DTLS Performance - How Expensive is Security?
This work addresses the performance impact of security for developers and users of UDP-based services like VoIP and IoT, but it is incremental as it builds on existing DTLS and libraries.
The paper tackles the problem of quantifying the performance overhead of DTLS security in UDP-based applications by constructing a model that considers network characteristics and security parameters, and validates it with measurements from a high-performance DTLS-enabled VPN gateway, showing applicability and providing a baseline for predicting more complex protocols.
Secure communication is an integral feature of many Internet services. The widely deployed TLS protects reliable transport protocols. DTLS extends TLS security services to protocols relying on plain UDP packet transport, such as VoIP or IoT applications. In this paper, we construct a model to determine the performance of generic DTLS-enabled applications. Our model considers basic network characteristics, e.g., number of connections, and the chosen security parameters, e.g., the encryption algorithm in use. Measurements are presented demonstrating the applicability of our model. These experiments are performed using a high-performance DTLS-enabled VPN gateway built on top of the well-established libraries DPDK and OpenSSL. This VPN solution represents the most essential parts of DTLS, creating a DTLS performance baseline. Using this baseline the model can be extended to predict even more complex DTLS protocols besides the measured VPN. Code and measured data used in this paper are publicly available at https://git.io/MoonSec and https://git.io/Sdata.