This thesis discusses how the protocol suite IPSec could be implemented efficiently in a network switch, to make it act as a security gateway.
Much focus is on the performance of the algorithms Rijndael and MD5, as the encryption and authentication algorithms tend to be the bottlenecks within a hardware IPSec implementation. I present my implementations of these algorithms, along with a discussion of their performance in terms of speed and physical area.
My results shows that authentication with MD5 is about four times as slow as encrypting with Rijndael. In addition, the Rijndael algorithm is possible to pipeline which would make it almost ten times as fast. However, MD5 is not possible to optimize, and will be the bottleneck of the processing.
I also present some suggestions on how the different components of the IPSec implementation could be placed within a switch architecture, together with area estimations of these components.
Author: Dikvall, Henrik
Source: Luleå University of Technology
Download Link: Click Here To Download This Project Report (PDF)
Reference URL: Visit Now