Title :
E2E: An Optimized IPsec Architecture for Secure and Fast Offload
Author :
Migault, Daniel ; Palomares, Daniel ; Herbert, Emmanuel ; You, Wei ; Ganne, Gabriel ; Arfaoui, Ghada ; Laurent, Maryline
Author_Institution :
France Telecom, Telecom SudParis, Evry, France
Abstract :
When mobile End Users are offloaded from a Radio Access Network (RAN) to a WLAN, current I-WLAN [1] offloaded architectures consider traffic converging to a common Security Gateway. In this paper, we propose an alternative End-to-End security (E2E) architecture based on the MOBIKE-X [2] protocol, which extends the MOBIKE [3] Mobility and Multihoming features to Multiple Interfaces and to the Transport mode of IPsec. The benefits of this E2E architecture are mostly load reduction and a better End User experience. First, E2E offloads the ISP CORE and backhaul networks, then E2E uses IPsec Transport mode instead of Tunnel mode, which removes networking and security overhead. This reduces CPU load by 20%, enhances Mobility and Multihoming operations by about 15%, and makes the system 2.9 times more reactive for detecting modifications of interfaces.
Keywords :
mobile radio; protocols; telecommunication security; wireless LAN; E2E; IPsec architecture optimisation; IPsec transport mode; ISP CORE; MOBIKE-X [2] protocol; RAN; WLAN; backhaul networks; end-to-end security; fast offload; offloaded architectures; radio access network; secure offload; security gateway; IP networks; Logic gates; Mobile communication; Protocols; Radio access networks; Security; Wireless LAN; IKEv2; IPsec; MOBIKE; MOBIKE-X; Mobility; Multihoming;
Conference_Titel :
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4673-2244-7
DOI :
10.1109/ARES.2012.80
