General Definition Of Virtual Private Networks

Published Date: 02 Nov 2017

Introduction :

VPN (Virtual Private Network), a communication network which may consist of many grouping of technologies for secured tunneled connection. "Virtual" connection is more secured network, while we compared to a common connection, such as leased line, a "virtual" connection connects between geographically isolated users and networks which can be a shared or public network, like the Internet. In the virtual private network the data transmits through tunneling process. Before transmitting a packet, the packet will wrap in a new packet which will have a new header. This header will contain routing information so that it may be send through a shared or public network, before the packet reaches its tunnel endpoint. This path will be called logical path and this path will send the encapsulated packets which are wrapped, during the transmission, will travel through a tunnel. When each of these packets reaches at the tunnel endpoint, the packet is "decapsulated" and then forwarded to its final destination. Both endpoints of tunnel will support the same tunneling protocol.

The most important issues related with the Virtual private network are as follows:

(1) SECURITY ISSUES:

In general Virtual private network uses encryption technique for providing data confidentiality, data reliability and data security. The data which is being transmitted is free from any kind of threat because the data is unreadable for any unauthorized user. It also provides the data integrity which ensures the data is not being interfered during the transmission and data is now secured.

(2) PROCEDURE PERFORMED ON VPN:

VPN mainly use in the organizations, in the following ways:

Remote access Virtual Private Network

Extranet Virtual Private Network

Intranet Virtual Private Network

Wide Area Networks

(3) VARIOUS CATEGORIES OF VPN:

VPNs can be categorized in following ways:

Hardware-based Virtual Private Network

A firewall-based Virtual Private Network

An Secure Sockets Layer (SSL) Virtual Private Network

A software-based Virtual Private Network

Review of Literature :

A General Definition of Virtual Private Networks:

VPN (Virtual Private Network) is a term which is used to describe a communication network that uses any combination of technologies for securing a connection tunneled through an otherwise unsecured or untrusted network. Instead of using a devoted connection, such as leased line, a "virtual" connection is made between geographically dispersed users and networks over a shared or public network, like the Internet [2]. VPN transmits data by the tunneling process. Before transmitting a packet, it is encapsulated in a new packet which has its new header. This header provides routing information so that it can traverse a shared or public network, before it reaches its tunnel endpoint. The logical path which enables encapsulated packets travelling through is called a tunnel. Tunneling protocols are activated at either the OSI (Open System Interconnection) layer two (data-link layer), or layer three (network layer). The most commonly used tunneling protocols are IPSec, L2TP, PPTP and SSL. A packet with a private non-routable IP address can be sent inside a packet with globally unique IP address; thereby extending a private network over the Internet [3].we can start the word "network". A network may consist of any number of devices which can be communicated through some arbitrary method. Devices of this nature include computers, printers, routers, and so forth, and may reside in geographically diverse locations. For the purposes of simplicity, so a "network" is a collection of devices that can communicate in some fashion, and can successfully transmit and receive data amongst themselves.

The term "private" is "virtualization" that means the communications between two (or more) devices and they are certainly unaware of the private relationship altogether. Accordingly, data privacy and data integrity (security) which is very important in aspects of a VPN or we can say the word "private" is through its antonym, "public." A "public" facility is one which is openly accessible, and is managed within the terms and constraints of a common public resource, often via a public administrative entity. By contrast, a "private" facility is one where access is restricted to a defined set of entities, and third parties cannot gain access. Typically, the private resource is managed by the entities that have exclusive right of access.

(4) Types of VPN Services:

There are three basic types of VPN services:

Local Area Network (LAN) Interconnect VPN services.

Dial-up VPN services.

3 Extranet VPN services.

(5) The main tunneling mechanisms are:

GRE (Generic Routing Encapsulation) tunneling between a source and destination router,

Router-to-router or host-to-host tunneling protocols such as L2TP (Layer 2 Tunneling Protocol)

PPTP (Point-to-Point Tunneling Protocol)

DVMRP (Distance Vector Multicast Routing Protocol) tunnels.

IP sec-IP security protocols.

MPLS-Multi Protocol Label Switching

Materials & Methods:

NS2 means network simulator, an open source event driven simulator which is specially designed for the research work in communication network in computer science. Since 1989, NS2 is continuously gaining remarkable interest from various sectors such as industries, academic circles, and government sectors. NS2 may contain many modules for several network components such as transport layer protocol, routing, application, etc. for research purpose and investigating network performance the researchers can use an easy and simple scripting language for configuring a network, and can take results for observation which are generated by NS2. Definitely, NS2 became broadly used open source network simulator. The version 2 of Network Simulator is known as NS2 which is useful in the study of communication network’s nature. By the NS2, the Simulation function of wireless and wired network functions and protocols can be performed for example: routing algorithms, UDP and TCP. NS2 also provides the facility of specifying network Protocols and simulating their parallel behaviors, to the users.

NS2 provides an executable command called ns that takes input argument and the Tcl simulation scripting file. When a Users feeds the Tcl simulation script that sets a simulation, as an input argument of command ns, an executable command. Network simulator 2 may consist of two key main languages that are object oriented language C++ and Object-oriented Tool Command Language (OTcl). In NS2 C++ classified as the backend of the simulation objects, means it describes the internal mechanism of the objects of the simulation. On the other hand Object-oriented Tool Command Language (OTcl) is the frontend and place simulation by assembling and configuring the scheduling events. Both the OTcl and C++ are associated by using TclCL. In OTcl domains variables are also called handles. Handle is nothing but a string which does not contain any functionality. Functionality can be defined as a receiving packet which is defined in the mapped C++ object as class connector. It is cleared that handle of OTcl works as the frontend and interacts with the users. It also defines its own variables and procedures for the interaction.

