International Journal of Computer Applications (0975 – 8887) Volume 181 – No. 45, March 2019 39 IJCA TM : www.ijcaonline.org Performance Evaluation of IPSEC-VPN on Debian Linux Environment A. A. Ajiya Computer Science Department Federal University Gashua, Yobe State, Nigeria U. S. Idriss Computer Science Department Federal University Gashua, Yobe State, Nigeria Jerome M. G. Computer Science Department Federal University Gashua, Yobe State, Nigeria ABSTRACT Cyberspace has gotten a great favour from the general public in recent times. Affordability of infrastructure and globalization are believed to be the main drivers. This development resulted to lots of business enterprises to conceive a secure Virtual Private Network (VPN). Internet Protocol Security (IPSEC) which is one of the most widely used and deployed VPN tunneling Protocol in today’s networks. However, it is extremely difficult for one to find out the information about its performances comparatively with different encryption algorithms. In this research, the performance differences were evaluated through empirical observation. The experimental analysis was done on Debian Linux environment by implementing IPsec tunneling protocol with different encryption algorithms. Encryption algorithms are used to encrypt data so it cannot be read or modify by a third-party while in transit. Triple Data Encryption Standard (TDES/3DES) and Advance Encryption Standard (AES) are the encryption algorithms used in this research. The study concluded that IPSec AES-sha1 provides fair and reasonable performance compare to IPSec 3DES-sha1. Also, the research indicated that encryption/decryption of VPN UDP (User Datagram Protocol) traffic requires large amount of CPU and memory and that contributed to performance degradation. General Terms Cyberspace, Protocol, Algorithms, Linux, Datagram, Memory. Keywords Virtual Private Network (VPN), User Datagram Protocol (UDP), Internet Protocol Security (IPSEC), Advance Encryption Standard (AES), Data Encryption Standard (3DES). 1. INTRODUCTION VPN is usually employed in business sectors with the intention to allow for guaranteed secure connection or access over untrusted public network infrastructure such as cyberspace /Internet [12]. VPN is a tested technology that adequately does offers security strengths, for business enterprises usage [12]. Nevertheless, analysing the networks’ performance is also of great significant, since reducing the available network reserved resources could reduce monetary values and ameliorate business enterprises or remote client’s self-contentment and network efficiency. VPN applied encryption to offer data confidentiality, information integrity and client authentication because data is passing through the public network [13]. Confidentiality is achieved at a time when packets that passed through the public network are unreadable [4]. Similarly, that insured that information is not exposed or altered in whatsoever fashion throughout the duration of the transmission. Additionally, VPN offers information integrity by exploiting a message digest to assure that the information or data has not been manipulated with time during of the transmission [15]. Normally, VPN does not offer effective client or user authentication, because client or users can gain access to a private internet through insecure networks by simply entering a simple username and password. However, VPN exercise to support authentication applications like smart cards. In this research, 3DES and AES are used for encryption and Secure Hash Algorithm (SHA1) for integrity [15]. Choice of the encryption algorithms can impact the performance of different operating system environment [12]. In this study we have used the VPN cryptographic concepts and empirically evaluated the network performance of the most commonly used VPN tunnelling protocol IPSEC and encryption algorithms on Debian Linux operating system. The encryption algorithms used are AES and 3DES. Moreover, in an end-to- end communication quality of services (QoS) factors/parameters are taken into considerate. The research focused upon analysing UDP generated traffic and measuring the throughput, latency, packets Loss and jitter with respect to frame sizes. At the same time, the study measured the CPU utilization of the VPN server machine. This study is useful to the router’s or computer systems manufacturers and the general public, introducing VPN accelerator cards (VACs) built with cryptographic functionalities on routers (or software routers) will enhance performance. These additional routing capabilities on VPN accelerators will improve the routers operation performance [1]. The significant issue in this research is on the performance of IPsec-VPN tunnelling protocol, but this research added additional VPN scopes that will help us understand more about the generally IPsec-VPN tunnelling protocol performance issues on the internet. These additional scopes are formulated in the research questions. The investigation of these questions was made and finally the study came up with accurate answers to them. The research questions are as follows: Which encryption algorithm is better, between IPsec-AES- Sha1 and IPsec-3DES-Sha1on Debian Linux operating system environment with respect to quality of service parameters such as throughput, jitter, packet Loss, CPU usage and latency? (i) Does encryption and decryption of VPN traffic requires large amount of CPU and memory? 2. VIRTUAL PRIVATE NETWORK (VPN) AND IP SECURITY (IPSEC) This section discussed the principle of how VPN and IPsec work considering their security features.