Network Layer Security. Design
for A Cross Layer
Architecture
S.
Ramachandran',
G.Fairhurst',
M.Luglio*,
C.Roseti*,
S.Provenzano*
±Electronic
Research Group, UniversityofAberdeen, Scotland, AB24 3UE Electronics Engineering Department, University ofRome "Tor Vergata", Italytraj,
gorry}@,erg.abdn.ac.uk, luglio@,uniroma2.it, roseti@,ing. uniroma2.itAbstract- Traditional modular layering schemes have served a However, due to its stringenterror check, even single bit error major partinthe developmentof a variety of protocols. However, may lead to packet loss. A transport protocol called
UDP-as thephysical layer impairments become more unpredictable, a Lite, that uses partial checksum, was therefore designed to
cross layer design (CLD) which is dynamic in nature provides alleviate this inherent problem of UDP. UDP-Lite inspects
better performance. CLD introduces newchallenges in protocol error on
only
part
of thepacket
identifiedassensitivetoerrorsdesign
aswellasin theareaofsecurity,
by the checksum coverage field, andignores
errors in the Using numerical analysis, we show that a link layer design remaining parts of the packet. However to take advantage of employing header compression and cross layer signalling to UDP-Lite, modifications arerequired
at the lowerlayers
to protect protocol headers can limit packet discarding. This paper allowcorrupted packets
to be delivered to thehigher layers.
also reviews the IPsec protocol and describes howIPsec can be Security is paramount in today's Internet. A security modified for crosslayer architecture. architecture that is compliant with UDP-Lite needs to be
considered.
Key words: Cross layer, UDP-Lite, IPsec, CL-IPsec, Header
protection
The structure of this paper is as follows: thenext sectionI. INTRODUCTION introduces the difference between UDP and UDP-Lite. This
Traditionally network systems design has followed the section also
explains
the various linklayer
modifications that r S X1 1 1- 1 1 1 are reuired
whenusin UDP-Lite. Section
3describes
a Open Systemscomplex task Interfacer(OSI)
model. In this model thequg
host-to-host n * g is* 1- ... . . security architecture usingIPsecthatis compliant withaCLA
complrext
lof
host
a netorkion
isdivied
intoeen
approachusing UDP-Lite. This section
also addresses the useadiffeent
logical
layers,
andinfrmaion
istpase
betwee
ofheadercompression
with
IPsec.Conclusion
and future workadjacent logical layers through a specific interface (service is explained in Section 4.
access point). Today a variety of communication mediums
(wired and/or wireless) are used to relay information. This II. UDP Vs. UDP-Lite
heterogeneity in the network infrastructure may cause
information to be lost due to either erratic channel behaviour Due to its low
protocol
overhead(8 bytes)
andprocessing
(e.g.
scintillationerrors,
signal
fadeetc.)
or aprocessing glitch
overheadUser Datagram Protocol [3] has foundits
usage in in the intermediatesystems.
To cope with suchdynamic
various
delaysensitive
aswellasstreaming application.
Manybehaviours,
nextgeneration
networksystems
design
needs a oftheseapplications
cantolerate biterrors
inthe datapayload reference model that is more flexible. One such model is the better than the loss of a fullpacket.
For instance modemCross
Layer
Architecture(CLA).
audio/video
codec suchasReversible Variable
Length Codes(RVLC) [4] can extract useful information from blocks of
CLAre,
ion-adjac"nut-shyel
cfan
bedein
deferesig aroalch
corrupt data to conceal the effect oferror.This
can yield awhere, non-adjacent layers of an OSI reference model co- betrdgeofvsaoruioxpinc.Ohrxmls
ordinate inorderto
optimize
systemperformance.
Thisdesign
tre
relibe
mulvisual
audo
or oexperience.
Other
examples
approch cntraictsthe SI rferece mdel,wher the arereliable multicastprotocols
whichcanemploy packet-level
approach
contradicts
the OSI referencemodelere
th forwarderror correction(FEC)
codestoreliably
recover fromprotocolsnd inlyadi
entlayers
function
munindpennthtoneah
errorsand/or
erasures. However dueto thestrict
errorcheckanother
andronly adjaellkntwnlersfcancommInicat
with
oeprovided
byUDPtheentire
packetwill
bedroppedin caseofanotherthroughwell knwn intrfaces.In a CL, it i
bit
errors. To solvethis problem
the IETF standardized aassumed that the layer(s) can tolerate errors to a certain
protocol
calle
[5]. Asshown
inFg.
