Title: A new protocol for security and QoS in IP networks

Authors: Mahmoud Mostafa, Anas Abou El Kalam, Christian Fraboul

Addresses: Universite de Toulouse, INPT-ENSEEIHT, IRIT-CNRS, 2 rue Charles Camichel, 31070 Toulouse, France. ' Universite de Toulouse, INPT-ENSEEIHT, IRIT-CNRS, 2 rue Charles Camichel, 31070 Toulouse, France. ' Universite de Toulouse, INPT-ENSEEIHT, IRIT-CNRS, 2 rue Charles Camichel, 31070 Toulouse, France

Abstract: To effectively manage network resources and to serve different traffic needs, several studies have been done in the Quality of Service (QoS) area. Basically, |Multi-Field| (MF) packet classifiers classify a packet by looking for multiple fields of the IP-TCP headers, recognise which flow the packet belongs to, and according to this information, provide service differentiation in IP networks. However, for security purposes, existing security protocols (such as the IPSec ESP) hide much of this information in their encrypted payloads, preventing network control devices such as routers and switches from utilising this information in performing classification appropriately. The ESPQ protocol deals with this problem but it has some security weaknesses. In this paper, we present the ESPQ vulnerabilities and we propose QoS-friendly Encapsulated Security Payload (Q-ESP) as a security protocol that provides both security and QoS support.

Keywords: security protocols; IPSec; ESP; encapsulated security payload; authentication header; QoS; quality of service; IP networks; network security; ESPQ vulnerabilities.

DOI: 10.1504/IJICS.2009.031038

International Journal of Information and Computer Security, 2009 Vol.3 No.3/4, pp.245 - 264

Published online: 18 Jan 2010 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article