Abstract
Simple username and password are used as the only credential for virtual private network (VPN) access in most authentication schemes. The absence of strong security measures in user’s platform invites attacks on integrity and confidentiality of data in private networks and consequently posts threats to other users who use the same VPN service. An authentication scheme based on verifying platform attributes is presented in this paper, which contains a notion of multi-level classification to satisfy different VPN systems. The implementation of the attribute expression and the authentication framework under an example of access policy is provided. Two cryptographic methods are introduced to achieve privacy protection in the network communication, including hash value conversion and attribute based encryption. Trusted computing is also included to guarantee the authenticity of platform attributes. This authentication scheme is distinctive that combines platform attributes with traditional credentials for VPN access attestation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
George, P., Maunier, G.: Combining user and platform trust properties to enhance VPN client authentication. Secur. Manage. 5, 297–303 (2005)
Liu, H.-w., Wei, G.-b.: Application of trusted computing compliance in VPN. J. Comput. Appl. 12, 2935–2937 (2006)
Baiardi, F., Cilea, D., Sgandurra, D., Ceccarelli, F.: Measuring semantic integrity for remote attestation. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 81–100. Springer, Heidelberg (2009)
Bente, I., Hellmann, B., Vieweg, J., von Helden, J., Welzel, A.: Interoperable remote attestation for VPN environments. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 302–315. Springer, Heidelberg (2011)
Liang, Y., Guo, K., Li, J.: The remote attestation design based on the identity and attribute certificates. In: 11th International Computer Conference on Wavelet Active Media Technology and Information Processing, pp. 325–330. IEEE (2014)
Yang, S. Y.: Dynamic remote attestation on CP-ABE algorithm. In: Applied Mechanics and Materials, pp. 259–265. Trans Tech Publications (2015)
Mason, A.: CCSP Self-Study: Cisco Secure Virtual Private Networks. Pearson Higher Education (2004)
Internet key exchange (IKEv2) protocol. RFC 4306 (Proposed Standard). https://tools.ietf.org/html/rfc4306
Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 457–473. Springer, Heidelberg (2005)
Thanh, P.N., Kim, K.: A methodology for implementation and integration two-factor authentication into VPN. In: IEEE 31st International Performance Computing and Communications Conference, pp. 195–196. IEEE (2012)
Pan, T., Xu, C., Hu, D., Li, Y., Wang, Y.: A proxy type identity authentication scheme based on SSL VPN. In: Proceedings of the 2013 Fifth International Conference on Multimedia Information Networking and Security, pp. 9–12. IEEE Computer Society (2013)
Jeong, J., Chung, M.Y., Choo, H.: Integrated OTP-based user authentication scheme using smart cards in home networks. In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences, pp. 294–294. IEEE (2008)
Schiller, E.I., Luminita, D.C.C.: SSL VPN security issues. Global J. Technol. 2, 120–126 (2012)
Insider threat control: using a SIEM signature to detect potential precursors to IT sabotage. http://www.cert.org/archive/pdf/SIEM-Control.pdf
Li, X.-Y., Zuo, X.-D., Shen, C.-X.: System behavior based trustworthiness attestation for computing platform. Acta Electronica Sinica 35, 1234 (2007)
Chen, X., Han, Z., Liu, J.-Q.: Data protection technology in classified networks. J. Univ. Electron. Sci. Technol. Chin. 42, 144–149 (2013)
Zhao, B., Zhang, H., Guo, H., Qi, Y.: White list security management mechanism based on trusted computing technology. System 1, 6 (2015)
Simpson, A.K., Schear, N., Moyer, T.: Runtime integrity measurement and enforcement with automated whitelist generation. IEEE Trans. 8, 1230–1242 (2013)
Microsoft security bulletin. https://technet.microsoft.com/en-us/security/bulletin/
Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy, pp. 321–334. IEEE (2007)
Acknowledgements
We gratefully thank the anonymous reviews for their valuable feedback. This research was supported by the National Natural Science Foundation of China (NSFC) under grants No. 61502030. Any opinions, findings, and conclusions expressed in this material are those of the authors and do not necessarily reflect the views of the NSFC.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, X., Liu, J., Shi, Y., Han, Z. (2015). An Enhanced Authentication Scheme for Virtual Private Network Access Based on Platform Attributes of Multi-level Classification. In: Niu, W., et al. Applications and Techniques in Information Security. ATIS 2015. Communications in Computer and Information Science, vol 557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48683-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-662-48683-2_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48682-5
Online ISBN: 978-3-662-48683-2
eBook Packages: Computer ScienceComputer Science (R0)