WireGuard-AES: Hardware based encryption to WireGuard for VPN gateways
SOFTWAREX, cilt.31, 2025 (SCI-Expanded, Scopus)
- Yayın Türü: Makale / Tam Makale
- Cilt numarası: 31
- Basım Tarihi: 2025
- Doi Numarası: 10.1016/j.softx.2025.102314
- Dergi Adı: SOFTWAREX
- Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
- İstanbul Üniversitesi-Cerrahpaşa Adresli: Evet
Özet
WireGuard is a high-performance virtual private network (VPN) implemented in the Linux kernel, known for its speed and software-based encryption. However, it struggles as a VPN gateway (VPNGW) due to reduced throughput when multiple clients connect-especially in software-defined networks (SDNs), where hardware encryption support is underutilized. This study introduces a novel WireGuard implementation using Advanced Encryption Standard (AES) encryption, leveraging hardware support to improve performance. Kernel-based AES boosts throughput by 11%, reduces retransmissions by 5.5%, and lowers central processing unit (CPU) usage by at least 2% (with 95% confidence interval). User-space AES achieves up to 19% higher throughput on modern CPUs, paving the way for increased speeds and better efficiency with larger maximum transmission units (MTUs).