Encryption and authentication for IP data

Hello everyone!

At my company, we are evaluating an AVL project with Wavecom devices connected with GPRS through the Internet. We want to provide GPS data sent from the device to the AVL server with confidentiality, integrity and authentication.

We need to have very low bandwidth consumption for GPS data (less than 1MB/month), and we were evaluating different alternatives. AFAIK, TLS/SSL is not an option since we need to have TCP based connections, and for intermitent connections we would be wasting a lot of bandwidth in handshakes, so we thought about IPsec. Anyone knows if there’s any OpenAT plugin that provides support for IPsec? Anyway, I think IPSec would impose almost 50-60 extra bytes/packet, which is almost the data we need to transfer in each packet… I read something about DTLS (Datagram TLS for TLS over UDP connections), but I assume is even less supported.

Any suggestions?

Thanks in advance to everyone!



We ended using AES-CBC with per-device keys and a MD5 MAC (which is actually quite expensive, requiring 16 bytes of data…), and we are planning to use Security plug-it to use the AES256 support.

I don’t know yet if Security plug-in support AES-CCM mode, but if it is, we will surely use it instead of MD5 MAC. Otherwise, I’m going to take a loot at how hard is to use AES in CCM mode given the existing implementations.