Essay: Performance Enhancing Proxies And Interoperability With HTTP2/QUIC For End-to-End Security.

Title: Middle Boxes in mobile networks, are they good or bad

In general HTTP and TCP/IP protocols have poor performance in mobile networks. Explain the use of middle boxes or Performance Enhancing Proxies (PEPs) that accelerates Internet access to mobile devices and reduce the response time for a mobile client request.

Compare mobile PEPs use against the recent HTTP2 and QUIC application layer protocols. Also highlight security conflicts between web proxies and end to end security system such as SSL/TLS and IPsec (ESP in transport mode). Finally present your own solution/solutions to resolve the challenging interoperability issues between PEPs, HTTP2/QUIC and end-to-end security.

Web caching has seen wide deployment in the mobile Internet access for two reasons. First, a Web cache can substantially reduce the response time for a client request, particularly if the bottleneck bandwidth between the client and the origin server is much less than the bottleneck bandwidth between the client and the cache. Second, Web caches can substantially reduce traffic in the mobile operator core network link to the Internet. Also web caches are widely used by Content Distribution Networks (CDNs) in many geographically distributed caches throughout the Internet, thereby localizing much of the traffic (such as installing servers at mobile operators networks). There are shared CDNs (such as Akamai and Limelight) and dedicated CDNs (such as Google and Microsoft).

In addition, Google has been working recently on two protocols HTTP2 (IETF RFC 7540) and QUIC (https://www.chromium.org/quic ) with a special focus on accelerating web access to mobile devices. SSL/TLS are always used with HTTP2 and QUIC. Therefore, their interworking with web proxies might require careful consideration. Also GTP and IPsec in tunnel mode are widely used by mobile network operators, which again require some consideration.

Your essay should address the above issues and provide solution/solutions for interoperability between PEPs, HTTP2/QUIC and end-to-end security.

To learn beyond a simple overview of HTTP2/QUIC, TLS/SSL and IPSec and their intricate relationship with middle boxes in the Internet.

Also, to demonstrate your ability to collect and select technical material; to organise technical material in a concise fashion; to write a technical document which provides useful information (straight to the point); to develop critical ability.

Explaining Performance Enhancing Proxies and Middleboxes

The main reason for the deployment of the Performance Enhancing Proxies (PEPs) is for the purpose of improving the performance of TCP. The characteristics of some specific link environment which might include the satellite, wireless WAN, and wireless LAN environment are the main reason lying behind the deployment of the PEPs [1]. A PEP use case is mainly used in order to bridge two different TCP congestion avoidance algorithm. The two algorithm consists of one suitable for wireless and another for wire network. By eliminating end to end TCP flow to the boundary of any system. PEP is associated with allowing the use of the TCP congestion in order to avoid the algorithm which is mainly designed and tuned for the environment. This tuning and designing is generally done irrespective of the TCP version which is used by a system [19]. This kind of PEP consists of various essential parts and one of which the IP address transparency and this is associated with avoiding the making of new clients from internet content server. Performance Enhancing proxies are also known as transparent L4/L7 proxies [3]. PEPs are also used for the purpose of implementation of various kind of security gateway service besides being used for the purpose of enhancing the end to end TCP performance over the wireless network.

This essay has been associated with providing an explanation regarding the use of middlebox or performance enhancing proxies [18]. The main reason for the use of this technology is done for the purpose of accelerating the internet access to the various mobile device [4]. Besides this the essay also provides a description about how the response time for the mobile client request can be decreased. Followed by this, a comparison has been made regarding mobile PEP against HTTP2 and QUIC application layer protocol. Security issues between web proxies and an end to end security like SSL/TLS and IPsec [17]. After that, a solution has been provided for challenging issues between PEPs, HTTP2/ QUIC and lastly end to end security.

