Virtual Private Networks for mobile environments. Development of protocol for mobile security and algorithms for location update.

• Main Author: Tzvetkov, Vesselin Dimitrov
• Format: Others
• Language: English; en
• Published: 2010
• Online Access: http://tuprints.ulb.tu-darmstadt.de/2058/1/M-VPN_20100218.pdf; Tzvetkov, Vesselin Dimitrov <http://tuprints.ulb.tu-darmstadt.de/view/person/Tzvetkov=3AVesselin_Dimitrov=3A=3A.html> : Virtual Private Networks for mobile environments. Development of protocol for mobile security and algorithms for location update. Technische Universität, Darmstadt [Ph.D. Thesis], (2010)

The classical networks for broadcast, telephony and data are converging to services on the Next Generation Networks (NGN), which are introduced by all major Service Providers (SP). Major requirements on the future IP network are security and mobility, which are reflection of the Internet’s importance and wide use of portable smart devices. Secure IP mobility is the focus of this thesis, i.e. how the user can move through different access networks whilst maintaining uninterrupted and secure IP communication. In particular, the remote access (corporate access) is the prime task, thus remote clients connect to central gateway, where corporate IP address or LAN segments are assigned. The corporate access requires naturally high level of security to protect against competitors. The security must cover the application data and mobile protocol signalling. This thesis targets an implementable solution for IPv4 and IPv6. It must integrate in the existing Service Provider infrastructure, like tunnelling devices (BRAS), AAA, Load Sharing, High Availability, Firewalls, PKI, monitoring, and administration etc. The existing approaches, like for example: Mobile IP with IPSec, MOBIKE, Proxy Mobile IP, are presented and analysed at first stage. The existing solutions fall short in many areas like: not considering NAT devices, not compatible to multi-homed hosts, without session tracking protection, problems with anti-spoofing rules performed by Internet Providers etc. A major deficit of all existing solutions is that the network parameters are updated at constant intervals. Neither the frequency of the host movements nor the network properties are considered by the update. This leads to underperformance regarding to the network load and convergence time due to disconnection. In this thesis, a new protocol family is developed, called Mobile VPN (M-VPN). The M-VPN consists of three sub protocols: Mobile Key Exchange (M-KE), Mobile Secure Encapsulation (M-SE), Mobile Location Update (M-LU). There are two major parts in this work: (1) engineering development of M-SE and M-KE for mobile IP security, and (2) mathematical algorithms (M-LU) for optimisation of the updates in mobile networks. Both parts build a complete view of the remote corporate access in mobile environments. The M-KE and M-SE have novel characteristics like mobility during the session negotiation through polling and caching, protection against location tracking through pseudo random header values and overlay dynamic topologies through network resources discovery. The principal idea in M-LU is to make the update interval proportional to the probability of disconnection. The updates are frequent in the timeframe with a high probability of disconnection and vice versa. The probability density function is built using the history of past changes in the parameters. The classical estimation methods cannot be used in a straightforward way in M-LU, since they require numerical values as result from a measurement. Unfortunately, the update procedure delivers only Boolean values and namely if the IP/UDP parameters have changed. The developed M-LU protocol creates three novel frameworks representing comprehensive and primitive solutions of the problem, thus stochastic, subjective and analytical. They are based on (1) sequential Monte Carlo in Particle filter, (2) Adaptive Fuzzy controller and (3) extended Kalman filter. A proof of concept on Mobile Location Update protocol is achieved through simulation on Matlab 7.0. The results show clear outperformance of new methods against the constant interval. The novel framework can also be implemented in various protocols like IPSec, SIP or Mobile IP etc.