Tunnel Gateway Satisfying Mobility and Security Requirements of Mobile and IP-Based Networks

  • Jung, Youn-Chan (School of Information, Communications and Electronics Engineering, Catholic University of Korea) ;
  • Peradilla, Marnel (School of Information, Communications and Electronics Engineering, Catholic University of Korea)
  • Received : 2011.04.24
  • Published : 2011.12.31

Abstract

Full-mesh IPSec tunnels pass through a black ("unsecure") network (B-NET) to any red ("secure") networks (RNETs). These are needed in military environments, because they enable dynamically changing R-NETs to be reached from a BNET. A dynamically reconfiguring security policy database (SPD) is very difficult to manage, since the R-NETs are mobile. This paper proposes advertisement process technologies in association with the tunnel gateway's protocol that sends 'hello' and 'prefix advertisement (ADV)' packets periodically to a multicast IP address to solve mobility and security issues. We focus on the tunnel gateway's security policy (SP) adaptation protocol that enables R-NETs to adapt to mobile environments and allows them to renew services rapidly soon after their redeployment. The prefix ADV process enables tunnel gateways to gather information associated with the dynamic changes of prefixes and the tunnel gateway's status (that is, 'down'/restart). Finally, we observe two different types of performance results. First, we explore the effects of different levels of R-NET movements on SP adaptation latency. Next, we derive the other SP adaptation latency. This can suffer from dynamic deployments of tunnel gateways, during which the protocol data traffic associated with the prefix ADV protocol data unit is expected to be severe, especially when a certain tunnel gateway restarts.

Keywords

References

  1. N. A. Surobhi, Y. Ma, and A. Jamalipour, "A semantic traffic management scheme for public safety applications in mobile ad hoc networks," in Proc. ISWPC, Feb. 2011, pp. 1-6.
  2. A. Ghosh, R. Talpade, M. Elaoud, and M. Bereschinsky, "Securing ad-hoc networks using IPsec," in Proc. IEEE MILCOM, vol. 5, Oct. 2005, pp. 2948-2953.
  3. K. Wen, W. Guo, and B. Xiao, ''A mobility management scheme for hierarchical mobile ad hoc networks," ITS Telecommun. Proc., pp. 671-674, June 2006.
  4. T. H. Tran, "Proactive multicast-based IPSEC discovery protocol and multicast extension," in Proc. IEEE MILCOM, Oct. 2006, pp. 1-7.
  5. F. Ingelrest, N. Mitton, and D. Simplot-Ryl, ''A turnover based adaptive HELLO protocol for mobile ad hoc and sensor networks," in Proc. MASCOTS, Oct. 2007, pp. 9-14.
  6. C. E. Fossa and T. G. Macdonald, "Intemetworking tactical MANETs," in Proc. IEEE MILCOM, Oct. 31-Nov. 3, 2010, pp. 611-616.
  7. K. Ishimura, T. Tamura, S. Mizuno, H. Sato, and T. Motono, "Dynamic IPVPN architecture with secure IPsec tunnels," in Proc. APSITT, June 2010, pp. 1-5.
  8. B.-J. Kim and S. Srinivasan, "Simple mobility support for IPsec tunnel mode," in Proc. IEEE VTC-fall, vol.3,Oct. 2003, pp. 1999-2003.
  9. A. Gunnar and M. Johansson, "Robust routing under BGP reroutes," in Proc. IEEE GLOBECOM, Nov. 2007, pp. 2719-2723.
  10. S. L. Murphy, "Secure inter-domain routing standards evolution and role in the future GIG," in Proc. IEEE MILCOM, Oct. 2007, pp. 1-7.
  11. L. Junhai, Y. Danxia, X. Liu, and F. Mingyu, ''A survey of multicast routing protocols for mobile ad-hoc networks," IEEE Commun. Surveys Tut., vol. 11, no. 1, pp. 78-91, First Quarter 2009.
  12. S. Bin, K. Haiyan, and H. Zhonggong, "Adaptive mechanisms to enhance internet connectivity for mobile ad hoc networks," in Proc. WiCOM, Sept. 2006, pp. 1-4.
  13. I. Suliman and J. Lehtomaki, "Queueing analysis of opportunistic access in cognitive radios," in Proc. CogART, May 2009, pp. 153-157.
  14. N. Kazemi, A. L. Wijesinha, and R. Karne, "Evaluation of IPsec overhead for VoIP using a bare PC," in Proc. ICCET, voL 2, Apr. 2010, pp. V2-586- V2-589.