Optimasi IPSec Site to Site VPN Mikrotik menggunakan Algoritme Enkripsi Blowfish
Abstract
Although data security is very important, the performance of a VPN (Virtual Private Network) must also be a concern. This paper presents how the use of encryption algorithms affects the performance of a site-to-site VPN. This research simulates a site-to-site IPsec VPN network using the EVE-NG simulator to run two point-to-point network security encryption algorithms, namely IPSec with the default encryption algorithm AES (Advanced Encryption Standard) and IPSec (Internet Protocol Security) with the Blowfish encryption algorithm to encrypt traffic. data sent over a public network. Test uploading a file of 900 Megabytes from computer 2 and computer 3 to the FTP (File Transfer Protocol) Server with a throughput of 3.51 MBps with the AES encryption algorithm; and 3.81 MBps throughput with the Blowfish encryption algorithm. Traffic does not experience problems on the network or Request Time Out (RTO) with an average ping latency of 8ms on the IPSec network with the AES encryption algorithm; and 7ms on an ipsec network that uses the Blowfish algorithm. The test results show that the Blowfish encryption algorithm has better performance in throughput and latency than using the AES encryption algorithm.
Keywords: Virtual Private Network; Internet Protocol Security; Mikrotik; Blowfish Algorithm
Abstrak
Meskipun keamanan data sangat penting, akan tetapi performa VPN (Virtual Private Network) juga harus menjadi perhatian. Paper ini menyajikan bagaimana penggunakan algoritme enkripsi mempengaruhi performa dari site to site VPN. Penelitian mensimulasikan jaringan site to site IPsec VPN menggunakan simulator EVE-NG untuk menjalankan dua algoritme enkripsi keamanan jaringan point to point, yaitu IPSec dengan algoritme enkripsi default AES (Advanced Encryption Standard) dan IPSec (Internet Protocol Security) dengan algoritme enkripsi Blowfish dalam mengenkripsi trafik data yang dikirim melalui jaringan publik. Uji upload file sebesar 900 Megabyte dari komputer 2 dan komputer 3 ke FTP (File Transfer Protocol) Server dengan throughput 3,51 MBps dengan algoritme enkripsi AES; dan throughput 3,81 MBps dengan algoritme enkripsi Blowfish. Trafik tidak mengalami kendala pada jaringan atau Request Time Out (RTO) dengan latency ping rata-rata 8ms pada jaringan IPSec algoritme enkripsi AES; dan 7ms pada jaringan ipsec yang menggunakan algoritme Blowfish. Hasil uji menunjukkan algoritme enkripsi Blowfish memiliki performa lebih baik dalam troughput dan latency dibandingkan menggunakan algoritme enkripsi AES.
Kata kunci: Virtual Private Network; Internet Protocol Security; Mikrotik; Advanced Encryption Standard; Algoritme Blowfish
Although data security is very important, the performance of a VPN (Virtual Private Network) must also be a concern. This paper presents how the use of encryption algorithms affects the performance of a site-to-site VPN. This research simulates a site-to-site IPsec VPN network using the EVE-NG simulator to run two point-to-point network security encryption algorithms, namely IPSec with the default encryption algorithm AES (Advanced Encryption Standard) and IPSec (Internet Protocol Security) with the Blowfish encryption algorithm to encrypt traffic. data sent over a public network. Test uploading a file of 900 Megabytes from computer 2 and computer 3 to the FTP (File Transfer Protocol) Server with a throughput of 3.51 MBps with the AES encryption algorithm; and 3.81 MBps throughput with the Blowfish encryption algorithm. Traffic does not experience problems on the network or Request Time Out (RTO) with an average ping latency of 8ms on the IPSec network with the AES encryption algorithm; and 7ms on an ipsec network that uses the Blowfish algorithm. The test results show that the Blowfish encryption algorithm has better performance in throughput and latency than using the AES encryption algorithm.
Keywords: Virtual Private Network; Internet Protocol Security; Mikrotik; Blowfish Algorithm
Abstrak
Meskipun keamanan data sangat penting, akan tetapi performa VPN (Virtual Private Network) juga harus menjadi perhatian. Paper ini menyajikan bagaimana penggunakan algoritme enkripsi mempengaruhi performa dari site to site VPN. Penelitian mensimulasikan jaringan site to site IPsec VPN menggunakan simulator EVE-NG untuk menjalankan dua algoritme enkripsi keamanan jaringan point to point, yaitu IPSec dengan algoritme enkripsi default AES (Advanced Encryption Standard) dan IPSec (Internet Protocol Security) dengan algoritme enkripsi Blowfish dalam mengenkripsi trafik data yang dikirim melalui jaringan publik. Uji upload file sebesar 900 Megabyte dari komputer 2 dan komputer 3 ke FTP (File Transfer Protocol) Server dengan throughput 3,51 MBps dengan algoritme enkripsi AES; dan throughput 3,81 MBps dengan algoritme enkripsi Blowfish. Trafik tidak mengalami kendala pada jaringan atau Request Time Out (RTO) dengan latency ping rata-rata 8ms pada jaringan IPSec algoritme enkripsi AES; dan 7ms pada jaringan ipsec yang menggunakan algoritme Blowfish. Hasil uji menunjukkan algoritme enkripsi Blowfish memiliki performa lebih baik dalam troughput dan latency dibandingkan menggunakan algoritme enkripsi AES.
