Performance comparison of IPsec and TLS based VPN technologies

Kotuliak, Ivan; Rybar, P.; Truchly, Peter

doi:10.1109/iceta.2011.6112567

Cited by 31 publications

(22 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This security provision involves creating a secure connection or tunnel between two endpoints (client and server). To create this tunnel, IPsec has to use a handshake protocol called Internet Key Exchange (IKE) to establish the connection so that endpoints can securely send IP packets [7]. IPsec significantly provide information integrity, authentication and data encryption [17].…”

Section: Overview Of Ip Securitymentioning

confidence: 99%

“…Moreover, for IPsec to achieve these functionalities it requires using two protocols; Authentication Header (AH) and Encapsulating Security Payload (ESP) [1] [15]. IPsec is client/server protocol that set to only ship data between VPN endpoints [7]. IPsec is used in two fashions, tunnel mode or transport mode and each IPsec security protocol has a transport mode and tunnel mode.…”

Section: Overview Of Ip Securitymentioning

confidence: 99%

See 1 more Smart Citation

Performance Evaluation of IPSEC-VPN on Debian Linux Environment

Jerome¹

2019

IJCA

View full text Add to dashboard Cite

Cyberspace has gotten a great favour from the general public in recent times. Affordability of infrastructure and globalization are believed to be the main drivers. This development resulted to lots of business enterprises to conceive a secure Virtual Private Network (VPN). Internet Protocol Security (IPSEC) which is one of the most widely used and deployed VPN tunneling Protocol in today's networks. However, it is extremely difficult for one to find out the information about its performances comparatively with different encryption algorithms. In this research, the performance differences were evaluated through empirical observation. The experimental analysis was done on Debian Linux environment by implementing IPsec tunneling protocol with different encryption algorithms. Encryption algorithms are used to encrypt data so it cannot be read or modify by a third-party while in transit. Triple Data Encryption Standard (TDES/3DES) and Advance Encryption Standard (AES) are the encryption algorithms used in this research. The study concluded that IPSec AES-sha1 provides fair and reasonable performance compare to IPSec 3DES-sha1. Also, the research indicated that encryption/decryption of VPN UDP (User Datagram Protocol) traffic requires large amount of CPU and memory and that contributed to performance degradation.This section discussed the principle of how VPN and IPsec work considering their security features.

show abstract

Section: Overview Of Ip Securitymentioning

confidence: 99%

Section: Overview Of Ip Securitymentioning

confidence: 99%

Performance Evaluation of IPSEC-VPN on Debian Linux Environment

Jerome¹

2019

IJCA

View full text Add to dashboard Cite

show abstract

“…This numerical study evaluates four scenarios (ω 1 − ω 4 ) whose values are presented in Table II including access indices of objects o 1 and o 2 associated with s 1 (α s1,o1 and α s1,o2 ) and s 2 (α s2,o1 and α s2,o2 ), the normalized number of attacks of each threat (Υ[T Table III (at the top of the next page) which are synthesized from data in [16]- [18], [25] and parameters in Table II. TABLE III BENEFIT VALUES OF ACCESS PERMISSIONS ( βs,o,p,z,ω ) AND SECURITY CONTROLS (βo,c,v,z,ω ).…”

Section: A Numerical Studymentioning

confidence: 99%

“…Security setting v 2 of the VPN control (c 1 ) is allocated to both objects in every contextual state due to its higher effectiveness than v 1 as shown in Table I e.g. a TLS-based VPN server using 256-bit AES keys (v 2 ) is more secure than a PPTP-based VPN server (v 1 ) [25]. In contrast, although the effectiveness of v 2 of the lock screen control (c 3 ) is lower than that of v 1 , v 2 is applied to both objects in every contextual state e.g.…”

Section: A Numerical Studymentioning

confidence: 99%

From Reactionary to Proactive Security: Context-Aware Security Policy Management and Optimization under Uncertainty

Chaisiri

2016

2016 IEEE Trustcom/BigDataSE/Ispa

View full text Add to dashboard Cite

Abstract-At the core of its nature, security is a highly contextual and dynamic challenge. However, current security policy approaches are usually static, and slow to adapt to ever-changing requirements, let alone catching up with reality. In a 2012 Sophos survey, it was stated that a unique malware is created every half a second. This gives a glimpse of the unsustainable nature of a global problem; any improvement in terms of closing the "time window to adapt" would be a significant step forward. To exacerbate the situation, a simple change in threat and attack vector or even an implementation of the so-called "bring-your-owndevice" paradigm will greatly change the frequency of changed security requirements and necessary solutions required for each new context. Current security policies also typically overlook the direct and indirect costs of implementation of policies. As a result, technical teams often fail to have the ability to justify the budget to the management, from a business risk viewpoint. This paper considers both the adaptive and cost-benefit aspects of security, and introduces a novel context-aware technique for designing and implementing adaptive, optimized security policies. Our approach leverages the capabilities of stochastic programming models to optimize security policy planning, and our preliminary results demonstrate a promising step towards proactive, contextaware security policies.

show abstract

“…VPN technology that we propose for protection could be implemented using different protocols. Performance of two most common, IPsec and TLS, are compared in [13].…”

Section: Related Workmentioning

confidence: 99%

Security analysis of user mobility in triple-play systems

Mrdović

Raca

Turbic

2014

2014 X International Symposium on Telecommunications (BIHTEL)

View full text Add to dashboard Cite

Users of triple-play systems expect to be able to use their services on different locations. That opens an issue of extending security to include mobile triple-play users. Mobile users need to authenticate to the system and vice-versa. Users expect confidentiality of their communications. Content providers request copyrights to be respected. Protocols for session control, SIP. and media transfer, RTP, have their secured versions, SIPS and RTSP. That solution would require multiple protocols and keys and would be a burden on users and system administrators.This paper proposes an architecture that uses IMS to provide services and VPN to secure them. IMS provides convenience of user mobility. VPN provides authentication, confidentiality and integrity. Additional security provided by VPN does not translate to additional work for users, It is completely transparent for them. Proposed design is implemented and tested. IMS with different services was available, through VPN, to mobile users connected to the Internet with different devices and connections. The testing confirmed security and usability for mobile users.

show abstract

Performance comparison of IPsec and TLS based VPN technologies

Cited by 31 publications

References 3 publications

Performance Evaluation of IPSEC-VPN on Debian Linux Environment

Performance Evaluation of IPSEC-VPN on Debian Linux Environment

From Reactionary to Proactive Security: Context-Aware Security Policy Management and Optimization under Uncertainty

Security analysis of user mobility in triple-play systems

Contact Info

Product

Resources

About