Abstract
The evolution and era of the latest programs and services, collectively with the enlargement of encrypted communications, make it difficult for site visitors within a safety enterprise. Virtual private networks (VPNs) are an instance of encrypted communique provider that is becoming famous, as a way for bypassing censorship in addition to gaining access to offerings which are geographically locked. This paper reviews the layout of an IP security, VPN. The Cisco Packet lines platform is used for the simulation, evaluation and verification. It uses a virtual connection to carry the records packets from a non-public network to remote places.
Access provided by Autonomous University of Puebla. Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Individuals who use the Internet are highly exposed to social media exploitation where they are victims of attacks. Due to the various attack and vulnerability that data are exposed to when been transmitted from a sender to a receiver, a protection mechanism ought to be provided to address several safety assaults on statistics transmission through the Internet. There are different attacks over the Internet, such as the denial-of-service attack which makes the network service unavailable by flooding network traffic to the target which exhausts the processing power of the target [1, 2]; information has been changed either accidentally or by malicious attack affects the integrity of the data or creates false information. Eavesdropping on data containing confidential information, such as the location, keys and even passwords of the node, can be redirected to another location. Many security mechanisms have been reviewed to protect data integrity, confidentiality, availability, authenticity and non-repudiation. Cell users want to get entry to assets from their company or domestic network in an efficient but relaxed manner which is done with the help virtual private network (VPN) connections. VPN is a virtual connection routed through the Internet on a public network, from the sender’s private network to the receiver. VPN aims to initiate a secure communication path among different networks. It is usually created across the public network [3]. VPN tunnels are used to maintain the privacy of statistics shared over the physical network connection protecting packet-level encryption, consequently making it very hard to become aware of the programs strolling through these VPN services [4].
Authors in [5] showed that a current survey indicated that almost 50% of agencies would adopt the preceding idea by 2025. VPN provides privacy which prevents intermediated users from eavesdropping, altering or deleting the data, authentication which validates that the packet sent by the authorized sender, checks that the data is not altered and prevent intermediate users from copying and resending the information. A VPN tunnel is created for the information to be secured over the physical community connection, maintaining packet-stage encryption, making it very hard to discover the software passing through the VPN offerings. This paper focuses on secure communication using a VPN.
VPNs continue to develop with an increasing number of options that is frequently used in both big and small organization. They also have an advantage of flexibility, connectivity and security at cheap cost. Organizational gains from VPN are reduction in cost and increases in scalability and productivity without compromising the security [6]. This study covers the simulation, evaluation and verification with the help of a packet tracer simulator.
The main aim of the present work is to design a simple system that uses a VPN to secure wireless communication. The following are the main objectives of the presented work.
-
1.
To show how to protect data from being attack over the Internet.
-
2.
To enable communication to be kept private between only the receiver and sender.
-
3.
To show how VPN is over other security mechanisms such as firewall defense.
A brief knowledge of the work is given in this section. Section 2 presented related works in the field of secured communication. Section 3 outlines the method that is used for design and implementation and results. Section 4 describes the conclusion and future work.
2 Related Works
We have reviewed the related works in several databases. The summary of all those important and selected studies is given in Table 1.
There are several other related works [8, 23, 24] available in the literature but due to limitation of work, we are not providing details.
3 Methodology and Results
CISCO packet tracer is used for the design and the simulation of the proposed network using VPN. Only the authorized user will be able to communicate with the other network. The routers will be configured with advance encryption standard to protect data and privacy, Hash-sha tool for IP security authentication, ISAKMP protocol to ensure that two hosts agree on how to build a security association.
3.1 Design and Implementation
Any device connected to the Internet has an IP address which is a sequence of number; a VPN will mask the IP address. An IP address identifies address and location, and a VPN erases IP address from been detected, encrypts your data and keeps your activities private but they do reduce the speed due to the extra security.
For a system to have a working VPN, the following must be configured.
-
1.
Access-list to permit corresponding traffic that will go over the tunnel.
-
2.
ISAKMP policy and ISAKMP key. It is used to set up key authentication and tunnel.
-
3.
IP sec transform-set. It provides authentication and integrity.
-
4.
Crypto map. The crypto map should be applied to the interface.
