Mobile multi-layered IPsec

Heesook Choi, Hui Song, Guohong Cao, Tom La Porta

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

To achieve high throughput in wireless networks, smart forwarding and processing of packets in access routers are critical for overcoming the effects of the wireless links. However, these services cannot be provided if data sessions are protected using end-to-end encryption as with IPsec, because the information needed by these algorithms resides inside the portion of the packet that is encrypted, and can therefore not be used by the access routers. A previously proposed protocol, called Multi-layered IPsec (ML-IPsec) modifies IPsec in a way so that certain portions of the datagram may be exposed to intermediate network elements, enabling these elements to provide performance enhancements. In this paper we extend ML-IPsec to deal with mobility and make it suitable for wireless networks. We define and present performance measurements of an efficient key distribution protocol to enable fast ML-IPsec session initialization, and two mobility protocols that are compatible with Mobile IP and maintain ML-IPsec sessions. Our measurements show that, depending on the mobility protocol chosen, integrated Mobile IP/ML-IPsec handoffs result in a pause of 56-105 milliseconds, of which only 31-85 milliseconds may be attributed to ML-IPsec. Further, we provide detailed discussion and performance measurements of our ML-IPsec implementation. We find the resulting protocol only marginally reduces throughput compared to scenarios in which IPsec is used (4%), and when coupled with SNOOP, greatly increases throughput over scenarios using standard TCP over IPsec (165% on average).

Original languageEnglish (US)
Title of host publicationProceedings - IEEE INFOCOM 2005. The Conference on Computer Communications - 24th Annual Joint Conference of the IEEE Computer and Communications Societies
EditorsK. Makki, E. Knightly
Pages1929-1939
Number of pages11
DOIs
StatePublished - Oct 10 2005
EventIEEE INFOCOM 2005 - Miami, FL, United States
Duration: Mar 13 2005Mar 17 2005

Publication series

NameProceedings - IEEE INFOCOM
Volume3
ISSN (Print)0743-166X

Other

OtherIEEE INFOCOM 2005
CountryUnited States
CityMiami, FL
Period3/13/053/17/05

Fingerprint

Network protocols
Throughput
Routers
Wireless networks
Cryptography
Telecommunication links
Processing

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Electrical and Electronic Engineering

Cite this

Choi, H., Song, H., Cao, G., & La Porta, T. (2005). Mobile multi-layered IPsec. In K. Makki, & E. Knightly (Eds.), Proceedings - IEEE INFOCOM 2005. The Conference on Computer Communications - 24th Annual Joint Conference of the IEEE Computer and Communications Societies (pp. 1929-1939). (Proceedings - IEEE INFOCOM; Vol. 3). https://doi.org/10.1109/INFCOM.2005.1498471
Choi, Heesook ; Song, Hui ; Cao, Guohong ; La Porta, Tom. / Mobile multi-layered IPsec. Proceedings - IEEE INFOCOM 2005. The Conference on Computer Communications - 24th Annual Joint Conference of the IEEE Computer and Communications Societies. editor / K. Makki ; E. Knightly. 2005. pp. 1929-1939 (Proceedings - IEEE INFOCOM).
@inproceedings{19e8f6b8b4404230956d5555d9c92b32,
title = "Mobile multi-layered IPsec",
abstract = "To achieve high throughput in wireless networks, smart forwarding and processing of packets in access routers are critical for overcoming the effects of the wireless links. However, these services cannot be provided if data sessions are protected using end-to-end encryption as with IPsec, because the information needed by these algorithms resides inside the portion of the packet that is encrypted, and can therefore not be used by the access routers. A previously proposed protocol, called Multi-layered IPsec (ML-IPsec) modifies IPsec in a way so that certain portions of the datagram may be exposed to intermediate network elements, enabling these elements to provide performance enhancements. In this paper we extend ML-IPsec to deal with mobility and make it suitable for wireless networks. We define and present performance measurements of an efficient key distribution protocol to enable fast ML-IPsec session initialization, and two mobility protocols that are compatible with Mobile IP and maintain ML-IPsec sessions. Our measurements show that, depending on the mobility protocol chosen, integrated Mobile IP/ML-IPsec handoffs result in a pause of 56-105 milliseconds, of which only 31-85 milliseconds may be attributed to ML-IPsec. Further, we provide detailed discussion and performance measurements of our ML-IPsec implementation. We find the resulting protocol only marginally reduces throughput compared to scenarios in which IPsec is used (4{\%}), and when coupled with SNOOP, greatly increases throughput over scenarios using standard TCP over IPsec (165{\%} on average).",
author = "Heesook Choi and Hui Song and Guohong Cao and {La Porta}, Tom",
year = "2005",
month = "10",
day = "10",
doi = "10.1109/INFCOM.2005.1498471",
language = "English (US)",
isbn = "0780389689",
series = "Proceedings - IEEE INFOCOM",
pages = "1929--1939",
editor = "K. Makki and E. Knightly",
booktitle = "Proceedings - IEEE INFOCOM 2005. The Conference on Computer Communications - 24th Annual Joint Conference of the IEEE Computer and Communications Societies",