1 themagnitude
inpartsofits payload. Modern multimedia codecsdrnce be
d UDP-Liteis
that the (e.g. AMR [1], H.264 [2]) are designed to be error resilient.Lengt fe
the
UDP isrePLace
by a tChecksum
Other
applications
such asreliable multicasttransportcan useCerge
field.
fn
~~~~~Coverage
field.various error/erasure correction codes to protect against channel impairments.
Today UDP is the preferred transport protocol to deliver multimedia as well as multicast packets over the Internet.
16-bitsourceprtnumber 18-bitdostiatdonprtnunber
(FEC)
code. The work described in[11]
has shown in detail how such a scheme can be useful for both error-tolerantChecksumcoverage Checksum
applications
as well as for bulk data transfer. The modeldescribed here uses a combination of header compression, Data(if any) partial checksum and headerprotection asillustrated inFigure
Figure. 1.UDP-Lite header
When
using
UDP-Lite,
apacket
is divided into sensitive Asample
architecture that usesthistechnique
isgiven
inand insensitive
parts.
Anapplication
uses the Checksum[12],
where Robust HeaderCompression
(RoHC) [13]
wasused to compress the protocol headers (RTP/UDP/IPv6) and Coverage
field,
to indicate the number of bytes from the startJo
SouresChe
coding
adeci
(R
SC/D)[14]
as
of the UDP-Liteof te UP-Lieheader thathadertha ar to e cnsidredsenstiv toareto be considered sensitiveto
Jon.oreCanl
used toprovide
the necessary erroroigaddcdn
protection
.JC/D
of thesensitive
4 wabit errors. Since the receiver only calculates checksum over
thesensitivepart anybiterrors intheinsensitiveportion ofthe
bytes
atthephysical layer.
packet is ignored. The minimum coverage length is 8 bytes, Sensitiveyes
which only includes the UDP-Lite header whereasa coverage UDP ation
equal
to zero indicates that the checksum covers the entire _packet [5]. L
LikiCa}ompressed IData |RC
HQEdee.d.rs 16/32
S-enfsitiv ye
A. Limitpacket discarding using UDP-Lite
C---FECencoader
Work described in
[6]
has shown theadvantage
ofusing
e ReSoUDP-Lite. However to achieve this it is important that the X
f o X S 1 Sr r7l h h fh f f ~~~~~~~L.irkLayer CorpFr?sd D| P3ty |CR<C-|
sensitive
bytes
are delivered error-free. L/] has shownthat,
it 1O1Syis common for a packet header to be corrupt. For reliable Figure3.MPHPwith HC
delivery of sensitive bytes, following techniquescanbe used:
Other mechanisms, as described in [15] have been Header compression and Partial checksum.- When using proposed, where the a packet is divided into different frames, UDP-Lite it is essential that the lower layers donot drop the based on the sensitivity information from the link layer, and a packet due to errors in the insensitive part. A partial error higher coding and modulation is used for the sensitive parts detection scheme, asshown inFigure. 2, is therefore required w.r.t. insensitiveparts. A process to de-multiplex these frames
at the lower layers (e.g. link layer). Implicit cross layer needs to bedesigned. signalling techniques can be used to modify link layer to
providepartialerrorcheck. B. Packet lossanalysisfor various schemes
Sensitive bytsm evlae "te1w
coveredby MPE-LiteSensitive To evluate E p0r1ormance of SCaove
schemes,
web pefrmnescee
L
uovereHydrUDP-Lite
compute
thepacket
lossratio
atthetransport
layer
as a resultLik(e-geaMPEderE;IP Headr
HeUDP-ite
UDPLitAplca0|f000.00Applatioertio Data TVRQ-f3 of the varying link layer bit error rates (BER). For the purpose
ULEHedr HaeI
Figure. 2. Partial checksum bylinklayer of
analysis,
wehave considered theuseofareliablemulticastprotocol calledFLUTE [16] over UDP-Lite and thelinklayer Works described in
[8-10]have
shown thatusing
apartial
protocol considered is the Unidirectional Lightweight checksum scheme, which detectserror inthelinklayer header Encapsulation(ULE)[17].
and the sensitivepart of the frameimproves theprobability of
packet
delivery
tothehigher
layers.
