MobiVPN: Towards a Reliable and Efficient Mobile VPN

abstract: A Virtual Private Network (VPN) is the traditional approach for an end-to-end secure connection between two endpoints. Most existing VPN solutions are intended for wired networks with reliable connections. In a mobile environment, network connections are less reliable and devices experience intermittent network disconnections due to either switching from one network to another or experiencing a gap in coverage during roaming. These disruptive events affects traditional VPN performance, resulting in possible termination of applications, data loss, and reduced productivity. Mobile VPNs bridge the gap between what users and applications expect from a wired network and the realities of mobile computing. In this dissertation, MobiVPN, which was built by modifying the widely-used OpenVPN so that the requirements of a mobile VPN were met, was designed and developed. The aim in MobiVPN was for it to be a reliable and efficient VPN for mobile environments. In order to achieve these objectives, MobiVPN introduces the following features: 1) Fast and lightweight VPN session resumption, where MobiVPN is able decrease the time it takes to resume a VPN tunnel after a mobility event by an average of 97.19\% compared to that of OpenVPN. 2) Persistence of TCP sessions of the tunneled applications allowing them to survive VPN tunnel disruptions due to a gap in network coverage no matter how long the coverage gap is. MobiVPN also has mechanisms to suspend and resume TCP flows during and after a network disconnection with a packet buffering option to maintain the TCP sending rate. MobiVPN was able to provide fast resumption of TCP flows after reconnection with improved TCP performance when multiple disconnections occur with an average of 30.08\% increase in throughput in the experiments where buffering was used, and an average of 20.93\% of increased throughput for flows that were not buffered. 3) A fine-grained, flow-based adaptive compression which allows MobiVPN to treat each tunneled flow independently so that compression can be turned on for compressible flows, and turned off for incompressible ones. The experiments showed that the flow-based adaptive compression outperformed OpenVPN's compression options in terms of effective throughput, data reduction, and lesser compression operations.Dissertation/ThesisDoctoral Dissertation Computer Science 201

MUSeS: Mobile User Secured Session

International audienceMobility and security are very important services for both current and future network infrastructures. However, the integration of mobility in traditional virtual private networks is difficult due to the costs of re-establishing broken secure tunnels and restarting broken application connections. In order to address this issue, we propose a new communication system called Mobile User Secured Session. Based upon a peer-to-peer overlay network, it provides security services to the application layer connections of mobile users. The secure and resilient sessions allow user connections to survive network failures as opposed to regular transport layer secured connections. We have implemented a prototype and have assessed its proper functioning by running experimentations upon a simple virtual dynamic network

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism

The Impact of the Internet on Telecommunication Architectures

The ever-growing popularity of the Internet is dramatically changing the landscape of the communications market place. The two separate worlds of the Internet and Telecommunications are converging. The respective advantages of the two environments are being integrated to fulfill the promise of the information super-highways. In this paper, we examine the impact of the Internet on the main telecommunication architectures, namely the IN, the TMN and TINA. There are two new tendencies for implementing telephony services in combination with the Internet: running part of the control sys tem over the Internet, or conveying both the user data and the control information over the Internet. We examine these two trends, and elaborate on possible ways of salvaging the best parts of the work achieved by the TINA-Consortium in the Internet context

VoIP: Making Secure Calls and Maintaining High Call Quality

Modern multimedia communication tools must have high security, high availability and high quality of service (QoS). Any security implementation will directly impact on QoS. This paper will investigate how end-to-end security impacts on QoS in Voice over Internet Protocol (VoIP). The QoS is measured in terms of lost packet ratio, latency and jitter using different encryption algorithms, no security and just the use of IP firewalls in Local and Wide Area Networks (LAN and WAN). The results of laboratory tests indicate that the impact on the overall performance of VoIP depends upon the bandwidth availability and encryption algorithm used. The implementation of any encryption algorithm in low bandwidth environments degrades the voice quality due to increased loss packets and packet latency, but as bandwidth increases encrypted VoIP calls provided better service compared to an unsecured environment.Les eines modernes de comunicació multimèdia han de tenir alta seguretat, alta disponibilitat i alta qualitat de servei (QoS). Cap tipus d¿implementació de seguretat tindrà un impacte directe en la qualitat de servei. En aquest article s¿investiga com la seguretat d'extrem a extrem impacta en la qualitat de servei de veu sobre el Protocol d'Internet (VoIP). La qualitat de servei es mesura en termes de pèrdua de proporció de paquets, latència i jitter utilitzant diferents algoritmes d¿encriptació, sense seguretat i només amb l'ús de tallafocs IP en local i en xarxes d'àrea àmplia (LAN i WAN). Els resultats de les proves de laboratori indiquen que l'impacte general sobre el rendiment de VoIP depèn de la disponibilitat d'ample de banda i l'algorisme de xifrat que s'utilitza. La implementació de qualsevol algorisme de xifrat en entorns de baix ample de banda degrada la veu a causa de l'augment de la pèrdua de paquets i latència dels paquets de qualitat, però quan l'ample de banda augmenta les trucades de VoIP xifrades proporcionen un millor servei en comparació amb un entorn sense seguretat.Las herramientas modernas de comunicación multimedia deben tener alta seguridad, alta disponibilidad y alta calidad de servicio (QoS). Ningún tipo de implementación de seguridad tendrá un impacto directo en la calidad de servicio. En este artículo se investiga como la seguridad de extremo a extremo impacta en la calidad de servicio de voz sobre el Protocolo de Internet (VoIP). La calidad de servicio se mide en términos de pérdida de proporción de paquetes, latencia y jitter utilizando diferentes algoritmos de encriptación, sin seguridad y sólo con el uso de cortafuegos IP en local y en redes de área amplia (LAN y WAN). Los resultados de las pruebas de laboratorio indican que el impacto general sobre el rendimiento de VoIP depende de la disponibilidad de ancho de banda y el algoritmo de cifrado que se utiliza. La implementación de cualquier algoritmo de cifrado en entornos de bajo ancho de banda degrada la voz debido al aumento de la pérdida de paquetes y latencia de los paquetes de calidad, pero cuando el ancho de banda aumenta las llamadas de VoIP cifradas proporcionan un mejor servicio en comparación con un entorno sin seguridad