}

Choi, H, Song, H, Cao, G & La Porta, T 2005, Mobile multi-layered IPsec. in K Makki & E Knightly (eds), Proceedings - IEEE INFOCOM 2005. The Conference on Computer Communications - 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings - IEEE INFOCOM, vol. 3, pp. 1929-1939, IEEE INFOCOM 2005, Miami, FL, United States, 3/13/05. https://doi.org/10.1109/INFCOM.2005.1498471

Mobile multi-layered IPsec. / Choi, Heesook; Song, Hui; Cao, Guohong; La Porta, Tom.

Proceedings - IEEE INFOCOM 2005. The Conference on Computer Communications - 24th Annual Joint Conference of the IEEE Computer and Communications Societies. ed. / K. Makki; E. Knightly. 2005. p. 1929-1939 (Proceedings - IEEE INFOCOM; Vol. 3).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Mobile multi-layered IPsec

AU - Choi, Heesook

AU - Song, Hui

AU - Cao, Guohong

AU - La Porta, Tom

PY - 2005/10/10

Y1 - 2005/10/10

N2 - To achieve high throughput in wireless networks, smart forwarding and processing of packets in access routers are critical for overcoming the effects of the wireless links. However, these services cannot be provided if data sessions are protected using end-to-end encryption as with IPsec, because the information needed by these algorithms resides inside the portion of the packet that is encrypted, and can therefore not be used by the access routers. A previously proposed protocol, called Multi-layered IPsec (ML-IPsec) modifies IPsec in a way so that certain portions of the datagram may be exposed to intermediate network elements, enabling these elements to provide performance enhancements. In this paper we extend ML-IPsec to deal with mobility and make it suitable for wireless networks. We define and present performance measurements of an efficient key distribution protocol to enable fast ML-IPsec session initialization, and two mobility protocols that are compatible with Mobile IP and maintain ML-IPsec sessions. Our measurements show that, depending on the mobility protocol chosen, integrated Mobile IP/ML-IPsec handoffs result in a pause of 56-105 milliseconds, of which only 31-85 milliseconds may be attributed to ML-IPsec. Further, we provide detailed discussion and performance measurements of our ML-IPsec implementation. We find the resulting protocol only marginally reduces throughput compared to scenarios in which IPsec is used (4%), and when coupled with SNOOP, greatly increases throughput over scenarios using standard TCP over IPsec (165% on average).

AB - To achieve high throughput in wireless networks, smart forwarding and processing of packets in access routers are critical for overcoming the effects of the wireless links. However, these services cannot be provided if data sessions are protected using end-to-end encryption as with IPsec, because the information needed by these algorithms resides inside the portion of the packet that is encrypted, and can therefore not be used by the access routers. A previously proposed protocol, called Multi-layered IPsec (ML-IPsec) modifies IPsec in a way so that certain portions of the datagram may be exposed to intermediate network elements, enabling these elements to provide performance enhancements. In this paper we extend ML-IPsec to deal with mobility and make it suitable for wireless networks. We define and present performance measurements of an efficient key distribution protocol to enable fast ML-IPsec session initialization, and two mobility protocols that are compatible with Mobile IP and maintain ML-IPsec sessions. Our measurements show that, depending on the mobility protocol chosen, integrated Mobile IP/ML-IPsec handoffs result in a pause of 56-105 milliseconds, of which only 31-85 milliseconds may be attributed to ML-IPsec. Further, we provide detailed discussion and performance measurements of our ML-IPsec implementation. We find the resulting protocol only marginally reduces throughput compared to scenarios in which IPsec is used (4%), and when coupled with SNOOP, greatly increases throughput over scenarios using standard TCP over IPsec (165% on average).

UR - http://www.scopus.com/inward/record.url?scp=25844490071&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=25844490071&partnerID=8YFLogxK

U2 - 10.1109/INFCOM.2005.1498471

DO - 10.1109/INFCOM.2005.1498471

M3 - Conference contribution

AN - SCOPUS:25844490071

SN - 0780389689

T3 - Proceedings - IEEE INFOCOM

SP - 1929

EP - 1939

BT - Proceedings - IEEE INFOCOM 2005. The Conference on Computer Communications - 24th Annual Joint Conference of the IEEE Computer and Communications Societies

A2 - Makki, K.

A2 - Knightly, E.

ER -

Choi H, Song H, Cao G, La Porta T. Mobile multi-layered IPsec. In Makki K, Knightly E, editors, Proceedings - IEEE INFOCOM 2005. The Conference on Computer Communications - 24th Annual Joint Conference of the IEEE Computer and Communications Societies. 2005. p. 1929-1939. (Proceedings - IEEE INFOCOM). https://doi.org/10.1109/INFCOM.2005.1498471