Yongguang Zhang

Bio: Yongguang Zhang is an academic researcher from HRL Laboratories. The author has contributed to research in topics: TCP acceleration & IP tunnel. The author has an hindex of 1, co-authored 1 publications receiving 72 citations.

A multilayer IP security protocol for TCP performance enhancement in wireless networks

Abstract: Transmission control protocol (TCP) performance enhancement proxy (PEP) mechanisms have been proposed, and in some cases widely deployed, to improve TCP performance in all-Internet protocol (IP) wireless networks. However, this technique is conflicted with IP-security (IPsec)-a standard IP security protocol that will make inroad into wireless networks. This paper analyzes the fundamental problem behind this conflict and develops a solution called multilayer IP-security (ML-IPsec). The basic principle is to use a multilayer protection model and a fine grain access control to make IP security protocols compatible with TCP PEP. It allows wireless network operators or service providers to grant base stations or wireless routers limited and controllable access to the TCP headers for performance enhancement purposes. Through careful design, implementation, and evaluation, we show that we can easily add ML-IPsec to existing IPsec software and the overhead is low. We conclude that ML-IPsec can help wireless networks provide both security and performance.

Delay- and Disruption-Tolerant Networking (DTN): An Alternative Solution for Future Satellite Networking Applications

Abstract: Satellite communications are characterized by long delays, packet losses, and sometimes intermittent connectivity and link disruptions. The TCP/IP stack is ineffective against these impairments and even dedicated solutions, such as performance enhancing proxies (PEPs), can hardly tackle the most challenging environments, and create compatibility issues with current security protocols. An alternative solution arises from the delay- and disruption-tolerant networking (DTN) architecture, which specifies an overlay protocol, called bundle protocol (BP), on top of either transport protocols (TCP, UDP, etc.), or of lower layer protocols (Bluetooth, Ethernet, etc.). The DTN architecture provides long-term information storage on intermediate nodes, suitable for coping with disrupted links, long delays, and intermittent connectivity. By dividing the end-to-end path into multiple DTN hops, in a way that actually extends the TCP-splitting concept exploited in most PEPs, DTN allows the use of specialized protocols on the satellite (or space) links. This paper discusses the prospects for use of DTN in future satellite networks. We present a broad DTN overview, to make the reader familiar with the characteristics that differentiate DTN from ordinary TCP/IP networking, compare the DTN and PEP architectures and stacks, as a preliminary step for the subsequent DTN performance assessment carried out in practical LEO/GEO satellite scenarios. DTN security is studied next, examining the advantages over present satellite architectures, the threats faced in satellite scenarios, and also open issues. Finally, the relation between DTN and quality of service (QoS) is investigated, by focusing on QoS architectures and QoS tools and by discussing the state of the art of DTN research activity in modeling, routing, and congestion control.

Delay- and Disruption-Tolerant Networking (DTN): An Alternative Solution for Future Satellite Networking Applications Applications of DTN for future satellite networks are discussed in this paper, as well as the relationship between DTN and quality of service (QoS).

Abstract: Satellite communications are characterized by long delays, packet losses, and sometimes intermittent connectivity and link disruptions. The TCP/IP stack is ineffective against these impairments and even dedicated solutions, such as performance enhancing proxies (PEPs), can hardly tackle the most challenging environments, and create compatibility issues with current security protocols. An alternative solution arises from the delay- and disruption-tolerant networking (DTN) architecture, which specifies an overlay protocol, called bundle protocol (BP), on top of either transport protocols (TCP, UDP, etc.), or of lower layer protocols (Bluetooth, Ethernet, etc.). The DTN architecture provides long-term information storage on intermediate nodes, suitable for coping with disrupted links, long delays, and intermittent connectivity. By dividing the end-to-end path into multiple DTN hops, in a way that actually extends the TCP- splitting concept exploited in most PEPs, DTN allows the use of specialized protocols on the satellite (or space) links. This paper discusses the prospects for use of DTN in future satellite networks. We present a broad DTN overview, to make the reader familiar with the characteristics that differentiate DTN from ordinary TCP/IP networking, compare the DTN and PEP architectures and stacks, as a preliminary step for the subse- quent DTN performance assessment carried out in practical LEO/ GEO satellite scenarios. DTN security is studied next, examining the advantages over present satellite architectures, the threats faced in satellite scenarios, and also open issues. Finally, the relation between DTN and quality of service (QoS) is investigated, by focusing on QoS architectures and QoS tools and by discussing the state of the art of DTN research activity in modeling, routing, and congestion control.

Security issues in hybrid networks with a satellite component

Abstract: Satellites are expected to play an increasingly important role in providing broadband Internet services over long distances in an efficient manner. Most future networks will be hybrid in nature - having terrestrial nodes interconnected by satellite links. Security is an important concern in such networks, since the satellite segment is susceptible to a host of attacks, including eavesdropping, session hijacking and data corruption. In this article we address the issue of securing communication in satellite networks. We discuss various security attacks that are possible in hybrid satellite networks, and survey the different solutions proposed to secure data communications in these networks. We look at the performance problems arising in hybrid networks due to security additions like Internet security protocol (IPSec) or secure socket layer (SSL), and suggest solutions to performance-related problems. We also point out important drawbacks in the proposed solutions, and suggest a hierarchical key-management approach for adding data security to group communication in hybrid networks.

Method and system for providing end-to-end security solutions to aid protocol acceleration over networks using selective layer encryption

Abstract: The present invention is a method, system, and computer program that provides secure network communication over a network between a first and a second entity wherein data packets are encrypted and transmitted according to previously exchanged encryption command information and wherein TCP accelerators may be used to effectively accelerate the transmission of the data packets. A method, system, and computer program are also shown that provide secure network communication through encrypting a plurality of payloads and embedding encryption command information for each encrypted payload into an options field of a corresponding protocol header while still allowing TCP accelerators to read the protocol headers and effectively accelerate the transmission of the payloads.

Security, Internet connectivity and aircraft data networks

Abstract: Internet connectivity, which was in experimental stages only a few years ago, is a reality today. Current implementations allow passengers to access the Internet for pleasure, and, in some cases, secure VPN access is provided to corporate networks. Several researchers are looking at the possibility of the existence a total of three networks: passenger network (PN), crew network (CRN), and the control network (CON). Researchers envision an architecture where these three networks will co-exist in an airplane. The available Internet connectivity can be utilized for transporting flight critical information like cockpit flight data recorder (CFDR) data, digital tight data recorder (DFDR) data, cockpit voice recorder (CVR) data and controller pilot data link communication. In addition, the internet connectivity could also be used for other safety mechanisms like video surveillance and remote control of the flight. Security is one of the major concerns that affect the successful deployment of aircraft data networks (ADN) and other safety features. Several studies have been carried out to secure the network using firewalls and intrusion detection systems but so far no study has focused on securing the communication channel (between the aircraft and the ground station) and its impact on the ADN. The scope of this research is to determine the viability and need of a security mechanism. The research will also focus on the performance of different security architectures and determine their usability in the framework of an ADN