The coverage length at the link layer include the ULEheader (4 bytes), IP header (20 bytes), UDP-Lite header (8
In some applications the overhead due toprotocol headers
bytes),
FU header(i
nextesion
header becanbelarger than the application data itself(e.g. VoIP). Such
andethe linkEchecksum((4cytes), whichsisnahtotalso
80bytes.
an overheadcanbe reducedbyuseofcompression algorithms
In
theschemesusing
heaercompresso
the
covea
lent
such asRoHC, IPHC,
etc.Performing
HC oversensitivebytes
caIn
the schemesustg
headercompression
the coveragelength
notonly reduces the channelutilization,
butit also reduces thehadbearedutoducs4
bytes,the
0FLUEreneralthe
aUDeradthe
prbailt oerosisestvbys. 'header to 4
bytes
[6],
the FLUTEgeneral
header and the probability oferorsisenstiveextension headers canbecompressedto28bytesbasedonthe Header compression with partial checksum and Header methods described in [1 8]. The remaining 8 bytes corresponds Protection. - In case of networks where error patterns varyto the
uncompressed link header and
CRC-32.rapidly with time (e.g. mobile satellite nodes), the sensitive
bytes can still be in error [7]. One way of protecting the The link layer schemes discussed in the previous section, sensitive bytes is by using a strong forward error correction results in transport layer observing both erasures and errors.
Assuming uniform error distribution the packet lossrate atthe erasure correction code (e.g. [19]) canbe used byFLUTE to
transportlayercanbe describedusing the following equation correctresidual biterrorsinitspayload.
PLRTL =1-(1-
BERliink)(CLlink)
111.
NETWORKSECURITY+ BERlinkX -
BERlink)(CLlink)
(1) In the framework of Internetsecurity,
IETF haswhere, standardized the IPsecurity protocol (IPsec)[20] with the aim
PLRTL =packet loss ratioattransportlayer to offer inter-operable cryptographically-based security services
(confidentiality, authentication,
integrity andnon-BERlink
bito:
error
raticoverat
linkleR
repudiation) while continuing to use the existingCLIHk = no: of bits covered byliflkCRC infrastructures.
When header protection is not used, the
BER,ink
is the Such services are provided through an authentication residual BER after the demodulation and/or decoding at the protocol, named Authentication Header (AH) [21] a physical layer. On the other hand with header protection, the confidential protocol, named Encapsulating Security ProtocolBERJink
is the decoder error probability ofan FEC code atthe(ESP)
[22]
andanInternetSecurity
Association Establishment link layer. Here we assume theuse ofa Reed Solomoncode,
and Key Management Protocol (ISAKMP) [23]. These whoseupperbound decodeerrorprobability is given by protocols have been designed as anIPv4
upgrade and asn
n,
R predefinedsecurity
forIPv6.BERlink
BERphy
I
(1-BI R
nY)f
(2)i=n-k+1 The used cryptographic/authentication algorithm and keys
where, of the IPsec services are defined through Security
BERphy = biterrorratio after demodulation and Associations (SAs). A single SA can support the use of AH or
decodingatphysical layer ESP, butnot both. IPsec operates in two modes: transport and
n =total encodedsymbols tunnel mode. The former is used between end-systems and
k =
original
sourcesymbols (header bytes
to adds a new header (AH or ESP) to the IPguaranteeing
theprotect) protection of the IP payload. In tunnel mode, on the other
hand,
the end-system delegates the security service to the Figure. 4. shows thepacket lossratiosatthetransportlayergateway.
Indthistmode,eaH
oheader
sencaute
theusing
various linklayer
schemes. Two observations wereengateway.
In thismode,
AH or ESP headerencapsulates
the made from thisanalysis. Firstly, although
headercompression
estinatin
andsource
addresses can bedifferentfrom those ofimproves
theprobability
ofpacketdelivery
when comparedtothncom
an IPacket.
the scheme without headercompression, e.g. approx. 42%for theencompassig
IPpacket
BER
10-3
this gain margin decrease as the link layer BER AHjointly provides
authentication andintegrity by adding
increases. to the protected datagram an additional block, called"Integrity
Check Value" (ICV), which can be either a Message
10 r Authentication Code
(MAC)
or adigital
signature.
