1 / 14

SPEP: A Secure and Efficient Scheme for Bulk Data Transfer over Wireless Networks

SPEP: A Secure and Efficient Scheme for Bulk Data Transfer over Wireless Networks. Venkatesh Obanaik, Lillykutty Jacob, and A L Ananda Communication and Internet Research Lab National University of Singapore. Presented by Mark Johnson. Introduction.

fiorella
Download Presentation

SPEP: A Secure and Efficient Scheme for Bulk Data Transfer over Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SPEP: A Secure and Efficient Scheme for Bulk Data Transfer over Wireless Networks Venkatesh Obanaik, Lillykutty Jacob, and A L Ananda Communication and Internet Research Lab National University of Singapore Presented by Mark Johnson Advanced Computer Networks

  2. Introduction • Enhance performance in a wired/wireless environment • Be able to enhance performance while maintaining end-to-end security • Minimize overhead introduced Advanced Computer Networks

  3. Previous Approaches: Performance Enhancement • Split Connection approaches (I-TCP, MTCP) • Violate end-to-end semantics and prevent use of end-to-end IPSEC • End-to-End approaches (SNOOP, M-TCP, WTCP, ELN) • Assume TCP headers are readable • TCP HACK • Inherently won’t work due to the fact that IPSEC integrity check will discard corrupted packets Advanced Computer Networks

  4. Previous Approaches: Performance Enhancement • Freeze-TCP • Will work with end-to-end IPSEC • Only provides a solution for disconnection issues, doesn’t distinguish congestion from corruption • Delayed Duplicate Acknowledgement • Open issues regarding differentiation of packet loss nature Advanced Computer Networks

  5. Previous Approaches: Security • Intelligent PEP switch • Can choose between security and performance, can’t have both • SSL • Encrypts data and still works with performance enhancement • Doesn’t encrypt TCP headers • TF-ESP • Forces authentication of TCP header information but still exposes too much information Advanced Computer Networks

  6. SPEP Approach • Loss Detection • Running sequence number for all packets sent • Base station keeps track of packets received in sequence • Receiver checks base station information vs. received packet information to determine whether loss is due to congestion or corruption • All detection is done one-way from sender to receiver Advanced Computer Networks

  7. SPEP Approach Advanced Computer Networks

  8. SPEP Approach • Recovery • Set a bit in TCP header of duplicate ACK • Sender retransmits corruption losses without invoking congestion control mechanisms Advanced Computer Networks

  9. Implementation Considerations • Uses IPv6 implementation • Flow label and source address allow SPEP to uniquely identify flows • ESP header contains counter • DSTOPT header can be used to carry blocks of in-sequence numbers Advanced Computer Networks

  10. Test Configuration Advanced Computer Networks

  11. Performance Evaluation: LAN Advanced Computer Networks

  12. Performance Evaluation: WAN Advanced Computer Networks

  13. Performance Evaluation: Throughput Advanced Computer Networks

  14. SPEP Merits • Provides end-to-end service • Only tracks packets in forward direction • Smooth handoff; minimal state information • Easily Scalable • Can be used as a generic network layer proxy Advanced Computer Networks

More Related