************************************************************************
README 
 
Copyright (c) 1997 University of Southern California.
All rights reserved.                                            
                                                                
Redistribution and use in source and binary forms are permitted
provided that the above copyright notice and this paragraph are
duplicated in all such forms and that any documentation, advertising
materials, and other materials related to such distribution and use
acknowledge that the software was developed by the University of
Southern California, Information Sciences Institute.  The name of the
University may not be used to endorse or promote products derived from
this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

************************************************************************

This tarfile includes patches for testing the performance of
IPv4 Authentication Header processing, and to compare the 
performance of various authentication algorithms inside an
IP implementation. 

Further information can be obtained from http://www.isi.edu/atomic2/

Tarfile definition:

  o SunOS 4.1.3 patchfiles to add IPv4 Authentication Headers (RFC 1826)

    contained in the following five directories:
	netinet
	os
	sun4m
	sys
	conf

    definition:

      No keying (to be used to stream performance only)

      Various algorithms:

	MD5		As per RFC 1321.
			(uses little-endian byte order)
	
	MD5-optimized	Source-code optimized version of MD5,
			as per J. Touch, "Performance Analysis of MD5",
			Sigcomm '95, pp. 77-86.

	NBO-MD5-opt	Network-standard byte order version of
			MD5-optimized.

	AHA		Alternate Hash Algorithm, as suggested
			in the above Sigcomm paper, by J. Touch.
			(byte-order invariant)

	ROG		"Alternate Hash" (a.k.a. AH), as per
			P. Rogaway, "Design and Analysis of Message
			Authentication Codes," Proc. RSA Data Security
			Conf., 1996.
			(uses little-endian byte order)

	NBO-ROG		Network-standard byte order version of ROG.

	CKSUM		Internet checksum algorithm (used as a hash),
			as per RFC 1071.
			Used to measure the data-touching overheads,
			as a 'trivial' algorithm that touches all data.

	NULL-CKSUM	Insert and delete AH headers, but perform 
			no authentication algorithm. 
			Used to measure the header processing overheads.

  o 'blast' test program

	The program tests end-to-end performance over TCP, UDP,
	and paced UDP transfers. Blast has been modified to include
	command-line options to socket options to engage the various
	algorithms listed above. 

	Pacing is included to measure the optimal UDP throughput.
	Unpaced UDP often overruns the receive buffer, resulting
	in good measurements of send-side performance, but poor
	measures of receive-side performance. Pacing is optimized 
	to estimate an upper bound on receive-side performance:

	    TCP		reliable end-to-end performance
	    UDP		upper-bound on send-side performance only
	    UDP_PACED	upper-bound on receive-side performance only

	Blast also provides a template for using the socket options
	to engage the algorithms.

  o 'script' test directory

	Perl (v5) scripts used to gather data via blast tests,
	and plot the results (using plot). It includes automatic
	pacing determination.


The following is a brief summary of our conclusions:

Authentication is often viewed as an end-to-end performance bottleneck
in networks.  To analyze the impact of IP Authentication Headers (AHs)
on end-to-end performance, a comparison of IP AH algorithms in IPv4 on
SunOS was completed, indicating that MD5 is 1/3 as fast as stand-alone
MD5 (in memory).  Network-standard byte-order (NSBO) versions of
several hash algorithms were compared to ISI's Alternate Hash
Algorithm (AHA) which is native to any byte order [see reference
J. Touch, "Performance Analysis of MD5," Proc. ACM SIGCOMM '95,
Boston, MA, Aug. 1995, pp. 77-86]. In NSBO, Rogaway's Alternate Hash
(AH) [P. Rogaway, "Design and Analysis of Message Authentication
Codes," Proc. RSA Data Security Conf., Jan. 1996] is nearly twice the
speed of MD5.  AHA is the fastest current algorithm, and is twice as
fast as AH, which is the next-fastest.  This comparison is being used
to suggest alternatives to MD5 for IP-level authentication, to enable
authentication while retaining high bandwidth.

The following people have contributed to this code:

	Joe Touch	Project leader, overall architecture.
			Optimized MD5 algorithm, AHA algorithm designs.

	Annette DeSchon	Initial blast design and implementation.

	Avneesh Sachdev	Initial version of IPv4 kernel patches
			for MD5, MD5-OPT, and modifications to
			blast to engage socket options.

	Darshan Jani	Final implementation of patches, blast,
			and scripts.

Contact touch@isi.edu for more information, or contact the
ATOMIC-2 web pages (http://www.isi.edu/atomic2).

(end.)