Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies
SUMMARY Applications that use the reliable Transmission Control Protocol (TCP) have a significant degradation over satellite links. This degradation is mainly a consequence of the congestion control algorithm used by standard TCP, which is not suitable for overcoming the impairments of satellite net...
Gespeichert in:
| Veröffentlicht in: | International journal of satellite communications and networking 2013-03, Vol.31 (2), p.51-76 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 76 |
|---|---|
| container_issue | 2 |
| container_start_page | 51 |
| container_title | International journal of satellite communications and networking |
| container_volume | 31 |
| creator | Caubet, Juan Muñoz, Jose L. Alins, Juanjo Mata-Díaz, Jorge Esparza, Oscar |
| description | SUMMARY
Applications that use the reliable Transmission Control Protocol (TCP) have a significant degradation over satellite links. This degradation is mainly a consequence of the congestion control algorithm used by standard TCP, which is not suitable for overcoming the impairments of satellite networks. To alleviate this problem, two TCP Performance Enhancing Proxies (PEPs) can be deployed at the edges of the satellite segment. Then these PEPs can use different mechanisms such as snooping, spoofing and splitting to achieve a better TCP performance. In general, these mechanisms require the manipulation of the Internet Protocol (IP) and TCP headers that generates a problem when deploying the standard IP security (IPsec) protocol. The security services that IPsec offers (encryption and/or authentication) are based on the cryptographic protection of IP datagrams, including the corresponding IP and TCP headers. As a consequence, these cryptographic protections of IPsec conflict with the mechanisms that PEPs use to enhance the TCP performance in the satellite link. In this article, we detail the reasons that cause this conflict, and we propose three different approaches to deploy IPsec in a scenario with TCP PEPs. Our proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks. Copyright © 2012 John Wiley & Sons, Ltd.
In this article, we analyze the conflict between the cryptographic protections of Internet Protocol Security (IPsec) and the mechanisms that performance enhancement proxies (PEPs) use to enhance the transmission control protocol (TCP) performance in satellite links, and propose three different approaches to deploy IPsec in a scenario with TCP PEPs. These proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks. |
| doi_str_mv | 10.1002/sat.1017 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1439743817</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2894325041</sourcerecordid><originalsourceid>FETCH-LOGICAL-c3647-de38f1c1cf625bfc57a0ede86ca8e25e0fac8c8704fbcb9a96250169a28c0d003</originalsourceid><addsrcrecordid>eNp1kUtLAzEUhQdRsD7AnxBw42Y0mcxMMkuptorFZ7XLkKZ3NDpNapKhLfjjTVEqCq7ugfudw30kyQHBxwTj7MTLEAVhG0mHFHmW4oqTzbVmdDvZ8f41kiUuSCf5OINZY5faPKNLE8AZCOjW2WCVbdADqNbpsETaoJgLTaMDoIjMrXvzqPUr29BJ46fae20N6loTXHSuI27B1dZNpVGAzs1LrCtPbC80-L1kq5aNh_3vups89s6H3Yt0cNO_7J4OUkXLnKUToLwmiqi6zIpxrQomMUyAl0pyyArAtVRccYbzeqzGlawihklZyYwrPMGY7iZHX7kzZ99b8EHEeVVcRxqwrRckpxXLKScsood_0FfbOhOnEyTjnJaE5MVPoHLWewe1mDk9lW4pCBarN4h4LrF6Q0TTL3SuG1j-y4mH0-FvXvsAizUv3ZsoGWWFGF33RXk_eureXVHRo5_LdZsr</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1288361145</pqid></control><display><type>article</type><title>Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies</title><source>Wiley Online Library</source><creator>Caubet, Juan ; Muñoz, Jose L. ; Alins, Juanjo ; Mata-Díaz, Jorge ; Esparza, Oscar</creator><creatorcontrib>Caubet, Juan ; Muñoz, Jose L. ; Alins, Juanjo ; Mata-Díaz, Jorge ; Esparza, Oscar</creatorcontrib><description>SUMMARY
Applications that use the reliable Transmission Control Protocol (TCP) have a significant degradation over satellite links. This degradation is mainly a consequence of the congestion control algorithm used by standard TCP, which is not suitable for overcoming the impairments of satellite networks. To alleviate this problem, two TCP Performance Enhancing Proxies (PEPs) can be deployed at the edges of the satellite segment. Then these PEPs can use different mechanisms such as snooping, spoofing and splitting to achieve a better TCP performance. In general, these mechanisms require the manipulation of the Internet Protocol (IP) and TCP headers that generates a problem when deploying the standard IP security (IPsec) protocol. The security services that IPsec offers (encryption and/or authentication) are based on the cryptographic protection of IP datagrams, including the corresponding IP and TCP headers. As a consequence, these cryptographic protections of IPsec conflict with the mechanisms that PEPs use to enhance the TCP performance in the satellite link. In this article, we detail the reasons that cause this conflict, and we propose three different approaches to deploy IPsec in a scenario with TCP PEPs. Our proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks. Copyright © 2012 John Wiley & Sons, Ltd.
