AbstractIntroductionBackgroundThe ProblemAuthenticationKey ExchangeEncryptionSpeed ComparisonsConclusionFuture WorkTable of FiguresReferencesScott, Charlie; Wolfe, Paul; Erwin, Mike Virtual Private Networks, Second EditionVirtual Private NetworksJeff RuppCS691 Semester Project- 1 -Instructor: Dr. Chow- 2 -Table Of ContentsAbstract.........................................................................................................................................................3Introduction..................................................................................................................................................4Background...................................................................................................................................................6The Problem.................................................................................................................................................7Authentication..............................................................................................................................................8Key Exchange.............................................................................................................................................10Encryption..................................................................................................................................................12Speed Comparisons....................................................................................................................................14Conclusion..................................................................................................................................................15Future Work................................................................................................................................................16Table of Figures..........................................................................................................................................17References..................................................................................................................................................18- 3 -AbstractVirtual Private Networks (VPNs) are a means of employing the Internet as an extension of a company’s truly private internal network. VPNs accomplish this by securely encrypting the traffic that is associated with them. Before the advent of the VPN, a company that wanted to include remote offices or employees traveling on business had toutilize expensive leased lines, pay other companies that specialized in providing Wide Area Networks with secure connections, or pay for long distance dial up charges. The security of the VPN is based on secure encryption of the information being transmitted, positive authentication of the VPN Gateway and remote user, and secure key communication between the VPN Gateway and the remote user.- 4 -IntroductionVirtual Private Networks (VPNs) consist of a VPN gateway to a company’s internal network, and clients that require access to that internal network from a remote location via the Internet. The privacy is achieved by encrypting the data traveling between two machines on the very public Internet. The privacy is ensured by the encryption that is used to protect not just the data in the packet, but also the internal IP addresses and ports that the clients of the VPN are using. The protection of the IP and port is important to theoverall security because it prevents snoopers from doing traffic analysis and using that to find weaknesses, or infer sensitive information. The IP and port of the VPN gateway are the only pieces of information transmitted in the clear.VPNs enable employees to easily work from home, with complete access to all the internal network files that they have at their desk at work. The cost of this access is the added burden on the remote user’s machine and the VPN gateway of doing the encryption and decryption of all the packets that will travel between them. There are many advantages to this ready access, such as: Sales people on the road can immediatelyaccess internal databases to check stock or backorder status, or on site customer service can be performed nearly seamlessly since the technician has access to all of the tools he would have at his desk. A common approach is to use a software package such as PC Anywhere or Timbuktu, that allows complete remote control of a PC, so that the remote user has his work PC on his remote machine.- 5 -This same access could be provided without the use of a VPN, but the security risk wouldbe horrendous. Any attacker would have ready access to all the data traveling to and from the no longer private internal network, and attackers would be able to easily gain direct access to the internal network to snoop, modify, or destroy all of the company’s private information.FIGURE 1- 6 -RemoteVPN ClientInternetVPNGateway“Tunnel”BackgroundVirtual Private Networks evolved from a need to provide inexpensive secure access to internal networks. Initially this access was done through expensive leased lines, which provided a constant hardwire link between the separate networks. Other early solutions included frame relays, and companies that specialized in providing this service. With the explosion of the Internet, an alternative means for connection appeared. The problem was that the Internet was not secure. To achieve the security encryption was employed, to include https for secure web traffic, and ssh for secure shell (telnet type) access. Early VPN solutions included the Point to Point Tunneling Protocol (PPTP) fromMicrosoft. This protocol did find moderately extensive use, since it was directly tied in to the ubiquitous Microsoft operating systems (Windows NT, 2000, etc.). An alternative was the Level 2 Tunneling Protocol (L2TP). The Level 2 refers to the OSI Reference Model for computer communications, where layer 2 is the Data Link Layer. Amid these competing protocols the Internet Engineering Task Force (IETF) determined the need for a standard, and set about creating IPSec. IPSec is a set of standards that describe how secure communications should take place, without requiring any specific encryption algorithm. IPSec has since come to dominate the VPN market, though PPTP and L2TP are still used by some.- 7 -The ProblemThe problem associated with remote access is providing the remote