2002 FREENIX Track Technical Program - Abstract
A Study of the Relative Costs of Network Security
Stefan Miltchev, Sotiris Ioannidis, University of Pennsylvania; Angelos D. Keromytis, Columbia University
While the benefits of using IPsec to solve a significant number of
network security problems are well known and its adoption is gaining
ground, very little is known about the communication overhead that it
introduces. Quantifying this overhead will make users aware of the
price of the added security, and will assist them in making
well-informed IPsec deployment decisions.
In this paper, we investigate the performance of IPsec using micro-
and macro-benchmarks. Our tests explore how the various modes of
operation and encryption algorithms affect its performance and the
benefits of using cryptographic hardware to accelerate IPsec
processing. Finally, we compare against other secure data transfer
mechanisms, such as SSL, scp(1), and sftp(1).
- View the full text of this paper in
PDF, and Postscript.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.