首页 | 本学科首页   官方微博 | 高级检索  
     


Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies
Authors:Juan Caubet  Jose L. Muñoz  Juanjo Alins  Jorge Mata‐Díaz  Oscar Esparza
Affiliation:Department of Telematics Engineering, Universitat Politècnica de Catalunya (UPC), , Spain
Abstract:Applications that use the reliable Transmission Control Protocol (TCP) have a significant degradation over satellite links. This degradation is mainly a consequence of the congestion control algorithm used by standard TCP, which is not suitable for overcoming the impairments of satellite networks. To alleviate this problem, two TCP Performance Enhancing Proxies (PEPs) can be deployed at the edges of the satellite segment. Then these PEPs can use different mechanisms such as snooping, spoofing and splitting to achieve a better TCP performance. In general, these mechanisms require the manipulation of the Internet Protocol (IP) and TCP headers that generates a problem when deploying the standard IP security (IPsec) protocol. The security services that IPsec offers (encryption and/or authentication) are based on the cryptographic protection of IP datagrams, including the corresponding IP and TCP headers. As a consequence, these cryptographic protections of IPsec conflict with the mechanisms that PEPs use to enhance the TCP performance in the satellite link. In this article, we detail the reasons that cause this conflict, and we propose three different approaches to deploy IPsec in a scenario with TCP PEPs. Our proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks. Copyright © 2012 John Wiley & Sons, Ltd.
Keywords:Transmission Control Protocol (TCP)  Performance Enhancing Proxy (PEP)  TCP snooping  TCP spoofing  TCP splitting  IP‐security (IPsec) protocol
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号