In this article, we analyze the conflict between the cryptographic protections of Internet Protocol Security (IPsec) and the mechanisms that performance enhancement proxies (PEPs) use to enhance the transmission control protocol (TCP) performance in satellite links, and propose three different approaches to deploy IPsec in a scenario with TCP PEPs. These proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks.</description><identifier>ISSN: 1542-0973</identifier><identifier>EISSN: 1542-0981</identifier><identifier>DOI: 10.1002/sat.1017</identifier><language>eng</language><publisher>Chichester: Blackwell Publishing Ltd</publisher><subject>Computer information security ; Intellectual property ; IP (Internet Protocol) ; IP-security (IPsec) protocol ; Performance Enhancing Proxy (PEP) ; Satellite networks ; Satellites ; Security ; TCP (protocol) ; TCP snooping ; TCP splitting ; TCP spoofing ; Transmission Control Protocol (TCP) ; Virtual private networks</subject><ispartof>International journal of satellite communications and networking, 2013-03, Vol.31 (2), p.51-76</ispartof><rights>Copyright © 2012 John Wiley & Sons, Ltd.</rights><rights>Copyright © 2013 John Wiley & Sons, Ltd.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c3647-de38f1c1cf625bfc57a0ede86ca8e25e0fac8c8704fbcb9a96250169a28c0d003</citedby><cites>FETCH-LOGICAL-c3647-de38f1c1cf625bfc57a0ede86ca8e25e0fac8c8704fbcb9a96250169a28c0d003</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://onlinelibrary.wiley.com/doi/pdf/10.1002%2Fsat.1017$$EPDF$$P50$$Gwiley$$H</linktopdf><linktohtml>$$Uhttps://onlinelibrary.wiley.com/doi/full/10.1002%2Fsat.1017$$EHTML$$P50$$Gwiley$$H</linktohtml><link.rule.ids>314,777,781,1412,27905,27906,45555,45556</link.rule.ids></links><search><creatorcontrib>Caubet, Juan</creatorcontrib><creatorcontrib>Muñoz, Jose L.</creatorcontrib><creatorcontrib>Alins, Juanjo</creatorcontrib><creatorcontrib>Mata-Díaz, Jorge</creatorcontrib><creatorcontrib>Esparza, Oscar</creatorcontrib><title>Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies</title><title>International journal of satellite communications and networking</title><addtitle>Int. J. Satell. Commun. Network</addtitle><description>SUMMARY
Applications that use the reliable Transmission Control Protocol (TCP) have a significant degradation over satellite links. This degradation is mainly a consequence of the congestion control algorithm used by standard TCP, which is not suitable for overcoming the impairments of satellite networks. To alleviate this problem, two TCP Performance Enhancing Proxies (PEPs) can be deployed at the edges of the satellite segment. Then these PEPs can use different mechanisms such as snooping, spoofing and splitting to achieve a better TCP performance. In general, these mechanisms require the manipulation of the Internet Protocol (IP) and TCP headers that generates a problem when deploying the standard IP security (IPsec) protocol. The security services that IPsec offers (encryption and/or authentication) are based on the cryptographic protection of IP datagrams, including the corresponding IP and TCP headers. As a consequence, these cryptographic protections of IPsec conflict with the mechanisms that PEPs use to enhance the TCP performance in the satellite link. In this article, we detail the reasons that cause this conflict, and we propose three different approaches to deploy IPsec in a scenario with TCP PEPs. Our proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks. Copyright © 2012 John Wiley & Sons, Ltd.
