IPSec overhead in wireline and wireless networks for Web and email applications

This paper focuses on characterizing the overhead of IP security (IPSec) for email and Web applications using a set of test bed configurations. The different configurations are implemented using both wireline and wireless network links. The testing considers different combinations of authentication algorithms and authentication protocols. Authentication algorithms include Hashed Message Authentication Code-Message Digest 5 (HMAC-MD5) and Hashed Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1). Authentication protocols include Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols. Triple Digital Encryption Standard (3DES) is used for encryption. Overhead is examined for scenarios using no encryption and no authentication, authentication and no encryption, and authentication and encryption. A variety of different file sizes are considered when measuring the overhead The results present a thorough analysis of the overhead of different IPSec configurations and provide practical guidance for choosing the IPSec configuration needed in a network environment.