Design and Performance Analysis of CZML-IPSec for Satellite IP Networks

This paper analyzes the conflict between performance enhancing technology and IPSec in satellite IP networks, and proposes a solution called multilayer IP security with changeable zone (CZML-IPSec). It enables licensed intermediate nodes not only access TCP header, but also object links of upper layer in the form of HTML by converting static zone mapping to changeable dynamic mapping and building up composite security association correspondingly. A prototype is implemented to demonstrate the practical feasibility of CZML-IPSec. Measurements and performance analysis indicate that CZML-IPSec does not add unacceptable bandwidth overheads and delay, and it does not increase substantially processing hardware requirements. CZML-IPSec can help satellite IP networks provide both end-to-end security and performance enhancement.

[1]  Steven M. Bellovin,et al.  Transport-Friendly ESP , 1999, Network and Distributed System Security Symposium.

[2]  Adrian Waller,et al.  Performance enhancing proxies and security , 2003 .

[3]  Perry Metzger,et al.  Encapsulating Security Payload (ESP) , 1995 .

[4]  Yongguang Zhang A multilayer IP security protocol for TCP performance enhancement in wireless networks , 2004, IEEE Journal on Selected Areas in Communications.

[5]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[6]  John S. Baras,et al.  Security issues in hybrid networks with a satellite component , 2005, IEEE Wireless Communications.

[7]  Luigi Patrono,et al.  An IPSec-aware TCP PEP for integrated mobile satellite networks , 2004, 2004 IEEE 15th International Symposium on Personal, Indoor and Mobile Radio Communications (IEEE Cat. No.04TH8754).

[8]  Gabriel Montenegro,et al.  Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations , 2001, RFC.

[9]  Mingyan Liu,et al.  Evaluation of performance enhancing proxies in internet over satellite , 2003, Int. J. Commun. Syst..