Overhead of Whisper: One of the important requirements of any
cryptography based solution is low complexity. We performed benchmarks
to determine the processing overhead of the Whisper
operations. Table 1 summarizes the average time required
to perform the whisper operations for different key sizes:
bit,
bit and
bit. As the key size increases, the
RSA-based operations offer better security. Security experts recommend
a minimum size of
bit keys for better long-term
security.
We make two observations about the overhead characteristics. First,
the processing overhead for all these key sizes are well within the
limits of the maximum load observed at routers. For bit keys,
a node can process more than
route advertisements within
minute. In comparison, the maximum number of route advertisements
observed at a Sprint router is
updates every
minute [9]. For
bit keys, Whisper can update and
verify over
route advertisements per minute. Second, generate_signature() is an expensive operation and can consume more
than
sec per operation. However, this operation is performed only
once over many days.
Overhead of Listen: By analyzing route updates for over
days in Routeviews [8], we observed that
of the
routes in a routing table are stable for at least
hour. Based on
data from a tier-1 ISP, we find that a router typically observes a
maximum of
active prefixes over a period of
hour i.e.,
only
prefixes observe any traffic. If the probing mechanism
uses a statistical sample of
flows per prefix, the overhead of
probing at the router is negligible. Essentially, the router needs to
process
flows in
sec which translates to monitoring
under
flows every second (equivalent to
routing
lookups). Even if the number of active prefixes scales by a factor of
, current router implementations can easily implement the passive
probing aspect of Listen.
Active dropping and retransmission checks are applied only in the IP slow path and are invoked only when a prefix observes a combination of both incomplete and complete connections. To minimize the additional overhead of these operations, we restrict these checks to a few prefixes.