VPN tunnel must have a security license on the router. The encryption algorithm that was used is the advanced encryption standard (AES) with a key of 256, to protect data and ensure privacy. The IPsec message integrity used is the HMAC-SHA which defines the key size to support different encryption key size. The pre-shared authentication key was used to require VPN devices on each end to configure with the identical mystery key.
Figure 1 shows a conceptual diagram of the VPN network within an organization with all configured interfaces. If the interfaces are not connected to an IP address, there cannot be any form of communication, secured or not secured. This IP address is a unique identifier that indicates the location of a device and governs the way data is sent over the Internet. In the fig above, router 3 interface is having an IP address of 209.165.100.2 and 209.165.200.2, router 4 209.168.100.1 and 192.168.1.1 and router 5 209.165.100.2 and 192.168.3.1
Theoretical diagram of a VPN network
Figure 2 shows that the router does not have a security license. Without this security license VPN encryption, secure collaborative encryption, dynamic multipoint VPN is impossible. The securityk9 can be checked by using the “show version” command in the privilege mode. The security license has been configured and shown in Figs. 3 and 4
Router without security license
Configuration of the security license
Router with security license
Figure 5 shows the access-list configuration. The access-list grants permission to allow traffic from one network to the other through the tunnel. The access-list only allow listed IP addresses to communicate across the tunnel.
Access-list
The policy and key enable the router to utilize IP security as showed in Fig. 6. Every ISAKMP coverage is assigned a unique precedence number among 1 and 10,000. The coverage with precedence number 1 is considered the highest priority policy.
ISAKM policy and ISAKM key
Figure 7 shows the IP sec transform-set configuration, which verifies authentication and integrity. A transform set is a merger of an IP sec transforms designed to enact a particular protection coverage for data traffic
IPsec transform-set
Figure 8, shows the crypto mapping configuration. A crypto map is a configuration entity that select data flow that needs security processing. A crypto map must be named. In the configuration above, the crypto map name is “IPSEC-MAP”. Figure 9 shows interface of the crypto map.
Crypto map
The interfaces applied to the crypto map
3.2 Result and Discussion
When using the real-time mode to check for the communication process, it is observed that laptop 2 could communicate with laptop 3 without router three been aware of the network; this process is seen using the simulation mode as shown in Fig. 10. Information about the VPN is checked from the inbound PDU details; it is noticed that router 3 had no idea about router 4 and router 5 but they are pinging across router 3 because of the VPN. From the simulation result below, only the source IP address 192.168.1.10 and the destination IP addresses 192.168.3.10 are seen, but the path through which the packet goes through is not recognized.
Simulation result
4 Conclusion and Future Work
This paper presented a VPN architecture within an organization that proposed solution to secure traffic through authentication, authorization, payload encryption and privacy protection. Simulation result on cisco packet tracer verifies that they provide secured traffic communication. This paper proposed a simple VPN solution that can be used in an organization. They also have the advantage of flexibility, connectivity and security at cheap cost. Organizational gains from VPN are increased in the scalability and productivity. Future work can be carried out by using other simulation packages order than cisco packet tracer for a simple VPN connection within an organization, and also, the model can also be expanded by using VPN connections across multiple countries.
