Secure performance enhancing proxy: To ensure end-to-end security and enhance TCP performance over IPv6 wireless networks

Abstract

It is a well known fact that TCP is incapacitated to distinguish congestion losses in the wired network from corruption losses occurring in the wireless link and this inability results in poor performance of TCP in a hybrid wired-cum-wireless scenario. Most of the solutions previously proposed to address this problem are designed oblivious of the security considerations and violate end-to-end TCP semantics. Achieving improved TCP performance together with ensuring end-to-end security necessitates the co-existence of security mechanisms like IPSEC and performance enhancing solutions. However, IP security and TCP performance have been traditionally dealt with in a mutually exclusive manner. We propose an innovative mechanism, Secure Performance Enhancing Proxy (SPEP), to address the seemingly arduous problem of enhancing TCP performance over wireless networks, preserving end-to-end TCP semantics as well as ensuring end-to-end security. The proposed SPEP scheme decouples error detection and error distinction mechanism from error recovery mechanism which not only facilitates in performance improvement but also offers multifarious advantages discussed in the paper. We have implemented the proposed scheme in FreeBSD 4.5 and conducted experiments in a controlled test bed setup. Our results show improved TCP performance in a secured environment with introduction of minimal overhead.