Title page for ETD etd-11152001-181815

Type of Document Master's Thesis
Author Hadjichristofi, George Costa
URN etd-11152001-181815
Title IPSec Overhead in Wireline and Wireless Networks for Web and Email Applications
Degree Master of Engineering
Department Electrical and Computer Engineering
Advisory Committee
Advisor Name Title
Davis, Nathaniel J. IV Committee Chair
Midkiff, Scott F. Committee Member
Shaw, John Kenneth Committee Member
  • ESP
  • MD5
  • 3DES
  • IP Security
  • AH
  • SHA1
Date of Defense 2001-11-29
Availability unrestricted
This research focuses on developing a set of secure communication network testbeds and using them to measure the overhead of IP Security (IPSec) for email and web applications. The network testbeds are implemented using both wireline and wireless technologies. The testing involves a combination of authentication algorithms such as Hashed Message Authentication Code-Message Digest 5 (HMAC-MD5) and Hashed Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1), implemented through different authentication protocols such as ESP and AH, and used in conjunction with the Triple Digital Encryption Standard (3DES). The research examines the overhead using no encryption and no authentication, authentication and no encryption, and authentication and encryption. A variety of different sizes of compressed and uncompressed files, are considered when measuring the overhead.

The testbed realizes security using IPSec to secure the connection between different nodes. The email protocol that is used is the Simple Mail Transfer Protocol (SMTP) and the web protocol considered is the Hyper Text Transfer Protocol (HTTP). The key metrics considered are the network load in bytes, the number of packets, and the transfer time.

This research emphasizes the importance of using HTTP to access files than using SMTP. Use of HTTP requires fewer packets, lower network loads, and lower transfer times than SMTP. It is demonstrated that this difference, which occurs regardless of security, is magnified by the use of authentication and encryption. The results also indicate the value of using compressed files for file transfers. Compressed and uncompressed files require the same transfer time, network load and number of packets since FreeS/WAN IPSec does not carry any form of compression on the data before passing it to the data link layer. Both authentication algorithms, HMAC-MD5 and HMAC- SHA1, result in about the same network load and number of packets. However, HMAC-SHA1 results in a higher transfer time than HMAC-MD5 because of SHA1's higher computational requirements. ESP authentication and ESP encryption reduce the network load for small files only, compared to ESP encryption and AH authentication. ESP authentication could not be compared with AH authentication, since the FreeS/WAN IPSec implementation used in the study does not support ESP authentication without using encryption. In a wireless environment, using IPSec does not increase the network load and the number of transactions, when compared to a wireline environment. Also, the effect of security on transfer time is higher compared to a wireline environment, even though that increase is overshadowed by the high transfer time percentage increase due to the wireless medium.

  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  FINAL9.pdf 770.46 Kb 00:03:34 00:01:50 00:01:36 00:00:48 00:00:04

Browse All Available ETDs by ( Author | Department )

dla home
etds imagebase journals news ereserve special collections
virgnia tech home contact dla university libraries

If you have questions or technical problems, please Contact DLA.