Kata kunci: Virtual Private Network; Internet Protocol Security; Mikrotik; Advanced Encryption Standard; Algoritme Blowfish
References
M. Syarif, & W. Wijanarto, “Deteksi Kedipan Mata Dengan Haar Cascade Classifier Dan Contour Untuk Password Login Sistem”. Techno. com, vol. 14, no. 4, pp. 242-249, 2015.
A. Prayogo, & M.A. Rony, “Implementasi One Time Password pada Sistem Login dengan Algoritme SHA-256 dan DES pada Aplikasi EO Blucampus Berbasis Client Server”. SKANIKA, vol. 1, no. 2, pp. 448-454, 2018.
P. Riska, P. Sugiartawan, & I. Wiratama, “Sistem keamanan jaringan komputer dan data dengan menggunakan metode port knocking”. Jurnal Sistem Informasi dan Komputer Terapan Indonesia (JSIKTI), vol. 1, no. 2, pp. 153-64, 2018.
H.F. Putra, W. Wirawan, & O. Penangsang, “Penerapan blockchain dan kriptografi untuk keamanan data pada jaringan smart grid. Jurnal Teknik ITS, vol. 8, no. 1, pp. A11-A16, 2019.
M. Fadlan, “Pengamanan Data melalui Model Super Enkripsi Autokey Cipher dan Transposisi Kolom”. Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 5, no. 6, pp. 1113-1119, 2021.
Y.P. Putra, T. Mufizar, & E. Alfiyani, “Implementasi Super Enkripsi Aes Dan Rsa Pada Pengamanan Data Rekam Medis Pasien”. Jurnal VOI (Voice of Informatics), vol. 11, no. 2, pp. 37-46, 2022.
P. Thiruvasagam, & K.J. George, “IPSec: Performance Analysis in IPv4 and IPv6”. Journal of ICT Standardization, vol. 7, no. 1, pp. 59-76, 2019.
Y.P. Astuti, E.H. Rachmawanto, & C.A. Sari, “Optimasi Enkripsi Password Menggunakan Algoritme Blowfish. Techno. Com, vol. 15, no. 1, pp. 15-21, 2016.
S. Wardoyo, Z. Imanullah, & R. Fahrizal, “Enkripsi dan Dekripsi File dengan Algoritme Blowfish pada Perangkat Mobile Berbasis Android”. Jurnal Nasional Teknik Elektro, vol. 5, no. 1, pp. 36-44, 2016.
H.G. Simanullang, & A.P. Silalahi, “Algoritme blowfish untuk meningkatkan keamanan database MySQL”. METHODIKA: Jurnal Teknik Informatika dan Sistem Informasi, vol. 4, no. 1, pp. 10-14, 2018.
F. Riza, N. Sridewi, A.M. Husein, & M.K. Harahap, “Analisa Frekuensi Hasil Enkripsi Pada Algoritme Kriptografi Blowfish Terhadap Keamanan Informasi”. JURNAL TEKNOLOGI DAN ILMU KOMPUTER PRIMA (JUTIKOMP), vol. 1, no. 1, pp. 11-15, 20218.
G. Wang, Y. Sun, Q. He, G. Xin, and B. Wang, “A content auditing method of IPsec VPN,” Proc. - 2018 IEEE 3rd Int. Conf. Data Sci. Cyberspace, DSC 2018, pp. 634–639, 2018, doi: 10.1109/DSC.2018.00101.
Y. Shen, Q. F. Zhang, L. Di Ping, Y. F. Wang, and W. J. Li, “A multi-tunnel VPN concurrent system for new generation network based on user space,” Proc. 11th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. Trust. - 11th IEEE Int. Conf. Ubiquitous Comput. Commun. IUCC-2012, pp. 1334–1341, 2012, doi: 10.1109/TrustCom.2012.41.
一种vpn网关支持数万连接,还有软硬件vpn网关实例, “Public Review for A Scalable VPN Gateway for Multi-Tenant Cloud Services Public review written by A Scalable VPN Gateway for Multi-Tenant Cloud Services,” vol. 48, no. 1, pp. 49–55.
I. Aouini, L. Ben Azzouz, and L. A. Saidane, “A secure neighborhood area network using IPsec,” 2016 Int. Wirel. Commun. Mob. Comput. Conf. IWCMC 2016, pp. 102–107, 2016, doi: 10.1109/IWCMC.2016.7577041.
M. Salhi, M. Sliti, and N. Boudriga, “All-optical VPN platform and authentication for VLC-based networks,” 13th HONET-ICT Int. Symp. Smart MicroGrids Sustain. Energy Sources Enabled by Photonics IoT Sensors, HONET-ICT 2016, pp. 29–34, 2016, doi: 10.1109/HONET.2016.7753445.
