research-article

Recommendations for IPsec Configuration on Homenet and M2M Devices

Authors:

Daniel Migault,

Daniel Palomares,

Tobias Guggemos,

Aurelien Wally,

Maryline Laurent,

Jean Philippe WaryAuthors Info & Claims

Q2SWinet '15: Proceedings of the 11th ACM Symposium on QoS and Security for Wireless and Mobile Networks

Pages 9 - 17

https://doi.org/10.1145/2815317.2815323

Published: 02 November 2015 Publication History

Abstract

Although there is a strong need to deploy secure communications in home networks and for Machine-to-Machine (M2M) environment, to our knowledge the impact of authenticated encryption migration has not been evaluated yet. As the security performance issue is especially critical for wireless environment, this paper measures the effect of the security settings on the Quality of Service (QoS) for encrypted communications in a home network environment. Security settings include different configurations of IPsec tested over several hardware platforms. The QoS is evaluated based on CPU time and elapsed time for downloading different sized files.

References

[1]

Advanced Encryption Standard (AES). Federal Information Processing Standards Publication 197, National Institute of Standards and Technology (NIST), Nov. 2001.

[2]

ARM1176. URL: http://www.arm.com/products/processors/classic/arm11/arm1176.php.

[3]

M. Dworkin. Recommendation for Block Cipher Modes of Operation: Methods and Techniques: The CCM Mode for Authentication and Confidentiality, 2004.

[4]

M. Dworkin. Recommendation for Block Cipher Modes of Operation: Methods and Techniques: Galois/Counter Mode (GCM) for Confidentiality and Authentication, 2007.

[5]

Latitude E6410 Laptop. URL: http://www.dell.com/us/business/p/latitude-e6410/pd.

[6]

S. Farrell. Why pervasive monitoring is bad. Internet Computing, IEEE, 18(4):4--7, July 2014.

[7]

S. Farrell and H. Tschofenig. Pervasive Monitoring Is an Attack. RFC 7258 (Best Current Practice), May 2014.

[8]

V. Gopal, W. Feghali, J. Guilford, E. Ozturk, G. Wolrich, M. Dixon, M. Lochtyuhin, and M. Perminov. Fast Cryptographic Computation on Intel Architecture Processors via Function Stiching. White paper, Intel, Apr. 2010.

[9]

J. Granjal, J. S. Silva, E. Monteiro, and F. Boavida. Why is IPSec a viable option for wireless sensor networks. In Mobile Ad Hoc and Sensor Systems, 2008. MASS 2008. 5th IEEE International Conference on, pages 802--807, 2008.

[10]

S. Gueron. Intel Advanced Encryption Standard (AES) Instructions Set. White paper, Intel, Sept. 2012.

[11]

S. Gueron and M. E. Kounavis. Intel Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode. White paper, Intel, Sept. 2012.\balancecolumns

[12]

S. Gueron and V. Krasnov. The fragility of aes-gcm authentication algorithm. In Information Technology: New Generations (ITNG), 2014 11th International Conference on, pages 333--337, April 2014.

Digital Library

[13]

A. Hoban. Using Intel AES New Instructions and PCLMULQDQ to Significantly Improve IPSec Performance on Linux. White paper, Intel, Aug. 2010.

[14]

A. Huttunen, B. Swander, V. Volpe, L. DiBurro, and M. Stenberg. UDP Encapsulation of IPsec ESP Packets, january 2005. RFC 3948.

[15]

IEEE Standard for Local and metropolitan area networks--Part 15.4: Low-Rate Wireless Personal Area Networks (LR-WPANs). IEEE Std 802.15.4 2011 (Revision of IEEE Std 802.15.4 2006), pages 1--314, 2011.

[16]

D. A. McGrew and J. Viega. The Security and Performance of the Galois/Counter Mode (GCM) of Operation. In INDOCRYPT, pages 343--355, 2004.

Digital Library

[17]

Intel Atom Processor N270 with Mobile Intel 945GSE Express Chipset. URL: http://ark.intel.com/de/products/36331/Intel-Atom-Processor-N270--512K-Cache-1_60-GHz-533-MHz-FSB.