AH formatl0 ,
presents
thefollowing
fields:10
* Next Header(1
byte)
It defines thetype
of thepayload
O
lo-! L that follows;/-immediately
the AH header(i.e.,
UDP,
TCP);
- ____
partial-checksum
*Payload length
(1
byte)
It indicatesthelength
ofthe AHpartialchecksumandRoHC payload;
---partial
checku, HICandlHeaderProteveion
* d(2bytes) This field is reserved forfutureuse10 -n- ~ O4 LC
10- I1 oi e o- 110Ln E * SPIfield (4 bytes) The Security Parameter
Index
field isFigure.4. Bit errors intransport layer for different schemes usedto identify the appropriateSA;
* Sequence Number (4 bytes) Sequence Number used for Secondly, with a code rate of 0.3, i.e. an additional anti-replay;
overhead of 80 bytes in the form of
parity symbols,
the * Authentication Data (variable) Authentication data using scheme with header compressionandprotectionoutperformed
atleast
H1MAC-MD5
andHI\MAC-SHA1.
the other schemes by orders of magnitude. The use of header
compression and protection not only reduces the protocol ESP ensures the confidentiality service, by adding to the header overhead, but the additional protection ensures that the field used in AH, the following fields:
error-* Initialization Vector Vector used by the ESP
encryption
algorithms.
Authenticationusig IPsec* Padding Padding bits areused to
align
thepayload
and l IAH
IuiDPLu
i* FMPaad
the payload and the two
following
fields on a 32 bit II§dr BEadr BJa&r akrboundary,
asrequestedby
theencryption
algorithm.
4 1' PL~~~~~~~~~~~~~~~uthenticatinusilng CL-IFsec
* Padding length It indicates the size of the used padding Figure. 5.Partial AuthenticationusingCL-IPsecinTransport mode
(inbytes).
B. Cross-Layer IPsecforUDP-Lite B. Headercompressionfor IPsec
TraditionalIPsecauthenticates
(and
optionally
encrypts)
the IPsec provides various security services at the cost of entire IP payload. This means thatcorruption
ofany part of increasedoverhead.
Especially in the tunnel model, the IPsec the IP payload causes authentication failure and results in overhead impliesinefficient
bandwidth utilization [24, 25]. packet drop. Inotherwords,
IPsec assumes that the entire IP Thisdrawback can be mitigated by using HeaderCompressionpayload
is sensitivetounauthorized bitchanges
(due
toeither(HC) protocols.
Headercompression
over IPsec(HColPsec)
bit errors ormaliciousattacks).
This conflicts with UDP-Lite [24] aims to reduce overhead, without compromising the behaviour whichcantolerate biterrorsin itspayload.
security services provided by IPsec.HColPsec
frameworkreliesontwoassumptions: The proposed Cross Layer IPsec
(CL-IPsec)
aims toadapt
IPsec for UDP-Lite based
applications.
The behaviour ofCL-1.
Existing HC protocols areconsidered;
IPsec is dependent on the crosslayer
signalling
betweennetwork layer and
higher
layers.
Specifically,
IPsec needs to 2. HC protocols operate at the IPsec SA endpoints (HC receive bothexplicit
signalling
fromapplication,
indicating
applied
inaSAbasis).
the use of
UDP-Lite,
andimplicit
signalling
from transportlayer to get the coverage
length
value and thenperform
the Since existing HCprotocols compress packets on ahop-by-security operations
accordingly.
hop basis,HColPsec
requires the extension of the HCfunctionalities in order to operate at IPsec SA
endpoints.
Considering
theAHprotocol
in transportmode,
andbased
Furthermore,
HColPsec framework proposes that the on theaforementioned
signalling scheme,
a CL-IPsecscheme
configuration of the HCparameters isaccomplished by the SAofimplementationisshown
inFigure5.
wherethe
insensitive
management protocol (i.e.IKEv2
[23] while compressed part only involves the RMT payloadIt
allows partial packet can be identifiedthrough the Next Header field of the authentication involving only AH, UDP-Lite and other security protocol (AH orESP).
sensitivebytes. Toachieve
this,
theinput
of theICValgorithm
should be modified in order to consider
only
thefollowing
Performing
HColPsec,
outbound IP traffic is first fields: new IPheader(if
IPsecisrunning
intunnelmode),
AHappropriately compressed
and thenencrypted/authenticated.
header, IP header(excluded
the mutable fields:Flags,
Similarly, inbound IP traffic is firstdecrypted/authenticated
Fragment Offset, Time to Live and Header Checksum
[21])
and then decompressed [24]. An exampleconcerning
AH in and the sensitive part of the UDP-Litepacket.
