IPsec-based end-to-end VPN deployment over UMTS

Quantified Score

Visualization

Abstract

Next generation mobile users require flexible security mechanisms, which provide customized security services to data traffic, take into account end-user mobility and mobile network characteristics, and are available anywhere-anytime. An IPsec-based end-to-end Virtual Private Network (VPN) deployment scheme over the Universal Mobile Telecommunication System (UMTS) is proposed and analysed. The UMTS infrastructure provides the mobile users with access to public Internet, and allows them to employ IPsec tunnels to traverse firewalls, access private networks, and convey sensitive data securely. The VPN functionality is integrated in the communicating peers, which negotiate and apply security. For VPN establishment the Internet Key Exchange (IKE) protocol is employed, which has to operate in a mobile UMTS environment, where Network Address Translation (NAT) is used. The proposed scheme has minimal impact on the existing network infrastructure, but it requires that each mobile station have the appropriate IPsec software. Security features may have an adverse effect on aspects of quality of service offered to the end-users and the system capacity. The computational cost and the space overhead that the security protocols and algorithms impose on the lightweight end-user devices, as well as on the underlying network architecture are analysed. Simulation results quantify the relative throughput-delay performance penalty of the different security policy options, and can be used for designing security policy configurations that strike the desired balance between security and performance.