[18]

10” netbook (NC series) NP-NC10. URL: http://www.samsung.com/ae/consumer/computers-peripherals/notebook/netbook/NP-NC10-KA01AE-spec.

[19]

Petr Svenda. Basic comparison of Modes for Authenticated-Encryption: (IAPM, XCBC, OCB, CCM, EAX, CWC, GCM, PCFB, CS), 2005.

[20]

Rasberry Pi. URL: http://www.raspberrypi.org.

[21]

S. Raza, S. Duquennoy, T. Chung, D. Yazar, T. Voigt, and U. Roedig. Securing communication in 6LoWPAN with compressed IPsec. In Distributed Computing in Sensor Systems and Workshops (DCOSS), 2011 International Conference on, pages 1--8, 2011.

[22]

S. Raza, D. Trabalza, and T. Voigt. 6LoWPAN Compressed DTLS for CoAP. In Distributed Computing in Sensor Systems (DCOSS), 2012 IEEE 8th International Conference on, pages 287--289, 2012.

Digital Library

[23]

K. Sandlund, G. Pelletier, and L.-E. Jonsson. The RObust Header Compression (ROHC) Framework, march 2010. RFC 5795.

[24]

strint report., W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT), Mar. 2014.

[25]

TLP. URL: https://github.com/linrunner/TLP/blob/master/default.

Cited By

Thungon LAhmed NDe DHussain M(2024)A Survey on 6LoWPAN Security for IoT: Taxonomy, Architecture, and Future DirectionsWireless Personal Communications10.1007/s11277-024-11382-y137:1(153-197)Online publication date: 6-Jul-2024
https://doi.org/10.1007/s11277-024-11382-y
Pohl FSchotten H(2017)Secure and Scalable Remote Access Tunnels for the IIoT: An Assessment of openVPN and IPsec PerformanceService-Oriented and Cloud Computing10.1007/978-3-319-67262-5_7(83-90)Online publication date: 1-Sep-2017
https://doi.org/10.1007/978-3-319-67262-5_7

Index Terms

Recommendations for IPsec Configuration on Homenet and M2M Devices
1. Networks
  1. Network protocols

Recommendations

Trust management for IPsec

IPsec is the standard suite of protocols for network-layer confidentiality and authentication of Internet traffic. The IPsec protocols, however, do not address the policies for how protected traffic should be handled at security end points. This article ...
SP 800-77. Guide to IPsec VPNs
Implementation of IPSec Protocol
ACCT '12: Proceedings of the 2012 Second International Conference on Advanced Computing & Communication Technologies

The aim of this paper is to present the implementation of IPSec Protocol. IPSec protocol provides an end user to end user traffic with ensuring authenticity and confidentiality of data packet. IP sec is a successor of the ISO standard Network Layer ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Q2SWinet '15: Proceedings of the 11th ACM Symposium on QoS and Security for Wireless and Mobile Networks

November 2015

184 pages

ISBN:9781450337571

DOI:10.1145/2815317

General Chair:
Peter Mueller
IBM Zurich Research Laboratory, Switzerland
,
Program Chairs:
Luca Foschini
University of Bologna, Italy
,
Richard Yu
Carleton University, Ottawa -- Canada
,
Graciela Román Alonso
Universidad Autónoma Metropolitana, Mexico

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSIM: ACM Special Interest Group on Simulation and Modeling

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MSWiM'15

Sponsor:

SIGSIM

MSWiM'15: 18th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems

November 2 - 6, 2015

Cancun, Mexico

Acceptance Rates

Overall Acceptance Rate 46 of 131 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
168
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Thungon LAhmed NDe DHussain M(2024)A Survey on 6LoWPAN Security for IoT: Taxonomy, Architecture, and Future DirectionsWireless Personal Communications10.1007/s11277-024-11382-y137:1(153-197)Online publication date: 6-Jul-2024
https://doi.org/10.1007/s11277-024-11382-y
Pohl FSchotten H(2017)Secure and Scalable Remote Access Tunnels for the IIoT: An Assessment of openVPN and IPsec PerformanceService-Oriented and Cloud Computing10.1007/978-3-319-67262-5_7(83-90)Online publication date: 1-Sep-2017
https://doi.org/10.1007/978-3-319-67262-5_7

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents