Wide Area Network Acceleration in a High Assurance Enterprise

July, 2015
IDA document: D-5404
FFRDC: Systems and Analyses Center
Type: Documents
Division: Information Technology and Systems Division
William R. Simpson, Kevin E. Foltz See more authors
Bandwidth continues to be a problem for the active enterprise. One solution to bandwidth problems over long-haul distances with restricted bandwidth is the Wide Area Network (WAN) Accelerator. This accelerator works by tokenizing blocks of information that are sent multiple times in network traffic. Because many such communications include previously transmitted material, the accelerator traffic quickly damps out to transmissions that include tokens instead of the original communication. The tokens are reconstituted before delivery, and the receiver has a seamless connection and is unaware of the process. The acceleration is not without its drawbacks. The process does not work on encrypted traffic due to the random nature of encryption. For high assurance systems using an end-to-end paradigm, there are two main areas of concern. The first is security (how do we handle the decryption/re-encryption process?). The second is integrity (how do we maintain end-to-end integrity when encryption is broken?). This paper discusses the current approach to WAN acceleration and the changes that are required by a high assurance end-to-end approach. The latter rely on a well-formed security paradigm for the enterprise.