Impacts of IPsec implementation on LTE IP connectivity

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
School of Electrical Engineering | Master's thesis
Checking the digitized thesis and permission for publishing
Instructions for the author
Date
2010
Major/Subject
Tietoverkkotekniikka
Mcode
S-38
Degree programme
Language
en
Pages
ix + 67 s. + liitt. 4
Series
Abstract
Long Term Evolution (LTE) is a result of the improvement of 3GPP's radio access technology towards a broadband mobile network with a higher data-rate, improved quality and lower latency services. Such high level service requirements and expectations of the LTE system are a direct reflection of IP data traffic growth in mobile networks witnessed in the past few years. To go along with the radio access network improvements, IP transport network to interconnect the LTE radio access and core networks is identified as efficient and cost-optimized solution. However, using IP networks as a transport backbone in the LTE brings security vulnerabilities. To mitigate the potential security risks, the Internet security framework IPsec use in the LTE transport is proposed by 3GPP. Given the strict data-rate and delay conditions for the LTE network, meeting the required level of security using IPsec places a performance challenge on implementing the LTE network. This thesis work discusses impacts of IPsec implementation on the LTE transport based on experimental tests conducted on an end-to-end LTE IP connectivity solution. Particular emphasis is given to 3GPP proposed IPsec configurations. The analysis and results of this work are helpful as an input to design choices for IPsec implementation and use in the LTE network. It was observed that IPsec protection for traffic composed solely of small packets, in the order of 64 to 256 bytes, degrades system performance to an unacceptably low level. However, when using a more realistic network traffic mix, it was possible to show that an acceptable performance can be obtained. It was also observed that fragmentation and reassembly after encryption presents more than 50% reduction in system throughput.
Description
Supervisor
Ott, Jörg
Thesis advisor
Almay, Heikki
Keywords
LTE, SAE, IPsec
Other note
Citation