An Analisys of Business VPN Case Studies

A VPN (Virtual Private Network) simulates a secure private network through a shared public insecure infrastructure like the Internet. The VPN protocol provides a secure and reliable access from home/office on any networking technology transporting IP packets. In this article we study the standards for VPN implementation and analyze two case studies regarding a VPN between two routers and two firewalls.VPN; Network; Protocol.

Enabling Practical IPsec authentication for the Internet

On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops (First International Workshop on Information Security (IS'06), OTM Federated Conferences and workshops). Montpellier, Oct,/Nov. 2006There is a strong consensus about the need for IPsec, although its use is not widespread for end-to-end communications. One of the main reasons for this is the difficulty for authenticating two end-hosts that do not share a secret or do not rely on a common Certification Authority. In this paper we propose a modification to IKE to use reverse DNS and DNSSEC (named DNSSEC-to-IKE) to provide end-to-end authentication to Internet hosts that do not share any secret, without requiring the deployment of a new infrastructure. We perform a comparative analysis in terms of requirements, provided security and performance with state-of-the-art IKE authentication methods and with a recent proposal for IPv6 based on CGA. We conclude that DNSSEC-to-IKE enables the use of IPsec in a broad range of scenarios in which it was not applicable, at the price of offering slightly less security and incurring in higher performance costs.Universidad de Montpellier IIPublicad

Architecture for satellite services over cryptographically heterogeneous networks with application into smart grid

The rapid growth in the demand for Future Internet services with many emerging group applications has driven the development of satellite, which is the preferred delivery mechanism due to its wide area coverage, multicasting capability and speed to deliver affordable future services. Nevertheless, security has been one of the obstacles for both satellite services as well as smart grid group applications, especially with logical/geographical/cryptographic domains spanning heterogeneous networks and regions. In this paper, adaptive security architecture is implemented to protect satellite services for smart grid group applications. The focus is on key management and policy provisioning. Leveraging Group Domain of Interpretation (GDOI) as the standard for smart grid centralized key/policy management architecture, a single Domain of Interpretation (DOI) is deployed and evaluated critically in terms of the added protocol signaling overhead on the satellite system for a fixed-network scenario. This also partially realizes the growing trend towards the use of TCP/IP technology for smart grid applications

A framework for IPSec functional architecture.

In today\u27s network, various stand-alone security services and/or proxies are used to provide different security services. These individual security systems implementing one single security function cannot address security needs of evolving networks that require secure protocol such as IPSec. In this paper, we provide a framework for implementing IPSec security functions in a well structured functional architecture. The proposed architecture is modular and allows for composing software applications from products commercially available and developed by different suppliers to implement the entire security requirements of IPSec protocol. In addition the proposed architecture is robust in the sense that it supports open standards and interfaces, and implements security functions of IPSec as an integrated solution under a unified security management system.Dept. of Electrical and Computer Engineering. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2005 .F34. Source: Masters Abstracts International, Volume: 44-03, page: 1451. Thesis (M.Sc.)--University of Windsor (Canada), 2005

Experimental Tests on SCTP over IPSec

As telecommunication technologies evolve, security in communications becomes a more and more relevant issue. IPSec is a set of protocols aiming to enhance security at the IP layer. Specifically, IPSec and IKE are important security mechanism that provide cryptographic-based protection for IP packets, and consequently for IP services. SCTP is a standardized transport protocol whose main features include multihoming and multistreaming, and is gaining momentum as a general-purpose transport protocol. While the simultaneous use of these two protocols is feasible, it is under study how to make them work efficiently. In this paper, we present a simple method to improve SCTP-IPSec-IKE compatibility by modifying the structure of the Security Associations. Despite the conceptual simplicity of our proposal, it has not been proposed before in related literature.This research has been supported by project grant TEC2007-67966-01/TCM (CON-PARTE-1) and it is also developed in the framework of "Programa de Ayudas a Grupos de Excelencia de la Región de Murcia, de la Fundación Séneca, Agencia de Ciencia y Tecnología de la RM (Plan Regional de Ciencia y Tecnología 2007/2010)

Simultaneous Implementation Of Ssl And Ipsec Protocols For Remote Vpn Connection

A Virtual Private Network is a wide spread technology for connecting remote users and locations to the main core network. It has number of benefits such as cost-efficiency and security. SSL and IPSec are the most popular VPN protocols employed by large number of organizations. Each protocol has its benefits and disadvantages. Simultaneous SSL and IPSec implementation delivers efficient and flexible solution for companies’ with heterogeneous remote connection needs. On the other hand, employing two different VPN technologies opens questions about compatibility, performance, and drawbacks especially if they are utilized by one network device. The study examines the behavior of the two VPN protocols implemented in one edge network device, ASA 5510 security appliance. It follows the configuration process as well as the effect of the VPN protocols on the ASA performance including routing functions, firewall access lists, and network address translation abilities. The paper also presents the cost effect and the maintenance requirements for utilizing SSL and IPSec in one edge network security devic

Secure Remote Access IPSEC Virtual Private Network to University Network System

With the popularity of the Internet and improvement of information technology, digital information sharing increasingly becomes the trend. More and More universities pay attention to the digital campus, and the construction of digital library has become the focus of digital campus. A set of manageable, authenticated and secure solutions are needed for remote access to make the campus network be a transit point for the outside users. Remote Access IPSEC Virtual Private Network gives the solution of remote access to e-library resources, networks resources and so on very safely through a public network. It establishes a safe and stable tunnel which encrypts the data passing through it with robust secured algorithms. It is to establish a virtual private network in Internet, so that the two long-distance network users can transmit data to each other in a dedicated network channel. Using this technology, multi-network campus can communicate securely in the unreliable public internet

Extension of IPSec for Port Control

インターネットは現代社会において欠くことのできない存在となっている。最近では、外出先などからインターネットを使って安全に社内へアクセスしたり、特定のビジネスパートナーに対して安全に情報提供したりするニーズが高まっている。このようなニーズに対して専用線を用いる方法があるが、コストが高いという問題があった。インターネットを利用した場合にはコストの削減が可能であるが、データの盗聴・改ざんの危険が存在する。この両方の問題を改善するものとしてVPN (Virtual Private Network)が考えられた。VPNに使われる技術の１つにIPsecがある。本論文では、このIPsecについて、アプリケーションごとに制御できるように機能の追加を行う。修士論

Secure time information in the internet key exchange protocol

Many network services and protocols can work correctly only when freshness of messages sent between participants is assured and when the protocol parties’ internal clocks are adjusted. In this paper we present a novel, secure and fast procedure which can be used to ensure data freshness and clock synchronization between two communicating parties. Next, we show how this solution can be used in other cryptographic protocols. As an example of application we apply our approach to the Internet Key Exchange (IKE) protocol family