In this way, tunnel mode isshown inFigure. 6.
even though bits
belonging
to the insensitive part arecorrupted,
IPsec forwards thepacket
tothehigher layers.
CL- IPUDP-Litg
RMT PAYLOADIPsec
adaptation allows
accessing
the checksum
coveragefield
c within the UDP-Lite headerthrough
animplicit cross-layer
interaction with the
transport
layer.
Such an interaction ispossible because the
position
of the checksum coverage is IPSEC DEVICE COMPRESSORfixed within the UDP-Lite header and a
priori
knowledge
ofI_I
theAHheader size. Notethat IPsec is ingeneral
not abletodistinguish
IPheader and IPpayload.
--7I t~~~EWIP~ ~ ~ ~ PAYLOAD
Once checksum coverage is made evident to
AH,
it is |HEADR
AH
| mOdepossible
tochange
theinput
ofICValgorithm
accordingly.
Incase the ESP
protocol
isused,
withoutexploiting
itscryptographic
service,
the CL-IPsecapproach
requires
modifications in order to take into account the presence of the ESP trailer. On the other hand, if confidentiality is required, the distinction of a sensitive and an insensitive part does not make sense.IV. CONCLUSION & FUTURE WORK PP.706-710.
[7] M. Rossi, "Evaluating TCP with Corruption Notification in an IEEE 802.11 Wireless LAN," M.S Thesis, Institute of Computer Science,
In the first half of
this
paper we have focused on the University of Innsbruck. November 2006.different link layer designs that areapplicable for multimedia [8] L-A. Larzon, M. Degermark and S. Pink, "UDP lite for real time aswellasmulticastapplicationsusing crosslayer architecture. multimediaapplications,"in June1999,
The impact of different link layer designs on the packet loss [9] A. Servetti and J.C. De Martin, "Error tolerant MAC extension forspeech communications over 802.11 WLANs," in In Proceedings ofIEEE 61st
ratioat the transport layer wasstudied. The results have shown Semiannual Vehicular Technology Conference (VTC), May 2005, pp. p.g. that the scheme using a combination of header compression 2330-2334.
and protection with partial link checksum outperforms other [10]E.Masala,M. Botteroand J.C.DeMartin, "Link-levelpartialchecksum
schemes by orders of magnitude. This conclusion achieved for real-time video transmission over 802.11 wireless networks," in In Proceedings of14th International Packet VideoWorkshop (PVW), Dec2004,
[11] F. Arnal, L. Dairaine, J. Lacan and G. Maral, "Cross-layer reliability
[12,26] management for multicast over satellite," Computer Networks and ISDN
Systems,vol.No.48,pp. p.g.29-43,May 2005.
The second half of this paper identified the drawback of [12] M.G. Martini, M. Mazzotti, C. Lamy-Bergot, J. Huusko and P. Amon,
"Content adaptive network aware joint optimization of wireless video
usmng
IPsec forapplications designed forUDP-Lite protocols. transmission," Communications Magazine, IEEE, vol. Vol. 45, pp. p.g. 84-90, To alleviate the problem, we have proposed a cross layer Jan. 2007.signalling scheme which ensures that onlythe IP header and [13]C.Bormann,C.Burmeister,M.Degermark,H.Fukushima,H. Hannu,
L-the sensitive bytes identified by the coverage length of the E. Jonsson, R. Hakenberg, T. Koren, K. Le, Z. Liu, A. Martensson, A.
Miyazaki, K. Svanbro, T. Wiebke, T. Yoshimura and H. Zheng, "RObust
UDP-Lite iS authenticated bythe ICV algorithm. This scheme, header compression(ROHC):Framework and four profiles: RTP, UDP,
ESP,
however, works with onlyAHorwithESPwith authentication anduncompressed," IETF, Tech. Rep. RFC 3095, July 2001.
andnoencryption. When ESPuses encryption, it implies that [14] J.L. Massey, "Joint source and channel coding," in Communication
all the parts in the IP payload is sensitive to change (due Systems and Random Process Theory, NATO Advanced Studies Institutes
Series E25 J. K. Skwirzynski editor,Ed. Sijtho&Noordho,Alphenaanden
maliciousattack orbit errors). Hence such cases areignoredin Rijn,The Netherlands: 1978,pp.
p.g.