M. Rao, J. Coleman, and T. Newe, “An FPGA based reconfigurable IPSec ESP core suitable for IoT applications,” Proc. Int. Conf. Sens. Technol. ICST, pp. 1–5, 2016, doi: 10.1109/ICSensT.2016.7796269.
M. Rao, J. Coleman, and T. Newe, “An FPGA based reconfigurable IPSec ESP core suitable for IoT applications,” Proc. Int. Conf. Sens. Technol. ICST, pp. 1–5, 2016, doi: 10.1109/ICSensT.2016.7796269.
S. Ikhwan and A. Amalina, “Analisis Jaringan VPN Menggunakan PPTP dan L2TP (Studi Kasus: Dinhubkominfo Kabupaten Banyumas),” J. Infotel, vol. 9, no. 3, pp. 265–270, 2017.
M. Iqbal and G. Y. Noviantoro, “ANALISIS PERBANDINGAN PERFORMA VPN IPSEC DAN ZRTP PADA VoIP,” Snrik 2016, vol. 1, no. Snrik, pp. 166–171, 2016.
A. Darojat and I. Nurhaida, “Analisa Qos Administrative Distance Static Route Pada Failover Vpn Ipsec,” J. Ilmu Tek. dan Komput., vol. 3, no. 1, p. 11, 2019, doi: 10.22441/jitkom.2020.v3.i1.002
D. F. Jaya Patih, “Analisa Perancangan Server Voip (Voice Internet Protocol) Dengan Opensource Asterisk Dan Vpn (Virtual Private Network) Sebagai Pengaman Jaringan Antar Client,” J. Inform. dan Tek. Elektro Terap., vol. 1, no. 1, pp. 42–48, 2012, doi: 10.23960/jitet.v1i1.23.
A. Amarudin and S. D. Riskiono, “Analisis Dan Desain Jalur Transmisi Jaringan Alternatif Menggunakan Virtual Private Network (Vpn),” J. Teknoinfo, vol. 13, no. 2, p. 100, 2019, doi: 10.33365/jti.v13i2.309..
A. Alsa’deh, C. Meinel, F. Westphal, M. Gawron, and B. Groneberg, “CGA integration into IPsec/IKEv2 authentication,” SIN 2013 - Proc. 6th Int. Conf. Secur. Inf. Networks, pp. 326–330, 2013, doi: 10.1145/2523514.2527097.
J. Hua, F. Jinpo, Z. Gang, and H. Ronglei, “Design and implementation of integrated access VPN gateway,” ACM Int. Conf. Proceeding Ser., no. 7, pp. 128–132, 2019, doi: 10.1145/3371676.3371681.
I. Coonjah, P. C. Catherine, and K. M. S. Soyjaudah, “Design and Implementation of UDP Tunneling-based on OpenSSH VPN,” Proc. - IEEE 2018 Int. Conf. Adv. Comput. Commun. Control Networking, ICACCCN 2018, no. 1, pp. 640–645, 2018, doi: 10.1109/ICACCCN.2018.8748849.
H. Gunleifsen, T. Kemmerich, and V. Gkioulos, “Dynamic setup of IPsec VPNs in service function chaining,” Comput. Networks, vol. 160, pp. 77–91, 2019, doi: 10.1016/j.comnet.2019.05.015.
A. Sushma and T. Sanguankotchakorn, “Implementation of IPsec VPN with SIP Softphones using GNS3,” ACM Int. Conf. Proceeding Ser., pp. 152–156, 2018, doi: 10.1145/3301326.3301333.
K. Rantos, A. Papanikolaou, and C. Manifavas, “IPsec over IEEE 802.15.4 for low power and lossy networks,” MobiWac 2013 - Proc. 11th ACM Int. Symp. Mobil. Manag. Wirel. Access, Co-located with ACM MSWiM 2013, pp. 59–63, 2013, doi: 10.1145/2508222.2508240.
D. Migault, D. Palomares, T. Guggemos, A. Wailly, M. Laurent, and J. P. Wary, “Recommendations for IPsec configuration on homenet and M2M devices,” Q2SWinet 2015 - Proc. 11th ACM Symp. QoS Secur. Wirel. Mob. Networks, pp. 9–17, 2015, doi: 10.1145/2815317.2815323.
Z. Luo, G. Yu, H. Qi, and Y. Liu, “Research of A VPN secure networking model,” Proc. 2013 2nd Int. Conf. Meas. Inf. Control. ICMIC 2013, vol. 1, pp. 567–569, 2013, doi: 10.1109/MIC.2013.6758028.
M. Muhathir, “Perbandingan Algoritme Blowfish Dan Twofish Untuk Kriptografi File Gambar”. Journal of Informatics and Telecommunication Engineering, vol. 2, no. 1, pp. 23-30, 20218.
How To Cite This :
Refbacks
- There are currently no refbacks.
