The move to a pervasive computing environment, with the increasing use of laptops, netbooks, smartphones and tablets, means that we are more reliant on wireless networking and batteries for our daily computational needs. Specifically, this includes applications which have sensitive data that must be securely communicated over VPNs. However, the use of VPNs and mobile, wireless computing creates conflicting needs: VPNs traditionally assume a stable network connection, which is then secured; in contrast, wireless computing assumes a transitory network connection due to mobility or energy-saving protocols. In this work we study the ability to use traditional VPN protocols, specifically IPsec, in mobile environments while permitting for energy savings. Energy savings come from power-cycling the wireless radio when it is not in use.

More specifically, we develop a mathematical model for determining potential power savings on mobile devices when power-cycling the radio in IPsec use settings. Next, we perform performance measurements on IPsec session resumption protocols IKEv2 [1], MOBIKE [2], and IPsec Gateway Failover (IGF) [3] to provide data for our model. We apply the model to over 3000 wireless sessions, and determine the optimal power savings that could be achieved by power-cycling the radio while maintaining an IPsec connection. We show that there is a high-potential for energy savings in the best case. Finally, we develop an efficient and simple real-world online scheduling algorithm that achieves near optimal results for a majority of users.


WiFi VPN IPsec IPsec gateway failover energy saving security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kaufman, C.: Internet Key Exchange (IKEv2) Protocol. RFC4306 (December 2005)Google Scholar
  2. 2.
    Eronen, P.: IKEv2 Mobility and Multihoming Protocol (MOBIKE). RFC4555Google Scholar
  3. 3.
    Sheffer, Y., Tschofenig, H., Dondeti, L., Narayanan, V.: IPsec Gateway Failover Protocol. draft-sheffer-ipsec-failover-04.txt (July 2008)Google Scholar
  4. 4.
    Palumbo, S., Dyer, N.: Maximizing Mobile Worker Productivity. Yankee Group Research, Inc. (January 2008)Google Scholar
  5. 5.
    Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC4301 (2005)Google Scholar
  6. 6.
    Housley, R.: Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP). RFC4309 (December 2005)Google Scholar
  7. 7.
    Agarwal, Y., Schurgers, C., Gupta, R.: Dynamic power management using on demand paging for networked embedded systems. In: Asian and South Pacific Design Automation Conference, ASP-DAC (2005)Google Scholar
  8. 8.
    IEEE Computer Society: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications. IEEE Standard 802.11, 1999 Edition (1999)Google Scholar
  9. 9.
    Pering, T., Agarwal, Y., Gupta, R., Want, R.: CoolSpots: Reducing the Power Consumption of Wireless Mobile Devices with Multiple Radio Interfaces. In: ACM MobiSys (2006)Google Scholar
  10. 10.
    Anad, M., Nightingale, E.B., Flinn, J.: Self-Tuning Wireless Network Power Management. In: ACM MobiCom (2003)Google Scholar
  11. 11.
    Nedevschi, S., Chandrasheka, J., Liu, J., Nordman, B.: Skilled in the art of being idle: Reducing energy waste in networked systems. In: ACM/USENIX Symposium on Networked Systems Design & Implementation, NSDI (2009)Google Scholar
  12. 12.
    Shih, E., Bahl, P., Sinclair, M.J.: Wake on Wireless: An Event Driven Energy Saving Strategy for Battery Operated Devices. In: ACM MobiCom (2002)Google Scholar
  13. 13.
    Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC2409 (November 1998)Google Scholar
  14. 14.
    Huang, G., Beaulieu, S., Rochefort, D.: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers. RFC3706 (February 2004)Google Scholar
  15. 15.
    Salowey, J., Zhou, H., Eronen, P., Tschofenig, H.: Transportation Layer Security (TLS) Session Resumption without Server-Side State. RFC4507 (May 2006)Google Scholar
  16. 16.
    Linux/ACPI project: Linux ACPI,
  17. 17.
    strongSwan project: strongSwan,
  18. 18.
    Tegeler, F.: Security analysis, prototype implementation, and performance evaluation of a new IPSec session resumption method. Master’s thesis, University of Goettingen (2008)Google Scholar
  19. 19.
    Kivinen, T., Tschofenig, H.: Design of the IKEv2 Mobility and Multihoming Protocol (MOBIKE). RFC4621Google Scholar
  20. 20.
    Allard, F., Bonnin, J.M.: An application of the context transfer protocol: IPsec in a IPv6 mobility environment. Int’l. Journal of Communication Networks and Distributed Systems 1(1) (2008)Google Scholar
  21. 21.
    Loughney, J., Nakhjiri, M., Perkins, C., Koodli, R.: Context Transfer Protocol (CXTP). RFC4067 (July 2005)Google Scholar
  22. 22.
    Choi, H., Song, H., Cao, G., Porta, T.L.: Mobile multi-layered IPsec. In: IEEE Infocom (March 2005)Google Scholar
  23. 23.
    Zhang, Y., Singh, B.: A multi-layer IPsec protocol. In: USENIX Security Symposium (August 2000)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Youngsang Shin
    • 1
  • Steven Myers
    • 1
  • Minaxi Gupta
    • 1
  1. 1.School of Informatics and ComputingIndiana UniversityBloomingtonUSA

Personalised recommendations