论文信息 - EasyVPN: IPsec Remote Access Made Easy

EasyVPN: IPsec Remote Access Made Easy

Telecommuting and access over a Wireless LAN require strong security at the network level. Although IPsec is well-suited for this task, it is difficult to configure and operate a large number of clients. To address this problem, we leverage the almost universal deployment and use of web browsers capable of SSL/TLS connections to web servers and the familiarity of users with such an interface. We use this mechanism to create configurations and certificates that will be downloaded to the user's machine and be used by a program to perform all configuration on the user's system.Our system builds on common security protocols and standards such as IKE, X.509, and SSL/TLS to provide users with a secure-access environment that "just works." One of the main goals of the system is ease of use both for the users and the system administrators that maintain the infrastructure. We describe our implementation that uses Linux FreeS/WAN and Windows to show the practicality of the approach.

Angelos D. Keromytis | Mark C. Benvenuto

[1] Bill Sommerfeld. Requirements for an IPsec API , 2003 .

[2] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[3] Steven M. Bellovin,et al. Client Certificate and Key Retrieval for IKE , 2000 .

[4] Dinesh C. Verma,et al. IPSECvalidate: A Tool to Validate IPSEC Configurations , 2001, LISA.

[5] Dan Harkins,et al. The Internet Key Exchange (IKE) , 1998, RFC.

[6] John Ioannidis,et al. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[7] Steven M. Bellovin,et al. Moat: a Virtual Private Network Appliance and Services Platform , 1999, LISA.

[8] Stephen T. Kent,et al. Security Architecture for the Internet Protocol , 1998, RFC.

[9] Hugo Krawczyk,et al. PIC, A Pre-IKE Credential Provisioning Protocol , 2004 .

[10] Tim Jenkins. IPSec Monitoring MIB , 1998 .

[11] Sankar Ramamoorthi,et al. Requirements for IPsec Remote Access Scenarios , 2003, RFC.

[12] He Huang,et al. IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution , 2001, POLICY.