Analysis and improvement on IPSec anti-replay window protocol

Abstract

The anti-replay sliding window is used in IPSec to resist the replay attack. However, when experiencing the severe packet reordering, IPSec anti-replay sliding window can potentially drop a lot of good but late packets, thus the end-to-end performance is dramatically degraded. In this paper, we rigorously analyze the performance of IPSec anti-replay sliding window under the different reordering models and then come up with a set of robust anti-replay window protocols. The performance and efficiency of each protocol are compared through the simulation. Also we argue that by deploying our new proposal, it is possible to dramatically reduce the overhead of IPSec and save a lot of bandwidth.