Performance Enhancing Proxy is considered to be one of the best ways for addressing performance issues which occurs during the transmission of the TCP over the satellites. This technique is associated with splitting of the TCP connection into two parts (in the asymmetric configuration of PEP) or 3 (in a matter of symmetric) separate connection. Standard TCP protocol is mainly used for taking client to the server computer. Whereas, for advanced protocol, it is used for the purpose of establishing communication between PEP over the satellite link [5]. Besides this the Inter-PEP is used in order to optimize the satellite link and the most important kind of parameter for this is the TCP window and algorithm which are responsible for the congestion [16]. In some cases, it can be seen the PEP is working on one side of satellite link and this is responsible for creating a significant difference between the different levels of performance PEP which is placed on both the ends of satellite link [15]. In symmetric PEP configuration it can be seen that there exists a significant amount of choice in order to choose another optimization technique and this might include the compression, filtering of content, perfecting and many others. Besides this the symmetric PEP is associated with allowing some limited amount of choice of application protocol and optimization and this includes the HTTP compression, HTTP caching and lastly reduction of image quality [6]. PEP is also not associated with the modification of the application protocol, so it can be stated that it is an entirely transparent in a number of applications. The ultimate advantage of Advantech wireless PEP over other techniques is that it is aware of the network of topology [14]. The ultimate goal of PEP includes the improvisation of the performance of TCP and reaching out to the maximum performance for the TCP connections. At present PEPs are getting much attention in the mobile wireless industry as a method for improving user-perceived network speed. The user-perceived network is inclusive of two parameters like downloading time of object and TCP throughput [7]. The principal of the internet content service makes use of version which mainly used for wired network environment. TCP congestion algorithm which is used for wireless may not efficiently work on wireless environment characteristic like high bit error rate, larger L1/L2 [13]. It comes up with a wide range of frequency changing bandwidth as an assumption made for congestion may not work for detection of congestion and recovery. 

Use of PEPs to Improve Mobile Internet Access

A new generation of TCP of congestion protocol algorithm has been implemented for the purpose of adopting the evolving environment of the communication network. This algorithm makes use of RTI based congestion feedback loop for controlling TCP transmission rate [9]. They come up with potential for performing in the much better way for the mobile wireless environment. The latest algorithm may be activity evaluated. A well-known method for adaptation of TCP algorithm is the mobility environment before adjustment and deploy of transparent L4 PEPs in the domain of wireless access [12].

Middlebox is an intermediate device which sits in the middle of an end to end path. It performs some of the primary function like delegation to end host which ultimately breaks end to end principle [11]. They are mainly used in the operational network for overcoming performance and security limitation intrinsic in TCP/ IP protocol stacks. MB (middle box) performs a large number of function ranging from simple altering to IP address [13]. It is mainly used for modifying traffic properties at the various layer of the protocol stack. It can be considered as an issue during the performance of network measurement which is generally noticed by multiple experimenters [20]. A PEP is a well-known widespread MB which mainly aims at helping the user of the particular network for improving his or her quality of experience [13]. This functionality is primarily used by eliminating TCP connection on the side of the client, and it also focuses on the opening of new TCP connection which acts towards the server. They tend to operate as transparent proxies which ultimately performs a large number of action without being noticed by the user. The performance depended feature can be considered to be multiple and generally depends on the network and application of PEP can efficiently operate [11]. They can also span over the various layers of a protocol stack which can easily range from transport to application ones. PEP can be located between the end user and link of the satellite. It is mainly used for using satellite version of TCP which is not generally implemented by an end user [21].

In the presence of PEPs monitoring and measurement of the network can quickly provide profoundly different kind of result when it is observed from different parts of the system [11]. Network operator defines network operator as PEP to be located on the border of the cellular network which is just before the internet access [22]. PEP of cellular network is associated with terminating the TCP connection of the mobile connection towards the mobile station, and it opens up TCP connection which is towards the host as internet [14]. As a result, the total end to end RTT can be considered as a sum of two that is cellular side and internet side. It is supposed to be necessary for taking account of the proper kind of statement in the presence of such device during performance of network measurements [23]. It can be useful to those people who are mainly interested in the estimation of production which is seen by users. RTT protocol samples are generally calculated at various layers of the protocol stack. It consists of two sheet that is TCP layer on the top and application layer which is present on the bottom [10]. Different layers result in different values, so such difference cannot be encountered cannot be explained in simple ways [16]. The only difference which can be met is TCP connection is terminated by PEP. It is generally located on the satellite modem with connection link of speed 100 Mbps.

Comparison between Mobile PEPs, HTTP2, and QUIC

Middleboxes or PEP can be used in different ways and this mainly includes the following:

• It is associated with providing faster establishment of the connection. Usually, TCP makes three ways of handshaking in order to establishing a connection [18]. Minimum time for small web page retrieval is 2RTT, whereas the Advantech PEP is capable of doing it at a much faster rate.
• It is also associated with providing of web caching on the side of the client [9]. According to some research, it is possible to reduce the satellite web traffic by 40% for the medium size organization. DNS caching, which is implemented on the client side is capable of reducing the number of DNS request over the satellite [24].
• Stream compression: Compression rate can easily vary depending on the type of content [17]. As PEP makes use of advanced protocolwhich is specific compression where it is possible to achieve a higher rate of compression.
• Web compression: In many cases, it is seen that web server has not been configured properly in order to save the traffic over the link which has been provided [11]. The advantage of Web compression over the various kind of generic compression is that decompression can be done from client machine bymaking use of the browser.
• Incremental content compression: PEP makes use of advanced compression technique which initially allows it to send a partial portion of the work over the internet or network.
• Retention of image quality: Some images can quicklyreduce in size without degradation of the quality of the image.
• Web image filtration: User can easily configure the contents which is set in order to be filtered out from the server side [8]. In this small image from the site will be sent while big images will be retrieved only when the user makes use of it. So this thing will ultimately improve the experience of the user.

