Abstract-In this work, we address the performance problems that arise when unicast security protocols IPSEC and SSL are applied for securing the end-to-end communication in hybrid satellite networks. Satellite networks use TCP and HTTP performance-enhancing proxy servers to overcome the adverse effect of the large delay-bandwidth product of the satellite channel. However, the proxy servers cannot function when IPSEC and SSL are used for secure unicast communication in hybrid satellite networks. We therefore propose the use of the Layered IPSEC (LES) protocol as an alternative to IPSEC for networklayer security. We describe a modification to the Internet Key Exchange protocol if dynamic key establishment is needed for Layered IPSEC. For application-level security of web browsing with acceptable end-to-end delay, we propose the Dual-mode SSL protocol (DSSL) to be used instead of SSL. We describe how LES and DSSL protocols achieve the desired end-to-end communication security while allowing the TCP and HTTP proxy servers to function correctly. Through simulation studies, we quantify the improvement in performance that is achieved using our proposed protocols, compared to traditional IPSEC and SSL.
We describe a new class of lightweight, symmetric-key digital certificates called extended TESLA certificates and a source authentication protocol for wireless group communication that is based on the certificate. The certificate binds the identity of a wireless smart device to the anchor element of its key chain; keys from the chain are used for computing message authentication codes (MACs) on messages sourced by the device. The authentication protocol requires a centralized infrastructure in the network: we describe the protocol in a hybrid wireless network with a satellite overlay interconnecting the wireless devices. The satellite is used as the Certificate Authority (CA) and also acts as the proxy for the senders in disclosing the MAC keys to the receivers. We also design a probabilistic nonrepudiation mechanism that utilizes the satellite's role as the CA and sender proxy. Through analysis, we show that the authentication protocol is secure against malicious adversaries. We also present detailed simulation results that demonstrate that the proposed protocol is much cheaper than traditional public key-based authentication technologies for metrics like processing delay, storage requirements, and energy consumption of the smart devices.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.