Multilayer Neural Networks (sometimes called “Multilayer Perceptrons” or MLPs)
A Multilayer IP Security Protocol for TCP Performance in Wireless Networks Authors: Yongguang Zhang...
-
Upload
melvin-warner -
Category
Documents
-
view
220 -
download
0
description
Transcript of A Multilayer IP Security Protocol for TCP Performance in Wireless Networks Authors: Yongguang Zhang...
A Multilayer IP Security A Multilayer IP Security Protocol for TCP Protocol for TCP
Performance in Wireless Performance in Wireless NetworksNetworks
Authors:Authors: Yongguang Zhang Yongguang ZhangSource:Source: IEEE JOURNAL ON SELECTED AREAS IN IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL.22, pp. 767-776,COMMUNICATIONS, VOL.22, pp. 767-776, NO.4, MAY 2004NO.4, MAY 2004 Speaker:Speaker: Mei-Yu Lin Mei-Yu LinDate:Date: 2004/12/30 2004/12/30
OutlineOutline
1.Introduction2.Analysis of the implication of IPsec in Wireless Networks3.Principle of Multilayer Security Protection4.ML-IPsec Design Detail5.Performance Evaluation6.Conclusion7.Future Work about ML-IPsec
1.Introduction1.IntroductionA.TCP performance enhancement mechanism (TCP PEP) -TCP SpoofingB. IPsec -An standard for secure communications in the InternetC. IPsec is conflicted with TCP PEP
2.Analysis of the implication of IPsec i2.Analysis of the implication of IPsec in Wireless Networksn Wireless NetworksA.IPsec & End-to-End Security Protection Model -Two protocol : AH & ESP -Two mode : Transport & Tunnel -IP datagram: IP header & Upper layer protocol headers & User dataB. Conflicts between IPsec & TCP PEPC. Fundamental Limitations of End-to-End Protection -Traffic Engineering -Traffic Analysis -Application-Layer Proxies/Agent -Active Networks
2.Analysis of the implication of IPsec i2.Analysis of the implication of IPsec in Wireless Networks(con.)n Wireless Networks(con.)D. Approaches -Replacing IPsec with a transport-layer security mechanism -Tunneling one security protocol -Using a transport-friendly ESP format -Splitting IPsec into Two Segment
3.Principle of Multilayer 3.Principle of Multilayer Security ProtectionSecurity Protection
A.Divides the IP datagram into zonesB.Each zone has -it's own set of security associations -it's own set of private keys -it’s own set of access control rulesC.ML-IPsec defines a complex security relationship and selected intermediate nodes along the delivery path -example
4.ML-IPsec Design Details4.ML-IPsec Design DetailsA. ZonesB. Composite Security Association -CSA & SAC. Protocol Header -AH -ESPD. Inbound & Outbound Processing in ML-IPsec -ICV (Integrity Check Value) -Zone by Zone Encryption -Outbound Processing in ML-IPsec -Inbound Processing in ML-IPsec -Partial In-Out Processing at Intermediate Routers
5.Performance Evalution5.Performance EvalutionA.Bandwidth Overhead Analysis
Table 2 B.Implementation ComplexityTable 3C.Experimental Measurements
-CONFIG: IP, IPsec, ML-IPsec (one zone), ML-IPsec (two zone) -STATUS: the processing delay, the CPU load, the Protocol format overhead -MODE: Transport & Tunnel -PACKET SIZE: 1500bit & 284bit
6.Conclusion6.Conclusion
A.IPsec v.s TCP PEPB.ML-IPsec can be added to an existing IPsec system and it’s overhead is low.C.ML-IPsec has achieved the goal -granting trusted intermediated routers a secure, controlled, and limited access to selected portions of IP datagramesD.ML-IPsec preserving the end-to-end security protection to user data.
7.Future Work about ML-IPsec7.Future Work about ML-IPsec• A extension of IKE to support ML-IPsec• Automatic Keying• To find the efficient mechanism needed for multiparty key distributions
THE END!THANK YOU!