SSL VPN Performance Evaluation

Abstract

SSL VPNs is considered as a great leap in the world of networking because it improves work efficiency tremendously by eliminating the need for client software, since clients can access the VPN through web browsers. VPNs use encryption and authentication techniques to provide a secure path for data through a public network. Encryption and authentication techniques differ in their quality, mainly, according to key size and block size; on the other hand this may result in degradation of the performance of the VPN. The objective of this project is implementation and performance evaluation of an SSL VPN. SSL VPN was successfully implemented using an open-source SSL VPN solution called OpenVPN. A performance evaluation study was done for the implemented SSL VPN taking into consideration the effect of encryption and authentication techniques on the performance of the VPN. Determining the effect of encryption and authentication on the performance of the VPN can give us an insight of the kind of suitable applications and thus choosing the right encryption and authentication technique for a certain scenario. Three of the most used cryptographic ciphers and hash algorithms were chosen for the study. Network performance measures were tested on the implemented SSL VPN when applying each of the combinations of these cryptographic ciphers and hash algorithms. Network performance measures calculated are round trip time (RTT), packet loss, transfer rate using ftp, network file system (NFS) access time, Throughput, Bandwidth and jitter. We found that RTT and packet loss isn’t affected by the combination applied, but NFS access time increases with the amount of encryption and authentication applied. Transfer rate decreases with the amount of encryption and authentication applied. Bandwidth and throughput isn’t affected by the combination applied and jitter seems to have a random nature.