DTLS Performance - How Expensive is Security?
Secure communication is an integral feature of many Internet services. The widely deployed TLS protects reliable transport protocols. DTLS extends TLS security services to protocols relying on plain UDP packet transport, such as VoIP or IoT applications. In this paper, we construct a model to determine the performance of generic DTLS-enabled applications. Our model considers basic network characteristics, e.g., number of connections, and the chosen security parameters, e.g., the encryption algorithm in use. Measurements are presented demonstrating the applicability of our model. These experiments are performed using a high-performance DTLS-enabled VPN gateway built on top of the well-established libraries DPDK and OpenSSL. This VPN solution represents the most essential parts of DTLS, creating a DTLS performance baseline. Using this baseline the model can be extended to predict even more complex DTLS protocols besides the measured VPN. Code and measured data used in this paper are publicly available at https://git.io/MoonSec and https://git.io/Sdata.READ FULL TEXT