WireGuard-AES: Hardware based encryption to WireGuard for VPN gateways

---

Yuce M., Keskin O., Yerlikaya E., Akmaz M., Kirca A., Yıltaş Kaplan D., ...Daha Fazla

SOFTWAREX, ss.1-11, 2025 (SCI-Expanded, Scopus)

• Yayın Türü: Makale / Tam Makale
• Basım Tarihi: 2025
• Doi Numarası: 10.1016/j.softx.2025.102314
• Dergi Adı: SOFTWAREX
• Derginin Tarandığı İndeksler: Scopus, Science Citation Index Expanded (SCI-EXPANDED), Compendex, INSPEC, Directory of Open Access Journals
• Sayfa Sayıları: ss.1-11
• İstanbul Üniversitesi-Cerrahpaşa Adresli: Evet

Özet

WireGuard is a high-performance virtual private network (VPN) implemented in the Linux kernel, known for its speed and software-based encryption. However, it struggles as a VPN gateway (VPNGW) due to reduced

throughput when multiple clients connect—especially in software-defined networks (SDNs), where hardware encryption support is underutilized. This study introduces a novel WireGuard implementation using Advanced

Encryption Standard (AES) encryption, leveraging hardware support to improve performance. Kernel-based AES boosts throughput by 11%, reduces retransmissions by 5.5%, and lowers central processing unit (CPU)

usage by at least 2% (with 95% confidence interval). User-space AES achieves up to 19% higher throughput on modern CPUs, paving the way for increased speeds and better efficiency with larger maximum transmission

units (MTUs).