performance IPsec execution",
abstract = "The requirement for accessing, through the public Internet, private resources in a secure fashion from anywhere has turned Virtual Private Network (VPN) connectivity into a necessity. Internet Protocol Security (IPsec) is the de facto standardized VPN technology with support for multiple connectivity scenarios. The cryptographic transformations of IPsec are widely considered as a performance bottleneck and the usual target for optimization. We present a set of system conguration optimizations on Linux that achieve signicant throughput gains, supported by extensive measurements. Our work demonstrates that IPsec performance can be significantly improved without altering the implementation of the cryptographic algorithms.",
keywords = "IPsec, Networking, Performance, Protocol optimization, Security",
author = "Iatrou, {Michael G.} and Voyiatzis, {Artemios G.} and Serpanos, {Dimitrios N.}",
year = "2011",
month = "12",
day = "1",
doi = "10.1007/978-3-642-20077-9_14",
language = "English",
isbn = "9783642200762",
volume = "130 CCIS",
series = "Communications in Computer and Information Science",
pages = "199--211",
booktitle = "Communications in Computer and Information Science",

}

TY - GEN

T1 - Optimizations for high-performance IPsec execution

AU - Iatrou, Michael G.

AU - Voyiatzis, Artemios G.

AU - Serpanos, Dimitrios N.

PY - 2011/12/1

Y1 - 2011/12/1

N2 - The requirement for accessing, through the public Internet, private resources in a secure fashion from anywhere has turned Virtual Private Network (VPN) connectivity into a necessity. Internet Protocol Security (IPsec) is the de facto standardized VPN technology with support for multiple connectivity scenarios. The cryptographic transformations of IPsec are widely considered as a performance bottleneck and the usual target for optimization. We present a set of system conguration optimizations on Linux that achieve signicant throughput gains, supported by extensive measurements. Our work demonstrates that IPsec performance can be significantly improved without altering the implementation of the cryptographic algorithms.

AB - The requirement for accessing, through the public Internet, private resources in a secure fashion from anywhere has turned Virtual Private Network (VPN) connectivity into a necessity. Internet Protocol Security (IPsec) is the de facto standardized VPN technology with support for multiple connectivity scenarios. The cryptographic transformations of IPsec are widely considered as a performance bottleneck and the usual target for optimization. We present a set of system conguration optimizations on Linux that achieve signicant throughput gains, supported by extensive measurements. Our work demonstrates that IPsec performance can be significantly improved without altering the implementation of the cryptographic algorithms.

KW - IPsec

KW - Networking

KW - Performance

KW - Protocol optimization

KW - Security

UR - http://www.scopus.com/inward/record.url?scp=84872118307&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84872118307&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-20077-9_14

DO - 10.1007/978-3-642-20077-9_14

M3 - Conference contribution

AN - SCOPUS:84872118307

SN - 9783642200762

VL - 130 CCIS

T3 - Communications in Computer and Information Science

SP - 199

EP - 211

BT - Communications in Computer and Information Science

ER -