References
Odusami, M., Misra, S., Adetiba, E., Abayomi-Alli, O., Damasevicius, R., Ahuja, R.: An improved model for alleviating layer seven distributed denial of service intrusion on webserver. J. Phys.: Conf. Ser. 1235(1), 012020 (2019)
Odusami, M., Misra, S., Abayomi‐Alli, O., Abayomi‐Alli, A., Fernandez‐Sanz, L.:. A survey and meta‐analysis of application‐layer distributed denial‐of‐service attack. Int. J. Commun. Syst. 33(18), e4603 (2020)
Draper-gil, G., Lashkari, A.H., Saiful, M., Mamun, I., Ghorbani, A.A.: Characterization of encrypted and VPN traffic using time-related features. In: Proceedings of the 2nd International Conference on Information Systems Security And Privacy (ICISSP), pp. 407–414, 2016
Busschbach, P.B.: ♦ Toward QoS-capable virtual private networks. Bell Labs Tech. J. 3(4), 161–175 (1998)
Deshmukh, D., Iyer, B.: Design of IPSec virtual private network for remote access. In: 2017 International Conference on Computing, Communication and Automation (ICCCA), pp. 716–719. IEEE, 2017
Nawej, M.C., Technologiae, M.: Evaluation of virtual private network impact on network performance (2016)
Liyanage, M., Gurtov, A.: Secured VPN models for LTE backhaul networks. In: 2012 IEEE Vehicular Technology Conference (VTC Fall), Sept 2015, pp. 1–5. IEEE
Jaha, A.A., Ben Shatwan, F., Ashibani, M.: Proper virtual private network (VPN) solution. In: Proceedings of 2nd International Conference on Next Generation Mobile Applications, Services, and Technologies, NGMAST 2008, pp. 309–314, 2008
Azhar, M.A., Saudi, M.M., Ahmad, A., Bakar, A.A.: Detection of social media exploitation via SMS and Camera. IJIM 13(4), 61–78 (2019). Last accessed 01 Mar 21. https://www.learntechlib.org/p/208525/paper_208525.pdf
Chze, P.L.R., Leong, K.S.: A secure multi-hop routing for IoT communication. In: 2014 IEEE World Forum on Internet of Things, WF-IoT 2014
Das, A., Islam, M.M.: SecuredTrust: a dynamic trust computation model for secured communication in multiagent systems. 9(2), (2012)
Sarika, S., Pravin, A., Vijayakumar, A., Selvamani, K.: Security issues in mobile ad hoc networks. Proc. Comput. Sci. 3(5), 1022–1024 (2014)
Wu, B., Chen, J., Wu, J., Cardei, M.: COUNTERMEASURES IN
Dinesh, D., Kumar, A., Singh, J.: Security attacks in mobile adhoc networks (MANET): a literature survey. Int. J. Comput. Appl. 122(20), 31–35 (2015)
Zhou, L., Haas, Z.J.: Securing ad hoc networks. IEEE Netw. 13(6), 24–30 (1999)
Manvi, S.S., Tangade, S.: A survey on authentication schemes in VANETs for secured communication. Veh. Commun. (2017)
Assadhan, B., Moura, J.M.F., Lapsley, D., Jones, C., Strayer, W.T.: Detecting botnets using command and control traffic, 4, 156–162 (2009)
Lan, J., Zhou, J., Liu, X.: An area-efficient implementation of a message authentication code (MAC) algorithm for cryptographic systems. In: IEEE Reg. 10 Annual International Conference Proceedings/TENCON, pp. 1977–1979, 2017
Liu, Z., Lallie, H.S., Liu, L., Zhan, Y., Wu, K.: A hash-based secure interface on plain connection, 1236–1239 (2011)
Padmavathi, G., Subashini, P., Aruna, M.D.D.: ZRP with WTLS key management technique to secure transport and network layers in mobile adhoc networks. Int. J. Wirel. Mob. Netw. 4(1), 129–138 (2012)
Liang, Y., Poor, H.V., Shamai, S.: Secure communication over fading channels. IEEE Trans. Inf. Theory 54(6), 2470–2492 (2008)
Kobayashi, M., Shitz, S.S.: Secured communication over frequency-selective fading channels : a practical vandermonde precoding, 2009 (2009)
Azeez, N.A., Salaudeen, B.B., Misra, S., Damaševičius, R., Maskeliūnas, R.: Identifying phishing attacks in communication networks using URL consistency features. Int. J. Electron. Secur. Digit. Forensics 12(2), 200–213 (2020)
Osho, O., Musa, F.A., Misra, S., Uduimoh, A.A., Adewunmi, A., Ahuja, R.: AbsoluteSecure: a tri-layered data security system. Commun. Comput. Inf. Sci. 1078, 243–255
Acknowledgements
The authors appreciate the sponsorship from Covenant University through its Center for Research, Innovation and Discovery, Covenant University, Ota Nigeria.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ezra, P.J., Misra, S., Agrawal, A., Oluranti, J., Maskeliunas, R., Damasevicius, R. (2022). Secured Communication Using Virtual Private Network (VPN). In: Khanna, K., Estrela, V.V., Rodrigues, J.J.P.C. (eds) Cyber Security and Digital Forensics . Lecture Notes on Data Engineering and Communications Technologies, vol 73. Springer, Singapore. https://doi.org/10.1007/978-981-16-3961-6_27
Download citation
DOI: https://doi.org/10.1007/978-981-16-3961-6_27
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-3960-9
Online ISBN: 978-981-16-3961-6
eBook Packages: EngineeringEngineering (R0)