IPSec overhead in wireline and wireless networks for Web and email applications

Hadjichristofi, George; Davis, Nathaniel J.; Midkiff, Scott F.

doi:10.1109/pccc.2003.1203741

Cited by 20 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IPSec was the focus of work in [14], where the authors examined the ESP and AH encapsulation overheads. However, a comprehensive picture of IPSec overheads was not presented because the performance penalty associated with the IKE process was not examined.…”

Section: Related Workmentioning

confidence: 99%

IPSec: Performance Analysis and Enhancements

Shue¹,

Gupta²,

Myers³

2007

2007 IEEE International Conference on Communications

View full text Add to dashboard Cite

Internet Protocol Security (IPSec) is a widely deployed mechanism for implementing Virtual Private Networks (VPNs). In previous work, we examined the overheads incurred by an IPSec server in a single client setting. In this paper, we extend that work by examining the scaling of a VPN server in a multiple client environment and by evaluating the effectiveness of connection credential caching. Motivated by the potential benefits of caching, we also propose a cryptographically secure cache resumption protocol for IPSec connections to reduce the connection establishment overheads.

show abstract

Section: Related Workmentioning

confidence: 99%

IPSec: Performance Analysis and Enhancements

Shue¹,

Gupta²,

Myers³

2007

2007 IEEE International Conference on Communications

View full text Add to dashboard Cite

show abstract

“…Due to the rigid requirement of pre-existing credentials, they are difficult to deploy. In the meantime, they all bear heavy overheads [7,8] in Security Association (SA) management, heavy cryptographic check, and maintaining per-flow states. Similarly, the visa protocols [9] use encryption and data signatures to authenticate a flow of packets.…”

Section: Related Workmentioning

confidence: 99%

LIPS: A lightweight permit system for packet source origin accountability

Yang

Choi

2006

Computer Networks

View full text Add to dashboard Cite

“…Note that not all hosts will be allowed to access H 2 . A security policy at H 2 is checked to determine if H 2 accepts this permit request 4 . If it does, it generates an access permit (H 2 's DAP for H 1 ), containing a secure hash value generated based on a secret hash key of H 2 and a plain hash message about H 1 (e.g., H 1 's IP address).…”

Section: Basics Of Lips Architecturementioning

confidence: 99%

“…They require a shared key to be established between access control servers on a per-source-destination basis. Similarly, IPsec and VPNs establish shared keys to secure end-to-end communications with known overheads [4]. Several traceback schemes were proposed to track down attacking sources, such as IP traceback.…”

Section: Introductionmentioning

confidence: 99%

LIPS: Lightweight Internet Permit System for Stopping Unwanted Packets

Choi

Yang

2005

NETWORKING 2005. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile A

View full text Add to dashboard Cite

Abstract. In this paper, we propose a Lightweight Internet Permit System (LIPS) that provides a lightweight, scalable packet authentication mechanism for ensuring traffic-origin accountability. LIPS is a simple extension of IP, in which each packet carries an access permit issued by its destination host or gateway, and the destination verifies the access permit to determine if a packet is accepted or dropped. We will first present the design and the prototype implementation of LIPS on Linux 2.4 kernel. We then use analysis, simulations, and experiments to show how LIPS can effectively prevent protected critical servers and links from being flooded by unwanted packets with negligible overheads. We propose LIPS as an domain-to-domain approach to stop unwanted attacks, without requiring broad changes in backbone networks as other approaches. Therefore, LIPS is incrementally deployable in a large scale on common platforms with minor software patches.

show abstract

IPSec overhead in wireline and wireless networks for Web and email applications

Cited by 20 publications

References 9 publications

IPSec: Performance Analysis and Enhancements

IPSec: Performance Analysis and Enhancements

LIPS: A lightweight permit system for packet source origin accountability

LIPS: Lightweight Internet Permit System for Stopping Unwanted Packets

Contact Info

Product

Resources

About