NETWORK STACK OPTIMIZATION FOR IMPROVED IPSEC PERFORMANCE ON LINUX

被引:0
作者
Iatrou, Michael G. [1 ]
Voyiatzis, Artemios G. [1 ]
Serpanos, Dimitrios N. [1 ]
机构
[1] Univ Patras, Dept Elect & Comp Engn, GR-26504 Patras, Greece
来源
SECRYPT 2009: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY | 2009年
关键词
IPsec; Performance; Petworking; Security; Linux;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Virtual Private Network (VPN) connectivity is a necessity in the public Internet, for accessing in a secure fashion private resources from anywhere. Internet Protocol Security (IPsec) is a standardized VPN technology for serving multiple connectivity scenarios. Implementation of cryptography is widely considered as a performance bottleneck and a target for optimization. We present a set of system configuration optimizations for the Linux 2.6 kernel network stack implementation, supported by extensive measurements. These optimizations achieve significant throughput gains. Our work demonstrates that comparable performance between plain IP and IPsec connections is possible without altering the implementation of the cryptographic algorithms.
引用
收藏
页码:83 / 91
页数:9
相关论文
共 50 条
  • [31] A Performance Evaluation of IPsec with Post-Quantum Cryptography
    Bae, Seungyeon
    Chang, Yousung
    Park, Hyeongjin
    Kim, Minseo
    Shin, Youngjoo
    INFORMATION SECURITY AND CRYPTOLOGY - ICISC 2022, 2023, 13849 : 249 - 266
  • [32] Redesigning of IPSec for interworking with Satellite Performance Enhancing Proxies
    Bhutta, Muhammad Nasir Mumtaz
    Cruickshank, Haitham
    Ashworth, John
    Moseley, Martin
    2011 6TH INTERNATIONAL ICST CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA (CHINACOM), 2011, : 1104 - 1109
  • [33] RSA Encryption Algorithm Optimization to Improve Performance and Security Level of Network Messages
    Meneses, Fausto
    Fuertes, Walter
    Sancho, Jose
    Salvador, Santiago
    Flores, Daniela
    Aules, Hernan
    Castro, Fidel
    Torres, Jenny
    Miranda, Alba
    Nuela, Danilo
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2016, 16 (08): : 55 - 62
  • [34] IPSec overhead analysis in dual stack IPv4/IPv6 transition mechanisms
    Mujinga, A
    Muyingi, H
    Rao, GSVRK
    8TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS 1-3: TOWARD THE ERA OF UBIQUITOUS NETWORKS AND SOCIETIES, 2006, : U686 - U691
  • [35] IPsec-Based VoIP Performance in WLAN Environments
    Sung, Ya-Chin
    Lin, Yi-Bing
    IEEE INTERNET COMPUTING, 2008, 12 (06) : 77 - 82
  • [36] Performance Of MANET With IPSec Under Jelly Fish Attack
    Rahman, Fatin Hamadah
    Au, Thien-Wan
    Suhaili, Wida Susanty
    Liu, Yan
    PROCEEDINGS OF THE 2017 2ND JOINT INTERNATIONAL INFORMATION TECHNOLOGY, MECHANICAL AND ELECTRONIC ENGINEERING CONFERENCE (JIMEC 2017), 2017, 62 : 265 - 268
  • [37] Implementation and Performance Evaluation of IPSec VPN Based on Netfilter
    ZHAO Da-yuan
    WuhanUniversityJournalofNaturalSciences, 2005, (01) : 98 - 102
  • [38] Analysis of IPSEC services and their integration in an IP virtual private network
    Achemlal, M
    Laurent, M
    ANNALES DES TELECOMMUNICATIONS-ANNALS OF TELECOMMUNICATIONS, 2000, 55 (7-8): : 313 - 323
  • [39] ROLE OF CODEC SELECTION ON THE PERFORMANCE OF IPSEC SECURED VOIP
    Antwi-Boasiako, Emmanuel
    Kuada, Eric
    Boakye-Boateng, Kwasi
    2016 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI), 2016, : 2508 - 2514
  • [40] Optimization of the Stack Unit in a Thermoacoustic Refrigerator
    Zolpakar, Nor Atiqah
    Mohd-Ghazali, Normah
    Ahmad, Robiah
    HEAT TRANSFER ENGINEERING, 2017, 38 (04) : 431 - 437
12345