E2E: An Optimized IPsec Architecture for Secure And Fast Offload

When mobile End Users are offloaded from a Radio Access Network (RAN) to a WLAN, current I-WLAN [1] offloaded architectures consider traffic converging to a common Security Gateway. In this paper, we propose an alternative End-to-End security (E2E) architecture based on the MOBIKE-X [2] protocol, which extends the MOBIKE [3] Mobility and Multihoming features to Multiple Interfaces and to the Transport mode of IPsec. The benefits of this E2E architecture are mostly load reduction and a better End User experience. First, E2E offloads the ISP CORE and backhaul networks, then E2E uses IPsec Transport mode instead of Tunnel mode, which removes networking and security overhead. This reduces CPU load by 20%, enhances Mobility and Multihoming operations by about 15%, and makes the system 2.9 times more reactive for detecting modifications of interfaces.