Monitoring and measurement of network parameter in the presence of PEP can efficiently provide different result [19]. The difference in setting can be only seen in different part of the network. In this part of the report, we come across the cellular operating system which makes use of PEP [7]. Various network operator around the globe confirms the fact that PEP is generally located on the border of the cellular network which is just before the place of internet access [25].

The figure is given below (fig 2) provides a cumulative descriptive function (CDF) of average round trip time (RTT) for connection and this is calculated by making use of two traffic traces which is derived on two sides of PEP [20]. The PEP of cellular network terminates the TCP connection towards the various mobile station. It also opens up a new TCP connection towards the host of the internet [26]. So a result it can be seen that end to end RTT can be considered as a sum of two contributes that is cellular side and internet side [6]. It is essential to into the account the presence of such kinds of devices while performing various measurements related to the network. It is considered to be necessary for understanding the performance of a user while it is a matter of significant issue for the people who look into the end to end production [22]. So it can be taken into account the fact due to the presence of PEP, RTT which is measured in the network can easily differ if it is observed form both the side of MB.

The most important metric on the internet is latency because this particular application is becoming more attractive day by day. Ergo is popular internet community which is working continuously on transport protocol for improvisation of lag [25]. The primary role of HTTP is an improvisation of page reloading by 50% and also reduction of deployment complexity during switching it to a new kind of application layer protocol [27]. HTTP2 is considered to be backward compatible with HTTP1 because if H2 fails the connection will quickly fall back to the use of various kinds of network resources in the more efficient way. It focuses on the use of multiple concurrent exchanges which occurs in the same direction. H2 makes use of best way for generic event mechanism for server push that is subscription based and provides an agent subscriber for various services [28]. This particular application makes use of server push message for subscribed user agents rather than sending an unsolicited message to various accepted user agents [5]. HTTP2 can quickly provide a lot of benefits like faster loading of web pages (2X), mobile-based sites, and better kind of security and lastly, it is compatible with previous version HTTP/1.1. HTTP/2 will improvise the browsing experience at a much faster rate in comparison to the old version as it eliminates the various kinds of flaws and limitation associated with it [23]. With improvisation of header compression, it will ultimately help mobile sites with high volume and request for download wasted bandwidth from the header. HTTP/2 is known to be encryption enabled by default; it also focuses on improvisation security among various protocol website. There are servers and browsers which run on HTTP/1.1[4]. They can easily communicate seamlessly with HTTP/2 powered browser and servers. Both the kind mentioned above of protocol has the right and ability to choose the type of proper version which can be used for establishing communication with each other.

Security Conflicts between Web Proxies and End-to-End Security

Transport layer congestion control is considered to be one of the essential element for utilization of Internet links which is shared by multiple flows [24]. New transport layer protocol generally focuses on best kind of analysis, design along with an evaluation of public along with correctness and fairness of existing contract. QUIC protocol was initially released by Google in the year of 2013. It makes use of right kind of approach to the implementation of better performance, packet delivery with package along with congestion control at application protocol [28]. QUIC flow relates us to the use of a substantial fraction of the traffic of internet. There is a large number of challenges which are encountered in QUIC like even some cases in which protocol source is available on public protocol QUIC can quickly provide a gap between the fact publicly released and various kinds of deployed on the background of google client [26]. This mainly requires grey box testing and calibration for ensuring with multiple types of codes which runs in the wild. Explanation of protocol performance often needs specification and diagrams of the state machine. It needs to have protocol performance which requires a range of execution for understanding the impact of network impacts [3]. Various kinds of challenges have been seen as a number of the downfall of application layer protocol in different application protocol layer in diverse environment and version of QUIC.

