Virtual private networks (VPNs) allow two or more parties to communicate securely over a public network. Using cryptographic algorithms and protocols, VPNs provide security services such as confidentiality, host authentication and data integrity. The computation required to provide adequate security, however, can significantly degrade performance. In this paper, we characterize the extent to which data compression can alleviate this performance problem in a VPN implemented with the IP Security Protocol (IPsec). We use a system model for IPsec transactions to derive an inequality that specifies the conditions required for data compression to improve performance. We generate performance results for many combinations of network types, data types, packet sizes, and encryption, authentication and compression algorithms. We find that compression usually improves performance when using 10 Mbps or slower networks, but compression only improves performance in systems with 100 Mbps or 1 Gbps networks when using computationally intensive encryption algorithms.
|Original language||English (US)|
|Number of pages||11|
|Journal||Conference on Local Computer Networks|
|State||Published - Dec 1 2000|
All Science Journal Classification (ASJC) codes
- Electrical and Electronic Engineering