Abstract
The main aims of Virtual Private Network (VPN) are to isolate a distributed network from outsiders, as well as to protect the confidentiality and integrity of sensitive information traversing a non-trusted network such as the Internet. However, some problems arise when security is considered as the unique problem because VPN users suffer from restrictions in their access to the network. They are not free to use traditional Internet services such as electronic mail exchange with non-VPN users, and to access Web and FTP servers external to the organization. This paper presents a new solution that allows the open use of traditional network services running over TCP and UDP layers, while maintaining strong security features. The new scheme works at the TCP/IP transport layer and does not require the addition of new hardware because it is a totally software solution. As a consequence, the application is totally portable. Moreover, and because of its implementation at the transport layer, there is no need to modify any traditional communication applications previously installed in the network system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Atkinson, R. Security Architecture for the Internet Protocol. RFC 1825, August 1995.
Black, U. Frame-Relay: Specifications and Implementations, McGraw-Hill, 1994.
Davila, J., Lopez, J., Peralta, R. Implementation of Virtual Private Networks at the Transport Layer, Second International Information Security Workshop (ISW’99), LNCS 1729, November 1999, pp. 85–102
Dierks, T., Allern, C. The TLS Protocol Version 1.0. RFC2246, January 1999.
Harbison, R. Frame-Relay: Technology for our Time, LAN Technology, December 1992.
Horowitz, M., Lunt, S. FTP Security Extensions. RFC 2228, October 1997.
Lai, X.; Massey, J. Hash Functions Based on Block Ciphers. Advances in Cryptology. EUROCRYPT’ 92, Springer-Verlag, 1992, pp. 55–70.
Linn, J. Privacy Enhancement for Internet Electronic Mail: Part I-Message Encipherment and Authentication Procedures. RFC 989, February 1987.
Microsoft Corporation. The Private Communication Technology, 1997.
National Bureau of Standards. Data Encryption Standard. U.S. Department of Commerce, FIPS pub. 46, January 1977.
National Institute of Standards and Technology, NIST FIPS PUB 180. Secure Hash Standard. U.S. Department of Commerce, May 1993.
Netscape Communications. SSL 3.0 Specification.
Ramsdell, B. “S/MIME Version 3.1 Message Specification”, Internet Draft, February 2002.
Rivest, R. The MD5 Message Digest Algorithm. RFC 1321, April 1992.
Rivest, R. “The RC4 Encryption Algorithm”, RSA Data Security, Mar 1992.
Schiffman, A., Rescorla, E. The Secure Hypertext Transfer Protocol. Internet Draft, June 1998.
Schneier, B. Description of a NewVariable-Lenght Key, 64-Bit Block Cipher (Blow-fish). Fast Security Workshop Proceedings, Springer-Verlag, 1994, pp. 191–204.
Zimmermann, P.R. The Official PGP User’s Guide. MIT Press, 1995.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lopez, J., Montenegro, J.A., Roman, R., Davila, J. (2002). Design of a VPN Software Solution Integrating TCP and UDP Services. In: Davida, G., Frankel, Y., Rees, O. (eds) Infrastructure Security. InfraSec 2002. Lecture Notes in Computer Science, vol 2437. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45831-X_23
Download citation
DOI: https://doi.org/10.1007/3-540-45831-X_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44309-4
Online ISBN: 978-3-540-45831-9
eBook Packages: Springer Book Archive