The design of QUIC is generally motivated by two factor namely implementation of new kind of transport layer in the OS which is considered to be difficult. And the second kind of issue is changing of application layer code which is controlled by the same entity. QUIC is generally implemented at the layer of application which allows Google for easier modification and deployment of new transport layer optimization [25]. The second one is avoiding privacy violation along with transparent proxying and change of content by the middlebox. QUIC is known to be encrypted from end to end; it aims at the protection of application layer contents along with transport layer headers.     

When a transport layer like TLS/ SSL is used when the application should be built in such a way that it can easily support it [2]. At present new kind of browser support TSL/SSL. It is easily possible for implementing TLS/SSL for providing support into the other type of application. TLS/ SSL makes use of the application which can quickly run inside a web browser. TLS/SSL is mainly designed in such a way that it can provide high-level protocol [17]. A significant amount of benefit of TLS/ SSL is nothing but the popularity of web and e-commerce industry. A TLS/SSL has known an application which tends to open up a session where the server can quickly respond. Both TLS/SSL need support from UDP traffic in similar in which SSH needs a stateful connection. Some limitation on the various application which supports TSL/SSL standard [1]. Another type of issue which can be encountered is TSL/ SSL is that it does not have the all kind of setup which are to be implemented on both client and server authentication.

Possible Solutions for Interoperability between PEPs, HTTP2/QUIC, and End-to-End Security

Full transparency can be achieved only making use of IPsec. Every packet of IP is generally considered to be secured if and just it is UDP while TCP is known to be another kind of container. IPsec is deemed to be most efficient and secure kind of VPN connection [14]. IPsec generally provides security directly to the IP network, and it also secures network layer. IPsec provides support to various kinds of the nested channel. Even if a user passes through two or more sort of secure gateway the tunnels are considered to be encrypted twice. In many cases it is seen that IPsec has more kind of features in comparison to TLS/ SSL, it is supposed to be more challenging to implement and provide support to routers.

From the above discussion, it can be concluded that this essay is all about a middlebox on the mobile network. An explanation has been provided regarding the use of a central box performance-enhancing proxy. Middlebox or PEPs mainly accelerate internet across various mobile devices the response mobile client request. After that, a comparison has been provided mobile PEPs against two recent type of application layer protocol that is HTTP2 and QUIC. Various security issues between web proxies and end to end system that is (SSL/TLS) and IPsec has been provided. In the end, a conclusion has been provided various kinds of solution for overcoming challenging interoperability issues between PEPs, HTTP2/QUIC, and the end to end security. A large number of benefits has been provided regarding the use of middlebox or PEP. PEPs are mainly used for improving the performance of TCP over high delay-bandwidth of products link and high kind of probability. In the above pages of the report performance of making use of TCP connection can be easily broken into web catching traces which are mainly obtained from the various commercial satellite system. Only a typical end to end many satellite data communications providers over the internet in the layer of TCP connection. The primary goal behind this particular behind this particular technology is the segregation into the tiny segment. It is mainly done so that it can optimize separately so that TCP window over the satellite segment can quickly open up faster. In the recent times, PEP has huge attention in mobile industry which is used for improving the speed of the network. TCP congestion algorithm which is suited for suited for wirelines may not work on wireless environment character by improvisation of bit rate [18]. By elimination of end to end of TCP flow at the verge of the boundary of the various network. PEP allows making use of TCP congestion avoidance algorithm which is used for tuned for several types of environment irrespective of TCP version which is used by the system. 

References

[1]H. Sato, Y. Okabe, T. Nishimura, K. Yamaji and M. Nakamura, "Privacy Enhancing Proxies in a Federation: Agent Approach and Cascade Approach", Journal of Information Processing, vol. 22, no. 3, pp. 464-471, 2014.

[2]"Performance-Enhancing Drugs on the Web: A Growing Public-Health Issue", The American Journal on Addictions, vol. 22, no. 2, pp. 158-161, 2013.

[3]H. Sato, Y. Okabe, T. Nishimura, K. Yamaji and M. Nakamura, "Privacy Enhancing Proxies in a Federation: Agent Approach and Cascade Approach", Journal of Information Processing, vol. 22, no. 3, pp. 464-471, 2014.

[4]"A Survey of Protocols Enhancing the Security and Performance of AODV", International Journal of Science and Research (IJSR), vol. 5, no. 4, pp. 814-818, 2016.

[5]"A Survey of Protocols Enhancing the Security and Performance of AODV", International Journal of Science and Research (IJSR), vol. 5, no. 4, pp. 814-818, 2016.

[6]D. Stenberg, "HTTP2 explained", ACM SIGCOMM Computer Communication Review, vol. 44, no. 3, pp. 120-128, 2014.

