WireGuard-AES: Hardware based encryption to WireGuard for VPN gateways

Yuce, M.; Keskin, O.; Yerlikaya, E.; Akmaz, M.; Kirca, A.; YILTAŞ KAPLAN, DERYA; ERTÜRK, Mehmet; GÜRKAŞ AYDIN, GÜLSÜM; TURNA, ÖZGÜR; Buyukakkaslar, M.; Durukan-Odabasi, ŞAFAK; Aydin, MUHAMMED

doi:10.1016/j.softx.2025.102314

WireGuard-AES: Hardware based encryption to WireGuard for VPN gateways

Yuce M. F., Keskin O., Yerlikaya E., Akmaz M. Y., Kirca A., YILTAŞ KAPLAN D., ...Daha Fazla

SOFTWAREX, cilt.31, 2025 (SCI-Expanded, Scopus)

Yayın Türü: Makale / Tam Makale
Cilt numarası: 31
Basım Tarihi: 2025
Doi Numarası: 10.1016/j.softx.2025.102314
Dergi Adı: SOFTWAREX
Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
İstanbul Üniversitesi-Cerrahpaşa Adresli: Evet

Özet

WireGuard is a high-performance virtual private network (VPN) implemented in the Linux kernel, known for its speed and software-based encryption. However, it struggles as a VPN gateway (VPNGW) due to reduced throughput when multiple clients connect-especially in software-defined networks (SDNs), where hardware encryption support is underutilized. This study introduces a novel WireGuard implementation using Advanced Encryption Standard (AES) encryption, leveraging hardware support to improve performance. Kernel-based AES boosts throughput by 11%, reduces retransmissions by 5.5%, and lowers central processing unit (CPU) usage by at least 2% (with 95% confidence interval). User-space AES achieves up to 19% higher throughput on modern CPUs, paving the way for increased speeds and better efficiency with larger maximum transmission units (MTUs).