| A number of techniques have recently been developed which aim to increase the performance of transport and application layer protocols when used over links that exhibit high bit error rates and large propagation delays. However, many of these techniques become useless when a network layer security protocol is used, due to the network payload being protected from observation and/or manipulation. The Multilayer IP Security (ML-IPsec) protocol has been proposed as a way to overcome this problem, allowing performance enhancing technologies to be used whilst providing network layer security.TCP PEP mechanisms have been proposed, and in some cases widely deployed, to improve TCP performance in all-Internet protocol wireless networks. However, this technique is conflicted with IPsec—a standard IP security protocol that will make inroad into wireless networks. This paper analyzes the fundamental problem behind this conflict. The basic principle is to use a multilayer protection model and a fine grain access control to make IP security protocols compatible with TCP PEP. It allows wireless network operators or service providers to grant base stations or wireless routers limited and controllable access to the TCP headers for performance enhancement purposes.ML-IPsec has a number of problems that reduce its effectiveness and cause configuration complexities. This paper identifies these problems and proposes modifications to ML-IPsec, aiming to rectify the issues, ultimately proves its effectiveness of the optimization by experiment.Our implementation modifies the FreeS/WAN code to add ML-IPsec capabilities. Through careful design, implementation, and evaluation, We further conduct an experimental measurement to study the performance of ML-IPsec, such as processing delay, CPU overhead, bandwidth overhead. While we have given an analytical calculation on overhead earlier, this experiment is to measure the actual implementation in a running system. |
PDF Full Text Request