Mobile multi-layered IPsec

To achieve high throughput in wireless networks, smart forwarding and processing of packets in access routers are critical for overcoming the effects of the wireless links. However, these services cannot be provided if data sessions are protected using end-to-end encryption as with IPsec, because th...

Full description

Saved in:
Bibliographic Details
Published inProceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies Vol. 3; pp. 1929 - 1939 vol. 3
Main Authors Heesook Choi, Hui Song, Guohong Cao, La Porta, T.
Format Conference Proceeding
LanguageEnglish
Published IEEE 2005
Subjects
Access protocols
Computer science
Cryptography
Measurement
Protection
Telecommunication traffic
Throughput
Virtual private networks
Wireless application protocol
Wireless networks
Online AccessGet full text

Cover

More Information
Summary:To achieve high throughput in wireless networks, smart forwarding and processing of packets in access routers are critical for overcoming the effects of the wireless links. However, these services cannot be provided if data sessions are protected using end-to-end encryption as with IPsec, because the information needed by these algorithms resides inside the portion of the packet that is encrypted, and can therefore not be used by the access routers. A previously proposed protocol, called multi-layered IPsec (ML-IPsec) modifies IPsec in a way so that certain portions of the datagram may be exposed to intermediate network elements, enabling these elements to provide performance enhancements. In this paper we extend ML-IPsec to deal with mobility and make it suitable for wireless networks. We define and present performance measurements of an efficient key distribution protocol to enable fast ML-IPsec session initialization, and two mobility protocols that are compatible with mobile IP and maintain ML-IPsec sessions. Our measurements show that, depending on the mobility protocol chosen, integrated mobile IP/ML-IPsec handoffs result in a pause of 56-105 milliseconds, of which only 31-85 milliseconds may be attributed to ML-IPsec. Further, we provide detailed discussion and performance measurements of our ML-IPsec implementation. We find the resulting protocol only marginally reduces throughput compared to scenarios in which IPsec is used (4%), and when coupled with SNOOP, greatly increases throughput over scenarios using standard TCP over IPsec (165% on average).
ISBN:9780780389687
0780389689
ISSN:0743-166X
2641-9874
DOI:10.1109/INFCOM.2005.1498471