TCP-GEN Framework to Achieve High Performance for HAIPE-Encrypted TCP Traffic in a Satellite Communication Environment

A satellite communication environment has a high latency and a high data error rate, and thus the performance of TCP is greatly impaired. To overcome this, Performance Enhancing Proxies (PEPs) are commonly deployed around the satellite links. However, the operation of PEPs is disabled when TCP traffic is encrypted by High Assurance Internet Protocol Encryptions (HAIPE). As a result the performance of the HAIPE-encrypted TCP traffic across satellite links becomes very low. Numerous approaches have been proposed to resolve this problem, but a practical solution is yet to be developed. In this research, we developed a method that can achieve the high performance offered by PEPs for HAIPE-encrypted TCP traffic across satellite links. This method encodes and relays the original TCP flow information across HAIPE without any modification to the existing HAIPE while preserving the same level of security. It then reconstructs new TCP streams and encapsulates HAIPE-encrypted original TCP packets in them. These new TCP streams can be natively handled by PEPs and thus the full TCP performance can be achieved. This method is also applicable to both IPv4 and IPv6. However, this scheme faces a challenge of handling TCP-over-TCP that suffers from a phenomenon called TCP meltdown. We propose a method that can prevent TCP meltdown and briefly describe it.

[1]  B. Eliasi,et al.  VPN over satellite: Performance improving of E2E secured TCP flows , 2008, 2008 5th IFIP International Conference on Wireless and Optical Communications Networks (WOCN '08).

[2]  Rab Nawaz,et al.  Implementation of IPsec on performance enhancing proxies for long distance wireless and satellite networks , 2012, 2012 15th International Multitopic Conference (INMIC).

[3]  John S. Baras,et al.  Performance-Aware Security of Unicast Communication in Hybrid Satellite Networks , 2009, 2009 IEEE International Conference on Communications.

[4]  Zhensheng Zhang,et al.  TCP accelerator for DVB-RCS SATCOM dynamic bandwidth environment with HAIPE , 2011, Journal of Communications and Networks.

[5]  Hiroshi Matsuo,et al.  T3: TCP-Based High-Performance and Congestion-Aware Tunneling Protocol for Cloud Networking , 2016, 2016 International Conference on Cloud Computing Research and Innovations (ICCCRI).

[6]  Martin Moseley,et al.  Multilayer IPSec (ML-IPSec) Protocol Design for improved security performance over satellites , 2011 .

[7]  Liangping Ma,et al.  Supporting reliable and secure transport services over DVB-RCS satellite systems using XCP , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[8]  Hiroyuki Ohsaki,et al.  Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency , 2005, SPIE Optics East.

[9]  Luigi Patrono,et al.  LIFT: a Local IPSec-aware Freezing Protocol to improve TCP Performance in Satellite Networks , 2017 .

[10]  Rong Ke Liu,et al.  IPSecOPEP: IPSec over PEPs architecture, for secure and optimized communications over satellite links , 2016, 2016 7th IEEE International Conference on Software Engineering and Service Science (ICSESS).

[11]  M. Ufuk Çaglayan,et al.  IPSEC over satellite links: a new flow identification method , 2006, 2006 International Symposium on Computer Networks.

[12]  N. Thanthry,et al.  A Novel Mechanism for Improving Performance and Security of TCP Flows over Satellite Links , 2006, Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology.

[13]  K. M. S. Soyjaudah,et al.  Evaluation of UDP tunnel for data replication in data centers and cloud environment , 2016, 2016 International Conference on Computing, Communication and Automation (ICCCA).

[14]  Haitham S. Cruickshank,et al.  Redesigning of IPSec for interworking with satellite Performance Enhancing Proxies , 2011, 2011 6th International ICST Conference on Communications and Networking in China (CHINACOM).

[15]  Emmanuel Lochin,et al.  SatERN: A PEP-Less Solution for Satellite Communications , 2011, 2011 IEEE International Conference on Communications (ICC).

[16]  Winston Khoon Guan Seah,et al.  TCP tunnels: avoiding congestion collapse , 2000, Proceedings 25th Annual IEEE Conference on Local Computer Networks. LCN 2000.

[17]  Pierre Clarel Catherine,et al.  Experimental performance comparison between TCP vs UDP tunnel using OpenVPN , 2015, 2015 International Conference on Computing, Communication and Security (ICCCS).

[18]  V. Chan,et al.  Escape the tyranny of TCP , 2009, MILCOM 2009 - 2009 IEEE Military Communications Conference.