Use this URL to cite or link to this record in EThOS:
Title: Security in satellite and delay/disruption tolerant networks
Author: Bhutta, Muhammad Nasir Mumtaz
ISNI:       0000 0004 2716 2720
Awarding Body: University of Surrey
Current Institution: University of Surrey
Date of Award: 2012
Availability of Full Text:
Access from EThOS:
Access from Institution:
Over the past few years, networks which are subject to long delays, high disruptions, asymmetric data rates and/or low delivery ratio etc, have gained popularity. Different approaches have been researched in the past to improve performance of networks under these challenging conditions e. g. modifying TCP behaviour suitable for a selected set of networks including Performance Enhancing Proxies (PEPs) based satellite networks and by proposing complete new networking architecture such as Delay/Disruption Tolerant Networking (DTN). The presence of PEPs breaks the original end-to-end TCP connection into two or three TCP connections and in this way allows a TCP variant to be applied on satellite link in a suitable way. The presence of PEPs on satellite links has disadvantages, e. g. splitting TCP connection is not compliant with the standard internet security mechanism IPsec as IPsec encrypts the traffic which can be only viewed at end nodes. In the thesis, a new dynamic Multilayer IPsec (ML-Ipsec) protocol is proposed for TCP/IP based networks, which enables the trusted intermediate devices to access part of IP datagram in order to function properly, while maintaining confidentiality between end nodes. The protocol is also flexible enough to break the IP datagram as many as 15 levels. The other paradigm, DTN, is an overlay networking architecture; evolved from a focus on deep space networks to a broader class of heterogeneous networks e. g. wireless adhoc networks etc. The security protocols defined for DTN, including the “Bundle Security Protocol” (BSP) are designed on the assumption that some sort of public key management mechanism is there to support security functions. In the DTN community, DTN key management is still an open issue. The thesis proposes to solve the key management issue by contributing: 1) A new Efficient Scalable Key Transport Scheme (ESKTS) which provides a way to transport the symmetric key using public key cryptography, in which the symmetric key generated at a DTN node can be transported to another communicating body securely along with the data. The ESKTS is scalable, communication efficient and compliant with the BSP semantics. 2) Sstandard PKI validation and revocation mechanism is enhanced by a new scheme which is compliant with PKI, compliant with BSP and also enables the applications to build a Certificate Revocation List (CRL) of reduced size. Furthermore the scheme also increases the efficiency to search through the list while providing communication efficiency to distribute CRL in the network due to its reduced size. 3) Framework for DTN key management architecture is proposed to establish a shared state between communicating parties dynamically. The shared state establishes the building block for security services; the cryptographic algorithms and the keys. Keywords: Security, PEPs, Satellite Networks, Key Management, PKI, DTN, Key Transport.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available