Performance-Aware Security of Unicast Communication in Hybrid Satellite Networks

In this work, we address the performance problems that arise when unicast security protocols IPSEC and SSL are applied for securing the end-to-end communication in hybrid satellite networks. Satellite networks use TCP and HTTP performance-enhancing proxy servers to overcome the adverse effect of the large delay-bandwidth product of the satellite channel. However, the proxy servers cannot function when IPSEC and SSL are used for secure unicast communication in hybrid satellite networks. We therefore propose the use of the layered IPSEC (LES) protocol as an alternative to IPSEC for network-layer security. We describe a modification to the Internet key exchange protocol if dynamic key establishment is needed for layered IPSEC. For application-level security of Web browsing with acceptable end-to-end delay, we propose the dual-mode SSL protocol (DSSL) to be used instead of SSL. We describe how LES and DSSL protocols achieve the desired end-to-end communication security while allowing the TCP and HTTP proxy servers to function correctly. Through simulation studies, we quantify the improvement in performance that is achieved using our proposed protocols, compared to traditional IPSEC and SSL.