Optimizing Inter-Site Traffic Comparative Performance Analy-sis of IPSec with IKEv2 RSA-ESP and IKEv2 with PSK
DOI:
https://doi.org/10.35746/jtim.v7i3.788Keywords:
IPSec, IKEv2, Encryption, Network Performance, Network SecurityAbstract
This study compares the performance of IPsec VPNs using Internet Key Exchange version 2 (IKEv2) with RSA and Pre-Shared Key (PSK) authentication. The research is driven by the rising need for secure and efficient communication in distributed systems, particularly in environments with limited resources and sensitivity to latency. Guided by the PPDIOO framework, this study assesses system performance across two distinct scenarios: standard operational conditions and impaired (stressed) network environments. Key metrics include latency, jitter, throughput, packet loss, and IKE negotiation time, measured using iperf3, ping, and tc netem. The testbed uses virtual Ubuntu environments with strongSwan 5.9.13 on VMware® Workstation, simulating inter-site traffic VPNs. Under normal conditions, PSK outperforms RSA by showing lower latency (0.82 ms vs. 0.88 ms), faster IKE setup (10.05 ms vs. 20.80 ms), and higher UDP throughput. Under stressed conditions—100 ms latency, 20 ms jitter, and 1% packet loss—PSK remains more resilient, especially for real-time UDP traffic. RSA offers steady performance for TCP downloads. Statistical significance is confirmed using paired t-tests. The results suggest PSK suits lightweight deployments with minimal cryptographic demands, while RSA is better for environments requiring certificate-based security. This study provides valuable insights for network architects in selecting appropriate IPsec configurations based on specific operational requirements. Future research may explore scalability considerations, multi-user environments, and the integration with Software-Defined Wide Area Networking (SD-WAN) technologies.
Downloads
References
A. A. Salih and M. B. Abdulrazzaq, “Cyber security: performance analysis and challenges for cyber attacks detection,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 31, no. 3, pp. 1763–1775, Sep. 2023, https://doi.org/10.11591/ijeecs.v31.i3.pp1763-1775.
H. A. Talib, R. B. Alothman, and M. S. Mohammed, “Malicious attacks modelling: a prevention approach for ad hoc network security,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 30, no. 3, pp. 1856–1865, Jun. 2023, https://doi.org/10.11591/ijeecs.v30.i3.pp1856-1865.
Y. Jiang, J. Huang, Y. Fan, and X. Zhu, “Design and Implementation of IPsec VPN IoT Gateway System in National Secret Algorithm,” Journal of Cyber Security and Mobility, vol. 13, no. 4, pp. 677–700, 2024, https://doi.org/10.13052/jcsm2245-1439.1345.
Z. Xu and J. Ni, “Research on network security of VPN technology,” in Proceedings - 2020 International Conference on Information Science and Education, ICISE-IE 2020, Institute of Electrical and Electronics Engineers Inc., Dec. 2020, pp. 539–542. https://doi.org/10.1109/ICISE51755.2020.00121.
M. O. Akinsanya, C. C. Ekechi, and C. D. Okeke, “Virtual private networks (VPN): A conceptual review of security protocols and their application in modern networks,” Engineering Science & Technology Journal, vol. 5, no. 4, pp. 1452–1472, Apr. 2024. [Online]. Available: https://doi.org/10.51594/estj.v5i4.1076.
Dr. Y. K. Sharma* and C. Kaur, “The Vital Role of Virtual Private Network (VPN) in Making Secure Connection Over Internet World,” International Journal of Recent Technology and Engineering (IJRTE), vol. 8, no. 6, pp. 2336–2339, Mar. 2020, https://doi.org/10.35940/ijrte.F8335.038620.
E. Khan, A. Sperotto, J. van der Ham, and R. van Rijswijk-Deij, “Stranger VPNs: Investigating the Geo-Unblocking Capabilities of Commercial VPN Providers,” 2023, pp. 46–68. https://doi.org/10.1007/978-3-031-28486-1_3.
S. Balachandran, J. Dominic, and S. Sivankalai, “View of A Comparative Analysis of VPN and Proxy Protocols in Library Network Management,” Library Progress International, vol. 44, pp. 1–15, 2024.
V. G, D. M S, M. Hashmi, J. R. K, and K. B V, “Robust Technique for Detecting and Blocking of VPN over Networks,” in 2024 Ninth International Conference on Science Technology Engineering and Mathematics (ICONSTEM), IEEE, Apr. 2024, pp. 1–5. https://doi.org/10.1109/ICONSTEM60960.2024.10568824.
