On the Effectiveness of IP-Routable Entire-Packet Encryption Service over Public Networks (November 2018)

The Internet is an unsecured public network accessed by approximately half of the world population. There are several techniques, such as cryptography, end-to-end encryption, and tunneling, used to preserve data security and integrity and to reduce information theft. This is because the security of data transmission over public networks is an ever-questionable issue. However, none of the above techniques are capable of providing the flexibility of changing either the algorithm or its key at the intermediary routers according to the requirements of stakeholders, e.g., ISPs or Internet users. Although the transmitted data are encrypted and unreadable, the metadata contained in the packet headers are readable during traversal. Nonetheless, service-based Internet architectures, e.g., IoT architectures, demand the analysis the data streams at the intermediary routers to provide smart services such as strengthening the security of the data streams. To this end, this paper proposes a method to use service-oriented routers for providing secure data transmission by encrypting data packets including the header and trailer information. A prototype of the proposed method is implemented on the ns-3 simulator, and this paper discusses the implementation notes and evaluation of the test results. The test results demonstrate that there is only an average processing cost of 180.14/191.35, 213.96/257.41, 157.56/170.68, and 235.48/ 249.49~\mu \text{s} for encrypting the total encrypted combined packets/total encrypted separate packets using IDEA, DES, AES-GCM, and AES-CTR encryption algorithms, respectively, with a 256-bit key space. This is significantly lower than the tolerable transmission delay (150 ms) defined by the ITU-T.