A Thin Security Layer Protocol over IP Protocol on TCP/IP Suite for Security Enhancement

In this paper, we proposed a security enhancement for TCP/IP suite. This enhancement adds three modules to TCP/IP. These are security policy, security control, and data security layer. Unlike IPsec, which plugs all security enforcements into IP layer, the proposed architecture distributes the proposed module into their relevant layer. The security policy belongs to application layer, and the security control and management located in the transport layer. The data security layer is located between the transport layer and the IP layer. Security policy interacts with system administrator to define the policies and roles of security to be applied in data communication. Security control module provides the means to apply the security policy defined in security policy module and establishes a secure channel, it uses four-way handshaking and public key cryptography (PKC) to create virtual secure connection and security entity (SE). SE holds the secret key cryptography (SKC), addresses of two hosts that share this SKC, and other vital information necessary to carry out a secure data communication. For data security, we proposed a thin security protocol (TSP) over IP protocol. TSP protocol encrypts and encapsulates the coming transport layer packet into TSP packets. The TSP packet header consists only of two fields each of them is one bytes. The first field identifies the TSP packet types such as public key request, public key acknowledgement (ACK), and secret key and secret key ACK, The second field carries information about the transport layer protocol. In TSP design and implementation, our concern was to minimize the overhead added to IP including traffic volume and transmission delay. In term of data size, TSP adds only two bytes as TSP header