Abstract

TLS-based VPN are increasingly used to establish a secure communication channel between VPN clients and server. However, they are not designed to handle the mobility VPN clients in efficient manner. OpenVPN, a widely deployed TLS VPN, binds VPN sessions with the clients and server IP addresses. A vertical handover will require an inactivity timeout to be triggered and full TLS handshake thereafter for the mobile client to resume the VPN session. Moreover, A VPN server that changes its IP address frequently as part of an MTD strategy will require the VPN clients to reconnect after their inactivity timeouts trigger with yet full TLS handshake. In this work, we developed and evaluated a lightweight VPN session resumption protocol that allows a VPN client or server to request an IP address update on-demand, maintaining the original TLS/VPN session. We implemented our protocol as part of MobiVPN which is a variation of OpenVPN. Our evaluation shows that VPN sessions can be maintained and resumed after an IP address change with an average of 97.19% decrease in time required to resume the VPN session in MobiVPN compared to the original OpenVPN.

Original languageEnglish (US)
Title of host publication2018 IEEE International Conference on Communications, ICC 2018 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Volume2018-May
ISBN (Print)9781538631805
DOIs
StatePublished - Jul 27 2018
Event2018 IEEE International Conference on Communications, ICC 2018 - Kansas City, United States
Duration: May 20 2018May 24 2018

Other

Other2018 IEEE International Conference on Communications, ICC 2018
CountryUnited States
CityKansas City
Period5/20/185/24/18

Fingerprint

Servers
Network protocols

Keywords

  • Availability
  • Mobile VPN
  • Mobility
  • MTD
  • OpenVPN
  • Security
  • VPN

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

Alshalan, A., & Huang, D. (2018). Prompt lightweight VPN session resumption for rapid client mobility and MTD enablement for VPN servers. In 2018 IEEE International Conference on Communications, ICC 2018 - Proceedings (Vol. 2018-May). [8422080] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICC.2018.8422080

Prompt lightweight VPN session resumption for rapid client mobility and MTD enablement for VPN servers. / Alshalan, Abdullah; Huang, Dijiang.

2018 IEEE International Conference on Communications, ICC 2018 - Proceedings. Vol. 2018-May Institute of Electrical and Electronics Engineers Inc., 2018. 8422080.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Alshalan, A & Huang, D 2018, Prompt lightweight VPN session resumption for rapid client mobility and MTD enablement for VPN servers. in 2018 IEEE International Conference on Communications, ICC 2018 - Proceedings. vol. 2018-May, 8422080, Institute of Electrical and Electronics Engineers Inc., 2018 IEEE International Conference on Communications, ICC 2018, Kansas City, United States, 5/20/18. https://doi.org/10.1109/ICC.2018.8422080
Alshalan A, Huang D. Prompt lightweight VPN session resumption for rapid client mobility and MTD enablement for VPN servers. In 2018 IEEE International Conference on Communications, ICC 2018 - Proceedings. Vol. 2018-May. Institute of Electrical and Electronics Engineers Inc. 2018. 8422080 https://doi.org/10.1109/ICC.2018.8422080
Alshalan, Abdullah ; Huang, Dijiang. / Prompt lightweight VPN session resumption for rapid client mobility and MTD enablement for VPN servers. 2018 IEEE International Conference on Communications, ICC 2018 - Proceedings. Vol. 2018-May Institute of Electrical and Electronics Engineers Inc., 2018.
@inproceedings{cef72389101a4982a1412d3cb9d97c47,
title = "Prompt lightweight VPN session resumption for rapid client mobility and MTD enablement for VPN servers",
abstract = "TLS-based VPN are increasingly used to establish a secure communication channel between VPN clients and server. However, they are not designed to handle the mobility VPN clients in efficient manner. OpenVPN, a widely deployed TLS VPN, binds VPN sessions with the clients and server IP addresses. A vertical handover will require an inactivity timeout to be triggered and full TLS handshake thereafter for the mobile client to resume the VPN session. Moreover, A VPN server that changes its IP address frequently as part of an MTD strategy will require the VPN clients to reconnect after their inactivity timeouts trigger with yet full TLS handshake. In this work, we developed and evaluated a lightweight VPN session resumption protocol that allows a VPN client or server to request an IP address update on-demand, maintaining the original TLS/VPN session. We implemented our protocol as part of MobiVPN which is a variation of OpenVPN. Our evaluation shows that VPN sessions can be maintained and resumed after an IP address change with an average of 97.19{\%} decrease in time required to resume the VPN session in MobiVPN compared to the original OpenVPN.",
keywords = "Availability, Mobile VPN, Mobility, MTD, OpenVPN, Security, VPN",
author = "Abdullah Alshalan and Dijiang Huang",
year = "2018",
month = "7",
day = "27",
doi = "10.1109/ICC.2018.8422080",
language = "English (US)",
isbn = "9781538631805",
volume = "2018-May",
booktitle = "2018 IEEE International Conference on Communications, ICC 2018 - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Prompt lightweight VPN session resumption for rapid client mobility and MTD enablement for VPN servers

AU - Alshalan, Abdullah

AU - Huang, Dijiang

PY - 2018/7/27

Y1 - 2018/7/27

N2 - TLS-based VPN are increasingly used to establish a secure communication channel between VPN clients and server. However, they are not designed to handle the mobility VPN clients in efficient manner. OpenVPN, a widely deployed TLS VPN, binds VPN sessions with the clients and server IP addresses. A vertical handover will require an inactivity timeout to be triggered and full TLS handshake thereafter for the mobile client to resume the VPN session. Moreover, A VPN server that changes its IP address frequently as part of an MTD strategy will require the VPN clients to reconnect after their inactivity timeouts trigger with yet full TLS handshake. In this work, we developed and evaluated a lightweight VPN session resumption protocol that allows a VPN client or server to request an IP address update on-demand, maintaining the original TLS/VPN session. We implemented our protocol as part of MobiVPN which is a variation of OpenVPN. Our evaluation shows that VPN sessions can be maintained and resumed after an IP address change with an average of 97.19% decrease in time required to resume the VPN session in MobiVPN compared to the original OpenVPN.

AB - TLS-based VPN are increasingly used to establish a secure communication channel between VPN clients and server. However, they are not designed to handle the mobility VPN clients in efficient manner. OpenVPN, a widely deployed TLS VPN, binds VPN sessions with the clients and server IP addresses. A vertical handover will require an inactivity timeout to be triggered and full TLS handshake thereafter for the mobile client to resume the VPN session. Moreover, A VPN server that changes its IP address frequently as part of an MTD strategy will require the VPN clients to reconnect after their inactivity timeouts trigger with yet full TLS handshake. In this work, we developed and evaluated a lightweight VPN session resumption protocol that allows a VPN client or server to request an IP address update on-demand, maintaining the original TLS/VPN session. We implemented our protocol as part of MobiVPN which is a variation of OpenVPN. Our evaluation shows that VPN sessions can be maintained and resumed after an IP address change with an average of 97.19% decrease in time required to resume the VPN session in MobiVPN compared to the original OpenVPN.

KW - Availability

KW - Mobile VPN

KW - Mobility

KW - MTD

KW - OpenVPN

KW - Security

KW - VPN

UR - http://www.scopus.com/inward/record.url?scp=85051419361&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85051419361&partnerID=8YFLogxK

U2 - 10.1109/ICC.2018.8422080

DO - 10.1109/ICC.2018.8422080

M3 - Conference contribution

AN - SCOPUS:85051419361

SN - 9781538631805

VL - 2018-May

BT - 2018 IEEE International Conference on Communications, ICC 2018 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

ER -