279-293.ourproposedcrosslayer architecture. [15] G.Fairhurst, M. Berioli and G. Renker, "Cross-layer control of adaptive
coding and modulation for satellite Internet multimedia," International
As part of the futurework, wewill investigate the impact Journal of Satellite Communications and Networking, vol. 24, pp.471-491, of variousFLUTE willlinkbe layer schemesmodified to on FLUTEand protocol. Initiallycorrection 2006.[16] T. Paila,M. Luby, R.Lehtonen,V. RocaandR.Walsh,"FLUTE -file
FLUTE Will be modifiedl to use error and erasure correction delivery over unidirectionaltransport,"IETF, Tech. Rep. RFC 3926, October,
codes, following this a header compression profile, either 2004.
basedon [18]orothertechniqueswill be considered. [17] G. Fairhurst and B. Collini-Nocker, "Unidirectional lightweight
encapsulation (ULE) for transmission of IP datagrams over an MPEG-2
The IPsec implementation in Linux Kernel 2.6.20 will be transport stream(TS)," IETF, Tech. Rep. RFC 4326, December2005.
modifiedto teC
Iscpt[18]
R.Walsh,J-P. LuomaandA. Saaranen, "Method and System for headermodified
to the CL-IPsec protocol. Furthermore based on a compression,"US.
US2005/0160184Al,July 21,2005.headercompression algorithm, CL-IPsec will also be adapted. [19] R.M.Zaragoza, "http://www.eccpage.com/," Aug 21, 2006.2006.
[20] K. Seo and S. Kent. (Dec. 2005, Security architecture for the internet
ACKNOWLEDGEMENT protocol.IETF,
This work is
partofajointcollborationbetw[21]
S. Kent, "IP authentication header," IETF, Tech. Rep. RFC 4302,This work iS part of a joint collaboration between the December 2005.
University of Aberdeen and University of Rome "Tor [22] S. Kent, "IP encapsulating security payload," IETF, Tech. Rep. RFC
Vergata". This work is funded as part of the JA2240 work 4303,December2005.
package of the European IST-FP6 project: "SatNEx II - [23] C. Kaufman, "Internet key exchange (IKEv2.0)," IETF, Tech. Rep. RFC Satellite Communications Network of ExcellenceII". 4306, December 2005.[24] E. Ertekin, C. Christou, R. Jasani andB.A. Hamilton, "Integration of
header compression over IPsec security associations," IETF, Tech. Rep.
REFERENCES Internet-Draft,draft-ietf-rohc-hcoipsec-04, February2006.
[1]3GPP TS26.091:,"Mandatory speech codecspeech processing functions; [25] M. Luglioand C. Roseti, "Network security and performance evaluation AMR speech codec; error concealment of lost frames," Tech. Rep. 26.091 of ML-IPSec over satellite networks," in In Proceedings 12th Ka and
V6.0.0,2004. BroadbandComunications Conference, Sep 2006,
[2]D.Marpe, T.Wiegand andG.J. Sullivan, "The H.264/MPEG4 Advanced [26] F. Arnal, L. Dairaine, J. Lacan and G. Maral, "Multi-protocol header
Video Coding Standard and its Applications," IEEE Communications protection (MPHP), a way to support error-resilient multimedia coding in
Magazine,vol.44,pp.134-143, August2006. wireless networks," in High Speed Networks and Multimedia
[3]J.Postel, "Userdatagramprotocol," IETF, Tech. Rep. RFC768, August, Communications, 7th IEEE International Conference, HSNMC 2004, July 2
1980. 2004, pp.740-749.
[4]J. WenandJ.D.Villasenor, "Reversible variablelengthcodes for efficient and robust image and video coding," in In Proceedings ofIEEE Data Compression Conference, Apr 1998, pp. p.g. 471-480.
[5] L-A. Larzon, M. Degermark, S.Pink, L-E. Jonsson and G. Fairhurst, "The lightweight user datagram protocol (UDP-lite)," IETF, Tech. Rep. RFC 3828, July, 2004.
[6] W. Stanislaus, G. Fairhurst and J. Radzik, "Cross layer techniques for flexible transport protocol using UDP-lite over a satellite network," in 2005,