Performance analysis of AES-finalists along with SHS in IPSEC VPN over 1Gbps link

Abstract

IPSEC is suit of protocols designed to provide secure communication over Network Layer (Layer-3) of TCP/IP model. Participating IPSEC gateways may have different algorithms installed in them but RFC-4835 mentions mandatory algorithms that a gateway must have so that participating gateways always have at least one algorithmic combination to agree upon. Off the shelve IPSEC implementations only implement these mandatory algorithms. In this paper, the enhancements involve the selection of hashing and encryption algorithms that yield better performance for the given system. All AES finalists and SHS algorithms have been embedded after some modifications in 64 bit RHEL 6.2 Linux kernel (2.6.32) and Openswan 2.6.38 (A user space agent which helps gateways to negotiate security associations between them) and performance analysis of these algorithms having throughput as the main parameter over 1 Gbps link in an IPSEC VPN has been done. For this purpose, all the combinations of block ciphers with different key lengths along with hashing algorithms are tested and analyzed under same operating conditions. Comparative results are shown with respect to every combination of AES finalists with every hashing algorithm of SHS and MD5. Furthermore, All the AES finalists have also been tested without hashing algorithms.