1 / 11

A Multilayer IP Security Protocol for TCP Performance in Wireless Networks

A Multilayer IP Security Protocol for TCP Performance in Wireless Networks. Authors: Yongguang Zhang Source: IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL.22, pp. 767-776, NO.4, MAY 2004 Speaker: Mei-Yu Lin Date: 2004/12/30. Outline. 1.Introduction

chalsie
Download Presentation

A Multilayer IP Security Protocol for TCP Performance in Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Multilayer IP Security Protocol for TCP Performance in Wireless Networks Authors: Yongguang Zhang Source: IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL.22, pp. 767-776, NO.4, MAY 2004 Speaker: Mei-Yu Lin Date: 2004/12/30

  2. Outline 1.Introduction 2.Analysis of the implication of IPsec in Wireless Networks 3.Principle of Multilayer Security Protection 4.ML-IPsec Design Detail 5.Performance Evaluation 6.Conclusion 7.Future Work about ML-IPsec

  3. 1.Introduction A.TCP performance enhancement mechanism (TCP PEP) -TCP Spoofing B. IPsec -An standard for secure communications in the Internet C. IPsec is conflicted with TCP PEP

  4. 2.Analysis of the implication of IPsec in Wireless Networks A.IPsec & End-to-End Security Protection Model -Two protocol:AH & ESP -Two mode:Transport & Tunnel -IP datagram: IP header & Upper layer protocol headers & User data B. Conflicts between IPsec & TCP PEP C. Fundamental Limitations of End-to-EndProtection -Traffic Engineering -Traffic Analysis -Application-Layer Proxies/Agent -Active Networks

  5. 2.Analysis of the implication of IPsec in Wireless Networks(con.) D. Approaches -Replacing IPsec with a transport-layer security mechanism -Tunneling one security protocol -Using a transport-friendly ESP format -Splitting IPsec into Two Segment

  6. 3.Principle of Multilayer Security Protection A.Divides the IP datagram into zones B.Each zone has -it's own set of security associations -it's own set of private keys -it’s own set of access control rules C.ML-IPsec defines a complex security relationship and selected intermediate nodes along the delivery path -example

  7. 4.ML-IPsec Design Details A. Zones B. Composite Security Association -CSA & SA C. Protocol Header -AH -ESP D. Inbound & Outbound Processing in ML-IPsec -ICV (Integrity Check Value) -Zone by Zone Encryption -Outbound Processing in ML-IPsec -Inbound Processing in ML-IPsec -Partial In-Out Processing at Intermediate Routers

  8. 5.Performance Evalution A.Bandwidth Overhead Analysis Table 2 B.Implementation Complexity Table 3 C.Experimental Measurements -CONFIG: IP, IPsec, ML-IPsec (one zone), ML-IPsec (two zone) -STATUS: the processing delay, the CPU load, the Protocol format overhead -MODE: Transport & Tunnel -PACKET SIZE: 1500bit & 284bit

  9. 6.Conclusion A.IPsec v.s TCP PEP B.ML-IPsec can be added to an existing IPsec system and it’s overhead is low. C.ML-IPsec has achieved the goal -granting trusted intermediated routers a secure, controlled, and limited access to selected portions of IP datagrames D.ML-IPsec preserving the end-to-end security protection to user data.

  10. 7.Future Work about ML-IPsec • A extension of IKE to support ML-IPsec • Automatic Keying • To find the efficient mechanism needed for multiparty key distributions

  11. THE END! THANK YOU!

More Related