Performance-Aware Security of Unicast Communication in Hybrid Satellite Networks

Roy-Chowdhury, Ayan; Baras, John S.

doi:10.1109/icc.2009.5199335

Cited by 7 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our approach, called 2L‐IPsec (two‐layer IPsec), is partially based on the proposals ML‐IPsec , LES and performance‐aware security , because we also divide the packet in different parts that can be encrypted with different cryptographic keys and algorithms. The idea is to use layered encryption because it allows us to selectively disclose different parts of a packet to different users without compromising the security of the other parts.…”

Section: Deploying Internet Protocol Security In a Scenario With Perfmentioning

confidence: 99%

“…A critical analysis of ML‐IPsec can be found in . Likewise, and are two proposals that also divide packets into zones: one zone for the TCP/IP headers and another for the user data. In , the two zones are encrypted using two different keys, whereas in , different cryptographic algorithms are also used.…”

Section: Introductionmentioning

confidence: 99%

“…Likewise, and are two proposals that also divide packets into zones: one zone for the TCP/IP headers and another for the user data. In , the two zones are encrypted using two different keys, whereas in , different cryptographic algorithms are also used. Transport‐Friendly ESP modifies the ESP header to include the information needed by PEPs in fields where the cryptographic protection will not be applied.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies

Caubet

Muñoz

Alins

et al. 2012

Satell Commun Network

View full text Add to dashboard Cite

Applications that use the reliable Transmission Control Protocol (TCP) have a significant degradation over satellite links. This degradation is mainly a consequence of the congestion control algorithm used by standard TCP, which is not suitable for overcoming the impairments of satellite networks. To alleviate this problem, two TCP Performance Enhancing Proxies (PEPs) can be deployed at the edges of the satellite segment. Then these PEPs can use different mechanisms such as snooping, spoofing and splitting to achieve a better TCP performance. In general, these mechanisms require the manipulation of the Internet Protocol (IP) and TCP headers that generates a problem when deploying the standard IP security (IPsec) protocol. The security services that IPsec offers (encryption and/or authentication) are based on the cryptographic protection of IP datagrams, including the corresponding IP and TCP headers. As a consequence, these cryptographic protections of IPsec conflict with the mechanisms that PEPs use to enhance the TCP performance in the satellite link. In this article, we detail the reasons that cause this conflict, and we propose three different approaches to deploy IPsec in a scenario with TCP PEPs. Our proposals provide different trade-offs between security and TCP performance in some typical scenarios that use satellite networks.

show abstract

Section: Deploying Internet Protocol Security In a Scenario With Perfmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies

Caubet

Muñoz

Alins

et al. 2012

Satell Commun Network

View full text Add to dashboard Cite

show abstract

“…[4] Introduces a layered architecture extension in IPSec, called CL-IPSec, to provide authentication and integrity services. Based on the original IPSec-PEP, [5] proposes a certificate-based multiple key exchange protocol to avoid the key distribution problem. Insufficiently, the existing solutions cannot guarantee the transmission efficiency and security concurrently over the resource-limited satellite-ground link.…”

Section: Introductionmentioning

confidence: 99%

Toward Bandwidth-efficient Data Distribution in Satellite Networks

Xu¹,

Wang²,

Chen³

et al. 2018

Proceedings of the 2018 International Conference on Transportation &Amp; Logistics, Information &Amp; Communication, Smart City

View full text Add to dashboard Cite

In the satellite communication system, the satellite-ground link acts as an intermediary connecting the space network with the terrestrial network. Unfortunately, this link has become a bottleneck due to bandwidth fatigue, which seriously threatens the availability of network services. Besides, as a typical open channel, the satellite-ground link faces numerous security threats, such as signal interception and interference. In response, solutions have been developed to mitigate such a bottleneck. However, the existing schemes cannot achieve the security and efficiency of transmission concurrently. In this paper, we propose a lightweight data distribution mechanism, which economizes the satellite-ground link bandwidth through request aggregation and service subscription. Meanwhile, it enables the secure transmission by employing digital signature technology. Further, to reduce the service delay, we design a caching mechanism based on resource popularity prediction. Simulation experiments validate the higher bandwidth efficiency of our solution, and thus greatly improving the availability of satellite services.

show abstract

“…Our method for the selection of the optimal strategy is based on a model of the overall technological infrastructure, comprising hardware and network components [11], which is used to carry out an optimal design of infrastructures by minimizing costs required to satisfy given performance requirements of both computing and communication ( [10]─ [13]). …”

Section: Introductionmentioning

confidence: 99%

Cost-Performance Optimization of SSL-Based Secure Distributed Infrastructures

Bregni

Giacomazzi

Poli

2011

IEEE Latin Am. Trans.

View full text Add to dashboard Cite

⎯ Business-to-Business and Business-to-Customer transactions in Internet require secure communication, especially for web applications. The Secure Socket Layer (SSL) protocol is one of the most viable solutions to provide the required level of confidentiality, message integrity and endpoint authentication. The two main alternatives for providing SSL security are the endto-end and the accelerated solutions, which enable different costperformance tradeoffs, where performance is intended as the overall delay that the customer experiences to complete the transaction. The accelerated solution is enabled by special devices (SSL acceleration cards) placed in network nodes. In this paper, we propose an optimization algorithm, which designs the ICT infrastructure minimizing the total cost, given a target performance objective defined as the end-to-end delay for the completion of the distributed application tasks. We apply this method to evaluate the efficiency of SSL acceleration versus end-to-end SSL, in order to determine in what conditions SSL acceleration is convenient. Our algorithm performs joint optimization of computing and communication resources, whilst in literature hardware and network are typically optimized separately.

show abstract

Performance-Aware Security of Unicast Communication in Hybrid Satellite Networks

Cited by 7 publications

References 8 publications

Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies

Deploying Internet Protocol Security in satellite networks using Transmission Control Protocol Performance Enhancing Proxies

Toward Bandwidth-efficient Data Distribution in Satellite Networks

Cost-Performance Optimization of SSL-Based Secure Distributed Infrastructures

Contact Info

Product

Resources

About