Impacts of IPsec implementation on LTE IP connectivity

Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

School of Electrical Engineering | Master's thesis
Checking the digitized thesis and permission for publishing
Instructions for the author

Authors

Date

2010

Department

Elektroniikan, tietoliikenteen ja automaation tiedekunta

Major/Subject

Tietoverkkotekniikka

Mcode

S-38

Degree programme

Language

en

Pages

ix + 67 s. + liitt. 4

Series

Abstract

Long Term Evolution (LTE) is a result of the improvement of 3GPP's radio access technology towards a broadband mobile network with a higher data-rate, improved quality and lower latency services. Such high level service requirements and expectations of the LTE system are a direct reflection of IP data traffic growth in mobile networks witnessed in the past few years. To go along with the radio access network improvements, IP transport network to interconnect the LTE radio access and core networks is identified as efficient and cost-optimized solution. However, using IP networks as a transport backbone in the LTE brings security vulnerabilities. To mitigate the potential security risks, the Internet security framework IPsec use in the LTE transport is proposed by 3GPP. Given the strict data-rate and delay conditions for the LTE network, meeting the required level of security using IPsec places a performance challenge on implementing the LTE network. This thesis work discusses impacts of IPsec implementation on the LTE transport based on experimental tests conducted on an end-to-end LTE IP connectivity solution. Particular emphasis is given to 3GPP proposed IPsec configurations. The analysis and results of this work are helpful as an input to design choices for IPsec implementation and use in the LTE network. It was observed that IPsec protection for traffic composed solely of small packets, in the order of 64 to 256 bytes, degrades system performance to an unacceptably low level. However, when using a more realistic network traffic mix, it was possible to show that an acceptable performance can be obtained. It was also observed that fragmentation and reassembly after encryption presents more than 50% reduction in system throughput.

Description

Supervisor

Ott, Jörg

Thesis advisor

Almay, Heikki

Keywords

LTE, SAE, IPsec

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-2020122357510

Collections

[dipl] Sähkötekniikan korkeakoulu / ELEC