[7]P. McAnany, S. Rowe, I. Cholotio, E. Menchú and J. Quic, "Mapping Indigenous Self-Determination in Highland Guatemala", International Journal of Applied Geospatial Research, vol. 6, no. 1, pp. 1-23, 2015.

[8]K. Satoh and S. Shirabe, "Early detection of abnormal prion protein in genetic human prion diseases now possible using real-time QUIC (RT-QUIC) assay", Journal of the Neurological Sciences, vol. 333, p. e350, 2013.

[9]H. Bakri, C. Allison, A. Miller and I. Oliver, "HTTP/2 and QUIC for Virtual Worlds and the 3D Web?", Procedia Computer Science, vol. 56, pp. 242-251, 2015.

[10]G. Dan, K. Kevin, H. Tom, Q. John and K. Mitch, "Flight Software Development and Validation Workflow Management System", INCAS BULLETIN, vol. 10, no. 1, pp. 85-94, 2018.

[11]M. AsadzadehKaljahi, A. Payandeh and M. Ghaznavi-Ghoushchi, "TSSL: improving SSL/TLS protocol by trust model", Security and Communication Networks, vol. 8, no. 9, pp. 1659-1671, 2014.

[12]M. Alnatheer, "Secure Socket Layer (SSL) Impact on Web Server Performance", Journal of Advances in Computer Networks, vol. 2, no. 3, pp. 211-217, 2014.

[13]S. Park, "A Comparative Analysis of NPKI and SSL/TLS for Secure Internet Transactions", Journal of the Korea Institute of Information and Communication Engineering, vol. 20, no. 2, pp. 289-298, 2016.

[14]"Tough times for SSL", Network Security, vol. 2012, no. 2, p. 20, 2012.

[15]S. Park, "A Comparative Analysis of NPKI and SSL/TLS for Secure Internet Transactions", Journal of the Korea Institute of Information and Communication Engineering, vol. 20, no. 2, pp. 289-298, 2016.

 [16]Zhou Su and Qichao Xu, "Content distribution over content centric mobile social networks in 5G", IEEE Communications Magazine, vol. 53, no. 6, pp. 66-72, 2015.

[17]"Content Distribution Mechanism in Mobile P2P Network", Journal of Networks, vol. 9, no. 5, 2014.

[18]S. Sharafeddine, K. Jahed, O. Farhat and Z. Dawy, "Failure recovery in wireless content distribution networks with device-to-device cooperation", Computer Networks, vol. 128, pp. 108-122, 2017.

[19]"Failure recovery in wireless content distribution networks with device-to-device cooperation", Computer Networks, vol. 128, pp. 108-122, 2017.

[20]R. Halloush, H. Liu, L. Dong, M. Wu and H. Radha, "Hop-by-hop Content Distribution with Network Coding in Multihop Wireless Networks", Digital Communications and Networks, vol. 3, no. 1, pp. 47-54, 2017.

[21]"A Multilayer Application-Aware IPSec Mechanism for IP Multimedia Subsystem", International Journal of Future Computer and Communication, vol. 3, no. 4, pp. 247-251, 2014.

[22]"A Powerful IPSec Multi-Tunnels Architecture", Journal of Advances in Computer Networks, vol. 2, no. 4, pp. 274-278, 2014.

[23]"Issues and Security on IPSec: Survey", Journal of Digital Convergence, vol. 12, no. 8, pp. 243-248, 2014.

[24]A. Alsaheel and A. Almogren, "A Powerful IPSec Multi-Tunnels Architecture", Journal of Advances in Computer Networks, vol. 2, no. 4, pp. 274-278, 2014.

[25]S. Hwang, M. Park, D. Moon, H. Kang, J. Kim and C. Lee, "Analysis of Padding Oracle Attack Possibility about Application Environment; SRTP, MIKEY, CMS, IPSec, TLS, IPTV", KIPS Transactions on Computer and Communication Systems, vol. 4, no. 2, pp. 73-80, 2015.

[26]D. Stenberg, "HTTP2 explained", ACM SIGCOMM Computer Communication Review, vol. 44, no. 3, pp. 120-128, 2014.

[27]U. Goel, M. Steiner, M. Wittie, etal, “Detecting Cellular Middle boxes using Passive Measurement Techniques” IEEE, PAM 2016: Passive and Active Measurement pp 95-107, 2016.

[28]K. Minho, K. Seung-Woo and K. Seong-Lyun, “Enhancing TCP End-to-End Performance in Millimeter-Wave Communications”, IEEE International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), DOI10.1109/PIMRC.2017.8292745, 2017.