In the OTcl domain "instprocs" are referred to as member procedure and "instvars" are referred to as instance variable. Network simulator 2 has also a great number of built-in C++ objects and these objects can use for setting up simulation, with Tcl simulation script. The outputs of NS2 can be text based or animation based results.

Class of Tcl:

Tcl Class which is a class of C++, operates like an interface to the OTcl domain. Ëœtclcl/Tcl.cc file offers methods for the following operations:

(i) By using function instance Tcl instance can be achieved.

(ii) By using eval (...), evalc (...), and evalf (...)) functions the instances of OTcl procedures can invoke within the domain of C++.

(iii) By using result (...) and resultf (...)) functions, the results can predict.

(iv) By using error (...)) function, the errors of program can be interpreted.

(v) By using enter (...), delete (...), and lookup (...)) function, references can be get back to TclObjects.

Achieve a Reference to the Instance of Tcl:

Functions of class in C++ are being called through a class object such as "fn" function is called by object "object.fn"). It is cleared that for calling the above functions the eval (...) and result (...) functions of class Tcl are being used. For this purpose an object of class Tcl should be created. In Class Tcl function "instance ()" use for obtaining a static Tcl variable: Tcl& tcl = Tcl::instance ().this instance is static in the simulation.

Procedure of Binding Variables in the Compilation and Interpret the result Hierarchies:

It has been cleared that the interpreted objects and complied objects will have their own variables in one class but both have no permission of accessing the class variables of another class .Network simulator2 gives the permission or we can say such mechanism for binding variables of a both class in hierarchy type together. Once the binding process done, if there is any change in variables of a class in one hierarchy, the change in bounded class variable hierarchy will result automatically.

Observations, Result & Discussion:

By this method a algorithm is proposed for a model that can performed

In the newly proposed model for VPN the four main basic functions of security for the text message in communication access over a VPN network may be present in earlier network but reasonably week in terms of security.

Authentication – means validation of the data which is sent from the authorized sender.

Address Management – means limiting the access of unauthorized users.

Data Encryption – avoiding the data to be read or copied as the data is being transported.

Key Management – means security of data that should not altered.

Note – it enables the connectivity between the private internal network and Internet applications which use encryption technique for the security purpose. For this purpose it generates the automatic configuration of IP addressing and other IP parameters while transforming data.

After the study of other algorithms now a new algorithm is required which is much secured and the proposed outline identifies the trusted users who sends message to the destination and look at on activities of users to prevent hidden, denial of service and unauthorized access from them. For establishing the initial confidence level and prove their authenticity, at the user end each and every user is assumed to get registered and a validate registration number is assigned to them. After this process a user is able to access the services. This work proposes an Algorithm for data security in VPN. After analyzing the problems of related algorithm. Every incoming request at the destination end point, the data will go through the process of this algorithm and decryption key, this will secure the message. This algorithm can be summarized as below:

User name: Encrypt

{

Allotted key Inputs from calling process:

USER AUTHENTICATION msg_Aun[n] n*16 bits,

n > 1 Inputs from internal stored data:

AUN_KEY[0-8] 16 bits Outputs to calling process:

msg_Out[n] n*16 bits Outputs to internal stored data:

Decrypted Msg Secured msg None.

This algorithm encrypts and decrypts messages that are of length n*16 Bits,

where n > 1.

Decryption is performed in the same manner as in encryption.

Conclusions / Imp. Findings :

On the basis of above algorithm the conclusion is that all the transferred data is secured at the destination end. But still it requires more updation for the security of data and encryption techniques.

Cipher text

it is the data in encrypted format or unreadable format

Encipher

it is the way of transforming data into an unreadable format

Decipher

it is the way of transforming data into a readable format

Plaintext

It is readable format of data, it is also referred to as clear text

Work factor

it is the Estimate time, effort, and resources necessary to break a cryptosystem

This algorithm is a probabilistic algorithm which takes any input, and produces a four output (A, B C, D), where

(i) B is a positive integer such that vfxz (b, (p − 1) (q − 1) (r-1)) = max value, and

(ii) A is an integer that is the product of three primes p, r, q of similar length, with p 2= q, (iii) C is a positive integer such that a.b. d _ 1 (mod _ (n)), where _ (a) is the least common Multiple of (p − 1), (r-1), and (q − 1).

The algorithm produces such output that fulfills most of the condition and the graph is given for this algorithm. The output distribution of key generation algorithm depends on the particular algorithm.

On the basis of above algorithm we can conclude that all the protocols can justify but still there can be some problems along with it for the data security. It still needs some requirements and in next paper we will conclude algorithm with some more changes.

Security issues

LAYER 2 PROTOCOL

LAYER 3 PROTOCOL

RELAIBILTY

YES

YES

KEY MANAGEMENT

LESS

MUCH SECURE

ENCRYPTION

YES

YES

AGAINST ATTACKS

CAN PROTECT

YES