The document below is included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright.
Ana Simões
Skysoft Portugal
This paper presents the security architecture designed for SaNTA (Satellite Networks Transport Architecture). SaNTA is an architecture designed for accelerating TCP connections through satellite links. It uses a split architecture to overcome problems in the TCP congestion control mechanism when using satellite links. However, such split architecture cannot easily interoperate with secure communication protocols, that use a end-to-end paradigm. In this paper we present a security architecture for SaNTA using state-of-the-art security solutions: IPSec and SSL/TLS, as well as packet-filtering firewalls and NAT gateway mechanisms. This security architecture allows SaNTA to deal properly with end-to-end secure communication protocols, though not accelerating them, and to properly protect all traffic managed by SaNTA.