Authors: Mahmoud Mostafa, Anas Abou El Kalam, Christian Fraboul
Addresses: Universite de Toulouse, INPT-ENSEEIHT, IRIT-CNRS, 2 rue Charles Camichel, 31070 Toulouse, France. ' Universite de Toulouse, INPT-ENSEEIHT, IRIT-CNRS, 2 rue Charles Camichel, 31070 Toulouse, France. ' Universite de Toulouse, INPT-ENSEEIHT, IRIT-CNRS, 2 rue Charles Camichel, 31070 Toulouse, France
Abstract: To effectively manage network resources and to serve different traffic needs, several studies have been done in the Quality of Service (QoS) area. Basically, |Multi-Field| (MF) packet classifiers classify a packet by looking for multiple fields of the IP-TCP headers, recognise which flow the packet belongs to, and according to this information, provide service differentiation in IP networks. However, for security purposes, existing security protocols (such as the IPSec ESP) hide much of this information in their encrypted payloads, preventing network control devices such as routers and switches from utilising this information in performing classification appropriately. The ESPQ protocol deals with this problem but it has some security weaknesses. In this paper, we present the ESPQ vulnerabilities and we propose QoS-friendly Encapsulated Security Payload (Q-ESP) as a security protocol that provides both security and QoS support.
Keywords: security protocols; IPSec; ESP; encapsulated security payload; authentication header; QoS; quality of service; IP networks; network security; ESPQ vulnerabilities.
International Journal of Information and Computer Security, 2009 Vol.3 No.3/4, pp.245 - 264
Published online: 18 Jan 2010 *Full-text access for editors Access for subscribers Purchase this article Comment on this article