Design and Performance Analysis of CZML-IPSec for Satellite IP Networks
نویسندگان
چکیده
This paper analyzes the conflict between performance enhancing technology and IPSec in satellite IP networks, and proposes a solution called multilayer IP security with changeable zone (CZML-IPSec). It enables licensed intermediate nodes not only access TCP header, but also object links of upper layer in the form of HTML by converting static zone mapping to changeable dynamic mapping and building up composite security association correspondingly. A prototype is implemented to demonstrate the practical feasibility of CZML-IPSec. Measurements and performance analysis indicate that CZML-IPSec does not add unacceptable bandwidth overheads and delay, and it does not increase substantially processing hardware requirements. CZML-IPSec can help satellite IP networks provide both end-to-end security and performance enhancement.
منابع مشابه
Multilayer IPSec (ML-IPSec) Protocol Design for improved security performance over satellites
There are a variety of satellite applications that require application intelligence at intermediate devices for their proper functioning e.g. satellite networks using (Performance Enhancing Proxies, PEPs), real time streaming applications like SIP, H.323 and peer-to-peer applications. Interworking between PEPs and security system has been researched in the past. Multi-layer IPSec (ML-IPSec) res...
متن کاملPerformance Analysis of IP Security VPN
Internet Protocol Security (IPSec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. . IPSec architecture requires the host to provide confidentiality using Encapsulating Security Payload and data integrity using either Authentication Header or Encapsulating Security Payload and anti-replay protection. IPSec ...
متن کاملIPSec performance analysis for large-scale Radio Access Networks
Transition to IP based networks within the telecommunication world is a reality. IP based networks major feature is to enable the merging of wired and wireless networks. However, openness of the network introduces security threats. Therefore, there is the need to adopt solutions to secure transactions. International standardization organizations have proposed the adoption of IPSec as the standa...
متن کاملKey management and multi-layer IPSEC for satellite multicast
Satellites are also ideally suited for delivery of multicast applications. However secure multicast over satellites is a challenging problem. One important step toward the correct solution for end-to-end security is the integration of security architectures between satellites and IP terrestrial networks. This paper presents a secure group management and key distribution architecture based on th...
متن کاملNETWORK SECURITY AND PERFORMANCE EVALUATION OF ML- IPsec OVER SATELLITE NETWORKS
The peculiar characteristics of the satellite links affect performance of the TCP protocol, largely used by most of the Internet applications. Then, to achieve good performance TCP Performance Enhancing Proxy mechanisms are often used. In principle, a TCP PEP mechanism accelerates TCP transfers requiring access to TCP headers in intermediate nodes. As a drawback, this conflicts with IPsec, whic...
متن کامل