Implementation and Performance Evaluation of Embedded IPsec in Microkernel OS

The rapid development of the embedded systems and the wide use of them in many sensitive fields require safeguarding their communications. Internet Protocol Security (IPsec) is widely used to solve network security problems by providing confidentiality and integrity for the communications in the network, but it introduces communication overhead. This overhead becomes a critical factor with embedded systems because of their low computing power and limited resources. In this research, we studied the overhead of using embedded IPsec in constrained resource systems, which run microkernel operating system (OS), in terms of the network latency and throughput. To conduct our experiment first, we ran the test with an unmodified network stack, and then we ran the same test with the modified network stack which contains the IPsec implementation. Later, we compared the results obtained from these two sets of experiments to examine the overhead. Our research demonstrated that the overhead imposed by IPsec protocols is small and well within the capabilities of even low cost microcontrollers such as the one used in the Raspberry Pi computer

Collaborative, Trust-Based Security Mechanisms for a National Utility Intranet

This thesis investigates security mechanisms for utility control and protection networks using IP-based protocol interaction. It proposes flexible, cost-effective solutions in strategic locations to protect transitioning legacy and full IP-standards architectures. It also demonstrates how operational signatures can be defined to enact organizationally-unique standard operating procedures for zero failure in environments with varying levels of uncertainty and trust. The research evaluates layering encryption, authentication, traffic filtering, content checks, and event correlation mechanisms over time-critical primary and backup control/protection signaling to prevent disruption by internal and external malicious activity or errors. Finally, it shows how a regional/national implementation can protect private communities of interest and foster a mix of both centralized and distributed emergency prediction, mitigation, detection, and response with secure, automatic peer-to-peer notifications that share situational awareness across control, transmission, and reliability boundaries and prevent wide-spread, catastrophic power outages

The Networking Perspective of Security Performance- a Measurement Study-

Abstract. The recent term Quality of Security Services leads directly to the question of the performance impact of security protocols like IPSec and SSL. The impact depends not only on the situation, but also on the configuration. We measured the processing delay and the throughput for implementations of IPSec under Linux with different kernel versions on current computers. Our focus is to cover the effect of the various parameters of IPSec. Most important for the IPSec performance is the choice of the cryptographic algorithms and hash functions. Our measurements indicate that the latter are becoming the bottleneck as fast encryption algorithms like the AES and Blowfish more and more replace the slow 3DES.