Improving TCP/IP performance over wireless networks
MobiCom '95 Proceedings of the 1st annual international conference on Mobile computing and networking
TCP/IP performance over 3G wireless links with rate and delay variation
Proceedings of the 8th annual international conference on Mobile computing and networking
Secure Mobile IP Communication
LCN '01 Proceedings of the 26th Annual IEEE Conference on Local Computer Networks
NIST Net: a Linux-based network emulation tool
ACM SIGCOMM Computer Communication Review
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Security in Mobile IPv6: A survey
Information Security Tech. Report
Hi-index | 0.00 |
To achieve high throughput in wireless networks, smart forwarding and processing of packets in access routers is critical for overcoming the effects of the wireless links. However, these services cannot be provided if data sessions are protected using end-to-end encryption as with IPsec, because the information needed by these algorithms resides inside the portion of the packet that is encrypted, and can therefore not be used by the access routers. A previously proposed protocol, called Multi-layered IPsec (ML-IPsec) modifies IPsec in a way so that certain portions of the datagram may be exposed to intermediate network elements, enabling these elements to provide performance enhancements. In this paper we extend ML-IPsec to deal with mobility and make it suitable for wireless networks. We define and implement an efficient key distribution protocol to enable fast ML-IPsec session initialization, and two mobility protocols that are compatible with Mobile IP and maintain ML-IPsec sessions. Our measurements show that, depending on the mobility protocol chosen, integrated Mobile IP/ML-IPsec handoffs result in a pause of 53-100 milliseconds, of which only 28-75 milliseconds may be attributed to ML-IPsec. Further, we provide detailed discussion and performance measurements of our MML-IPsec implementation. We find the resulting protocol, when coupled with SNOOP, greatly increases throughput over scenarios using standard TCP over IPsec (165% on average). By profiling the MML-IPsec implementation, we determine the bottleneck to be sending packets over the wireless link. In addition, we propose and implement an extension to MML-IPsec, called dynamic MML-IPsec, in which a flow may switch between plaintext, IPsec and MML-IPsec. Using dynamic MML-IPsec, we can balance the tradeoff between performance and security.