A study of the relative costs of network security protocols (2002) [23 citations — 10 self]
Abstract:
While the benefits of using IPsec to solve a significant number of network security problems are well known and its adoption is gaining ground, very little is known about the communication overhead that it introduces. Quantifying this overhead will make users aware of the price of the added security, and will assist them in making well-informed IPsec deployment decisions. In this paper, we investigate the performance of IPsec using micro- and macro-benchmarks. Our tests explore how the various modes of operation and encryption algorithms affect its performance and the benefits of using cryptographic hardware to accelerate IPsec processing. Finally, we compare against other secure data transfer mechanisms, such as SSL, scp(1), and sftp(1). 1
Citations
| 834 | Security Architecture for the Internet Protocol", RFC 2401 – Kent, Atkinson - 1998 |
| 48 | Architecture and Implementation of Network-layer Security Under Unix – Ioannidis, Blaze - 1993 |
| 32 | The Internet Key Exchange (IKE). Request for Comments (Proposed Standard) 2409, Internet Engineering Task Force – Harkins, Carrel - 1998 |
| 22 | The TLS protocol version 1.0,” Request for Comments 2246, Internet Engineering Task Force – Dierks, Allen - 1999 |
| 19 | IP Encapsulating Security Payload (ESP),” Request for Comments 2406 – KENT, ATKINSON - 1998 |
| 16 | Implementing IPsec – Keromytis, Ioannidis, et al. - 1948 |
| 8 | IP authentication header. Request for Comments (Proposed Standard – Atkinson - 1995 |
| 7 | Implementing Internet Key Exchange (IKE – Hallqvist, Keromytis - 2000 |
