Random early detection gateways for congestion avoidance
IEEE/ACM Transactions on Networking (TON)
A comparison of mechanisms for improving TCP performance over wireless links
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
Promoting the use of end-to-end congestion control in the Internet
IEEE/ACM Transactions on Networking (TON)
Problem areas for the IP security protocols
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Optimization of the Establishment of Secure Communication Channels in Wireless Mobile Networks
IPDPS '02 Proceedings of the 16th International Parallel and Distributed Processing Symposium
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Computer Networks: The International Journal of Computer and Telecommunications Networking
Security in Mobile IPv6: A survey
Information Security Tech. Report
Wireless Networks
New mechanisms for end-to-end security using IPSec in NAT-based private networks
HSI'03 Proceedings of the 2nd international conference on Human.society@internet
Stream control transmission protocol (SCTP) preformance over the land mobile satellite channel
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
Hi-index | 0.00 |
IPsec [KA98c] is a suite of standard protocols that provides security services for Internet communications. It protects the entire IP datagram in an "end-to-end" fashion; no intermediate network node in the public Internet can access or modify any information above the IP layer in an IPsec-protected packet. However, recent advances in internet technology introduce a rich new set of services and applications, like traffic engineering, TCP performance enhancements, or transparent proxying and caching, all of which require intermediate network nodes to access a certain part of an IP datagram, usually the upper layer protocol information, to perform flow classification, constraint-based routing, or other customized processing. This is in direct conflict with the IPsec mechanisms. In this research, we propose a multi-layer security protection scheme for IPsec, which uses a finer-grain access control to allow trusted intermediate routers to read and write selected portions of IP datagrams (usually the headers) in a secure and controlled manner.