T. Ninet, “Formal verification of the Internet Key Exchange (IKEv2) security protocol,” 2020. [Online]. Available: https://theses.hal.science/tel-02882167v1
H. Abbas., “Security Assessment and Evaluation of VPNs: A Comprehensive Survey,” ACM Comput. Surv., vol. 55, no. 13s, Jul. 2023, https://doi.org/10.1145/3579162.
E. O. Akinsanya and P. D. Okeke, “Virtual private networks (VPN): A conceptual review of security protocols and their application in modern networks,” Engineering Science & Technology Journal, vol. 5, no. 4, pp. 1452–1472, 2024. [Online]. Available: https://doi.org/10.51594/estj/v5i4.1076.
S. M. Zohaib, S. M. Sajjad, Z. Iqbal, M. Yousaf, M. Haseeb, and Z. Muhammad, “Zero Trust VPN (ZT-VPN): A Cybersecurity Framework for Modern Enterprises to Enhance IT Security and Privacy in Remote Work Environments,” Oct. 04, 2024. https://doi.org/10.20944/preprints202410.0301.v1.
U.S. National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA), “Selecting and Hardening Remote Access VPN Solutions,” U.S. Government Report, 2021. [Online]. Available: https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/csi_selecting-hardening-remote-access-vpns-20210928.pdf.
A. Yeboah-Ofori and A. Ganiyu, “Big Data Security Using RSA Algorithms in A VPN Domain,” in 2024 International Conference on Artificial Intelligence, Computer, Data Sciences and Applications (ACDSA), IEEE, Feb. 2024, pp. 1–6. https://doi.org/10.1109/ACDSA59508.2024.10467364.
E. Barker, Q. Dang, S. Frankel, K. Scarfone, and P. Wouters, “Guide to IPsec VPNs,” Gaithersburg, MD, Jun. 2020. https://doi.org/10.6028/NIST.SP.800-77r1.
S. Fluhrer, P. Kampanakis, D. Mcgrew, and V. Smyslov, “RFC 8784 Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security,” 2020, [Online]. Available: https://www.rfc-editor.org/info/rfc8784
A. Kukec, S. Gros, and V. Glavinic, “Implementation of Certificate Based Authentication in IKEv2 Protocol,” in 2007 29th International Conference on Information Technology Interfaces, IEEE, Jun. 2007, pp. 697–702. https://doi.org/10.1109/ITI.2007.4283856.
Charlie Kaufman, “Internet Key Exchange (IKEv2) Protocol,” Dec. 2005. https://doi.org/10.17487/rfc4306.
Y. Nir, T. Kivinen, P. Wouters, and D. Migault, “Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2),” Sep. 2017. https://doi.org/10.17487/RFC8247.
S. T. Aung and T. Thein, “Comparative Analysis of Site-to-Site Layer 2 Virtual Private Networks,” Comparative Analysis of Site-to-Site Layer 2 Virtual Private Networks, pp. 1–5, Feb. 2020, doi: 10.1109/icca49400.2020.9022848.
K. Ghanem, S. Ugwuanyi, J. Hansawangkit, R. McPherson, R. Khan, and J. Irvine, “Security vs Bandwidth: Performance Analysis Between IPsec and OpenVPN in Smart Grid,” in 2022 International Symposium on Networks, Computers and Communications (ISNCC), IEEE, Jul. 2022, pp. 1–5. https://doi.org/10.1109/ISNCC55209.2022.9851717.
M. Wahyudi and R. Adi Purnama, “Analisis Performa Site to Site IP Security Virtual Private Network (VPN) Menggunakan Algoritma Enkripsi ISAKMP (Performance Analysis Site to Site IP Security Virtual Private Network (VPN) with Algorithm Encryption ISAKMP),” 2019.
A. Tahenni and F. Merazka, “SD-WAN over MPLS: A Comprehensive Performance Analysis and Security with Insights into the Future of SD-WAN,” Oct. 2023, [Online]. Available: http://arxiv.org/abs/2401.01344
A. AL-Hawamleh, “Cyber Resilience Framework: Strengthening Defenses and Enhancing Continuity in Business Security,” International Journal of Computing and Digital Systems, vol. 15, no. 1, pp. 1315–1331, Mar. 2024, https://doi.org/10.12785/ijcds/150193.
A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari and M. Ayyash, "Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications," in IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347-2376, Fourthquarter 2015, https://doi.org/10.1109/COMST.2015.2444095.
T. McMillan, Cisco Networking Essentials. John Wiley & Sons, 2015.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Surya Pratama, Mohammad Ramaddan Julianti, Detin Sofia
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
