On the Effectiveness of IP-Routable Entire-Packet Encryption Service over Public Networks (November 2018)

Rajitha Tennekoon, Janaka Wijekoon, Hiroaki Nishi

Research output: Contribution to journalArticle

Abstract

The Internet is an unsecured public network accessed by approximately half of the world population. There are several techniques, such as cryptography, end-to-end encryption, and tunneling, used to preserve data security and integrity, and to reduce information theft. This is because the security of data transmission over public networks is an ever-questionable issue. However, none of the above techniques are capable of providing the flexibility of changing either the algorithm or its key at the intermediary routers according to the requirements of stakeholders, e.g., ISPs or internet users. Although the transmitted data are encrypted and unreadable, the metadata contained in the packet headers are readable during traversal. Nonetheless, service-based internet architectures, e.g., IoT architectures, demand the analysis the data streams at the intermediary routers to provide smart services such as strengthening the security of the data streams. To this end, this paper proposes a method to use Service-oriented Routers for providing secure data transmission by encrypting data packets including the header and trailer information. A prototype of the proposed method is implemented on the ns-3 simulator, and this paper discusses the implementation notes and evaluation of the test results. The test results demonstrate that there is only an average processing cost of 180.14/191.35, 213.96/257.41, 157.56/170.68, and 235.48/249.49 μs for encrypting the total encrypted combined packets/total encrypted separate packets using IDEA, DES, AES-GCM, and AES-CTR encryption algorithms, respectively, with a 256-bit key space. This is significantly lower than the tolerable transmission delay (150 ms) defined by the ITU-T.

Original languageEnglish
JournalIEEE Access
DOIs
Publication statusAccepted/In press - 2018 Jan 1

Fingerprint

Routers
Cryptography
Internet
Security of data
Data communication systems
Light trailers
Metadata
Simulators
Processing
Costs

Keywords

  • Encryption
  • encryption
  • entire-packet encryption
  • Internet
  • IP networks
  • ns-3
  • per-hop data encryption
  • Routing protocols
  • Service-oriented Router

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Cite this

On the Effectiveness of IP-Routable Entire-Packet Encryption Service over Public Networks (November 2018). / Tennekoon, Rajitha; Wijekoon, Janaka; Nishi, Hiroaki.

In: IEEE Access, 01.01.2018.

Research output: Contribution to journalArticle

@article{a0ae2ac16cb441b796a8a21eae95bda2,
title = "On the Effectiveness of IP-Routable Entire-Packet Encryption Service over Public Networks (November 2018)",
abstract = "The Internet is an unsecured public network accessed by approximately half of the world population. There are several techniques, such as cryptography, end-to-end encryption, and tunneling, used to preserve data security and integrity, and to reduce information theft. This is because the security of data transmission over public networks is an ever-questionable issue. However, none of the above techniques are capable of providing the flexibility of changing either the algorithm or its key at the intermediary routers according to the requirements of stakeholders, e.g., ISPs or internet users. Although the transmitted data are encrypted and unreadable, the metadata contained in the packet headers are readable during traversal. Nonetheless, service-based internet architectures, e.g., IoT architectures, demand the analysis the data streams at the intermediary routers to provide smart services such as strengthening the security of the data streams. To this end, this paper proposes a method to use Service-oriented Routers for providing secure data transmission by encrypting data packets including the header and trailer information. A prototype of the proposed method is implemented on the ns-3 simulator, and this paper discusses the implementation notes and evaluation of the test results. The test results demonstrate that there is only an average processing cost of 180.14/191.35, 213.96/257.41, 157.56/170.68, and 235.48/249.49 μs for encrypting the total encrypted combined packets/total encrypted separate packets using IDEA, DES, AES-GCM, and AES-CTR encryption algorithms, respectively, with a 256-bit key space. This is significantly lower than the tolerable transmission delay (150 ms) defined by the ITU-T.",
keywords = "Encryption, encryption, entire-packet encryption, Internet, IP networks, ns-3, per-hop data encryption, Routing protocols, Service-oriented Router",
author = "Rajitha Tennekoon and Janaka Wijekoon and Hiroaki Nishi",
year = "2018",
month = "1",
day = "1",
doi = "10.1109/ACCESS.2018.2882390",
language = "English",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - On the Effectiveness of IP-Routable Entire-Packet Encryption Service over Public Networks (November 2018)

AU - Tennekoon, Rajitha

AU - Wijekoon, Janaka

AU - Nishi, Hiroaki

PY - 2018/1/1

Y1 - 2018/1/1

N2 - The Internet is an unsecured public network accessed by approximately half of the world population. There are several techniques, such as cryptography, end-to-end encryption, and tunneling, used to preserve data security and integrity, and to reduce information theft. This is because the security of data transmission over public networks is an ever-questionable issue. However, none of the above techniques are capable of providing the flexibility of changing either the algorithm or its key at the intermediary routers according to the requirements of stakeholders, e.g., ISPs or internet users. Although the transmitted data are encrypted and unreadable, the metadata contained in the packet headers are readable during traversal. Nonetheless, service-based internet architectures, e.g., IoT architectures, demand the analysis the data streams at the intermediary routers to provide smart services such as strengthening the security of the data streams. To this end, this paper proposes a method to use Service-oriented Routers for providing secure data transmission by encrypting data packets including the header and trailer information. A prototype of the proposed method is implemented on the ns-3 simulator, and this paper discusses the implementation notes and evaluation of the test results. The test results demonstrate that there is only an average processing cost of 180.14/191.35, 213.96/257.41, 157.56/170.68, and 235.48/249.49 μs for encrypting the total encrypted combined packets/total encrypted separate packets using IDEA, DES, AES-GCM, and AES-CTR encryption algorithms, respectively, with a 256-bit key space. This is significantly lower than the tolerable transmission delay (150 ms) defined by the ITU-T.

AB - The Internet is an unsecured public network accessed by approximately half of the world population. There are several techniques, such as cryptography, end-to-end encryption, and tunneling, used to preserve data security and integrity, and to reduce information theft. This is because the security of data transmission over public networks is an ever-questionable issue. However, none of the above techniques are capable of providing the flexibility of changing either the algorithm or its key at the intermediary routers according to the requirements of stakeholders, e.g., ISPs or internet users. Although the transmitted data are encrypted and unreadable, the metadata contained in the packet headers are readable during traversal. Nonetheless, service-based internet architectures, e.g., IoT architectures, demand the analysis the data streams at the intermediary routers to provide smart services such as strengthening the security of the data streams. To this end, this paper proposes a method to use Service-oriented Routers for providing secure data transmission by encrypting data packets including the header and trailer information. A prototype of the proposed method is implemented on the ns-3 simulator, and this paper discusses the implementation notes and evaluation of the test results. The test results demonstrate that there is only an average processing cost of 180.14/191.35, 213.96/257.41, 157.56/170.68, and 235.48/249.49 μs for encrypting the total encrypted combined packets/total encrypted separate packets using IDEA, DES, AES-GCM, and AES-CTR encryption algorithms, respectively, with a 256-bit key space. This is significantly lower than the tolerable transmission delay (150 ms) defined by the ITU-T.

KW - Encryption

KW - encryption

KW - entire-packet encryption

KW - Internet

KW - IP networks

KW - ns-3

KW - per-hop data encryption

KW - Routing protocols

KW - Service-oriented Router

UR - http://www.scopus.com/inward/record.url?scp=85057158688&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85057158688&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2018.2882390

DO - 10.1109/ACCESS.2018.2882390

M3 - Article

AN - SCOPUS:85057158688

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

ER -