In this article, we analyze the conflict between the cryptographic protections of Internet Protocol Security (IPsec) and the mechanisms that performance enhancement proxies (PEPs) use to enhance the transmission control protocol (TCP) performance in satellite links, and propose three different approaches to deploy IPsec in a scenario with TCP PEPs. These proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks.</description><subject>Computer information security</subject><subject>Intellectual property</subject><subject>IP (Internet Protocol)</subject><subject>IP-security (IPsec) protocol</subject><subject>Performance Enhancing Proxy (PEP)</subject><subject>Satellite networks</subject><subject>Satellites</subject><subject>Security</subject><subject>TCP (protocol)</subject><subject>TCP snooping</subject><subject>TCP splitting</subject><subject>TCP spoofing</subject><subject>Transmission Control Protocol (TCP)</subject><subject>Virtual private networks</subject><issn>1542-0973</issn><issn>1542-0981</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2013</creationdate><recordtype>article</recordtype><recordid>eNp1kUtLAzEUhQdRsD7AnxBw42Y0mcxMMkuptorFZ7XLkKZ3NDpNapKhLfjjTVEqCq7ugfudw30kyQHBxwTj7MTLEAVhG0mHFHmW4oqTzbVmdDvZ8f41kiUuSCf5OINZY5faPKNLE8AZCOjW2WCVbdADqNbpsETaoJgLTaMDoIjMrXvzqPUr29BJ46fae20N6loTXHSuI27B1dZNpVGAzs1LrCtPbC80-L1kq5aNh_3vups89s6H3Yt0cNO_7J4OUkXLnKUToLwmiqi6zIpxrQomMUyAl0pyyArAtVRccYbzeqzGlawihklZyYwrPMGY7iZHX7kzZ99b8EHEeVVcRxqwrRckpxXLKScsood_0FfbOhOnEyTjnJaE5MVPoHLWewe1mDk9lW4pCBarN4h4LrF6Q0TTL3SuG1j-y4mH0-FvXvsAizUv3ZsoGWWFGF33RXk_eureXVHRo5_LdZsr</recordid><startdate>201303</startdate><enddate>201303</enddate><creator>Caubet, Juan</creator><creator>Muñoz, Jose L.</creator><creator>Alins, Juanjo</creator><creator>Mata-Díaz, Jorge</creator><creator>Esparza, Oscar</creator><general>Blackwell Publishing Ltd</general><general>Wiley Subscription Services, Inc</general><scope>BSCLL</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>FR3</scope><scope>H8D</scope><scope>JQ2</scope><scope>KR7</scope><scope>L7M</scope><scope>7SC</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>201303</creationdate><title>Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies</title><author>Caubet, Juan ; Muñoz, Jose L. ; Alins, Juanjo ; Mata-Díaz, Jorge ; Esparza, Oscar</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c3647-de38f1c1cf625bfc57a0ede86ca8e25e0fac8c8704fbcb9a96250169a28c0d003</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Computer information security</topic><topic>Intellectual property</topic><topic>IP (Internet Protocol)</topic><topic>IP-security (IPsec) protocol</topic><topic>Performance Enhancing Proxy (PEP)</topic><topic>Satellite networks</topic><topic>Satellites</topic><topic>Security</topic><topic>TCP (protocol)</topic><topic>TCP snooping</topic><topic>TCP splitting</topic><topic>TCP spoofing</topic><topic>Transmission Control Protocol (TCP)</topic><topic>Virtual private networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Caubet, Juan</creatorcontrib><creatorcontrib>Muñoz, Jose L.</creatorcontrib><creatorcontrib>Alins, Juanjo</creatorcontrib><creatorcontrib>Mata-Díaz, Jorge</creatorcontrib><creatorcontrib>Esparza, Oscar</creatorcontrib><collection>Istex</collection><collection>CrossRef</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Engineering Research Database</collection><collection>Aerospace Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Civil Engineering Abstracts</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>International journal of satellite communications and networking</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Caubet, Juan</au><au>Muñoz, Jose L.</au><au>Alins, Juanjo</au><au>Mata-Díaz, Jorge</au><au>Esparza, Oscar</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies</atitle><jtitle>International journal of satellite communications and networking</jtitle><addtitle>Int. J. Satell. Commun. Network</addtitle><date>2013-03</date><risdate>2013</risdate><volume>31</volume><issue>2</issue><spage>51</spage><epage>76</epage><pages>51-76</pages><issn>1542-0973</issn><eissn>1542-0981</eissn><abstract>SUMMARY
Applications that use the reliable Transmission Control Protocol (TCP) have a significant degradation over satellite links. This degradation is mainly a consequence of the congestion control algorithm used by standard TCP, which is not suitable for overcoming the impairments of satellite networks. To alleviate this problem, two TCP Performance Enhancing Proxies (PEPs) can be deployed at the edges of the satellite segment. Then these PEPs can use different mechanisms such as snooping, spoofing and splitting to achieve a better TCP performance. In general, these mechanisms require the manipulation of the Internet Protocol (IP) and TCP headers that generates a problem when deploying the standard IP security (IPsec) protocol. The security services that IPsec offers (encryption and/or authentication) are based on the cryptographic protection of IP datagrams, including the corresponding IP and TCP headers. As a consequence, these cryptographic protections of IPsec conflict with the mechanisms that PEPs use to enhance the TCP performance in the satellite link. In this article, we detail the reasons that cause this conflict, and we propose three different approaches to deploy IPsec in a scenario with TCP PEPs. Our proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks. Copyright © 2012 John Wiley & Sons, Ltd.
In this article, we analyze the conflict between the cryptographic protections of Internet Protocol Security (IPsec) and the mechanisms that performance enhancement proxies (PEPs) use to enhance the transmission control protocol (TCP) performance in satellite links, and propose three different approaches to deploy IPsec in a scenario with TCP PEPs. These proposals provide different trade‐offs between security and TCP performance in some typical scenarios that use satellite networks.</abstract><cop>Chichester</cop><pub>Blackwell Publishing Ltd</pub><doi>10.1002/sat.1017</doi><tpages>26</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1542-0973 |
| ispartof | International journal of satellite communications and networking, 2013-03, Vol.31 (2), p.51-76 |
| issn | 1542-0973 1542-0981 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1439743817 |
| source | Wiley Online Library |
| subjects | Computer information security Intellectual property IP (Internet Protocol) IP-security (IPsec) protocol Performance Enhancing Proxy (PEP) Satellite networks Satellites Security TCP (protocol) TCP snooping TCP splitting TCP spoofing Transmission Control Protocol (TCP) Virtual private networks |
| title | Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-17T14%3A40%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Deploying%20Internet%20Protocol%20Security%20in%20satellite%20networks%20using%20Transmission%20Control%20Protocol%20Performance%20Enhancing%20Proxies&rft.jtitle=International%20journal%20of%20satellite%20communications%20and%20networking&rft.au=Caubet,%20Juan&rft.date=2013-03&rft.volume=31&rft.issue=2&rft.spage=51&rft.epage=76&rft.pages=51-76&rft.issn=1542-0973&rft.eissn=1542-0981&rft_id=info:doi/10.1002/sat.1017&rft_dat=%3Cproquest_cross%3E2894325041%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1288361145&rft_id=info:pmid/&rfr_iscdi=true |