Development of an Improved Application Specific Tunelling Protocol Selection Scheme for Site to Site Virtual Private Networks

Development of an Improved Application-Specific Tunneling Protocol Selection Scheme for Site to Site Virtual Private Networks.


This dissertation presents the development of an improved application-specific tunneling protocol selection scheme (iastpss) for a site-to-site virtual private network (VPN).

The aim is to develop an improved tunneling protocol selection scheme for site-to-site VPN that is application-specific, requiring security, bandwidth, and time sensitivity as a service for applications.

Astpss has been developed for security, bandwidth, and time-sensitive applications, but in the internet protocol security (ipsec) tunnel which is responsible for providing security as a service to applications,

the security algorithms used such as triple data encryption standard (3des) and message digest 5 (md5) are vulnerable to a couple of attacks that exposed the network to such attacks.

Therefore, iastpss was developed to address these attacks through configurations on the tunnel, security algorithms with longer block size and key length namely advanced encryption standard 256 (aes256), and secure hash algorithm 256 (sha256) that were optimized against these attacks.

All software, graphical network simulator3 (gns3), windows7 operating system (os), virtual personal computers (vpcs) and cisco internetworking operating system (ios) necessary for the emulation were set up in a virtual network environment running on ubuntu 14.04 long term space (lts) as host.

Considering security, bandwidth, and time sensitivity as application requirements in a site-to-site VPN testbed, two layer-3 tunneling protocols that met these requirements, ipsec and generic routing encapsulation (GRE) were deployed on the network developed in gns3.

Network performance was measured using throughput, latency, and round-trip time (rtt) as metrics. In the first stage of development in the ipsec tunnel, using these metrics, a trade-off of network performance for security occurred in iastpss in comparison to astpss due to the computational overhead involved in the encryption process of iastpss.

The second instance of iastpss was yet developed for the ipsec tunnel by using open shortest path first (ospf) routing protocol to improve route convergence time and scale up the network.

The effect of using ospf was seen in the improvement of the network performance in throughput by 1.62% with a corresponding reduction in latency and rtt by 12.58% and 9.25% respectively compared to the first instance of iastpss that was configured with ripv2.

Consequently, this made the second instance of iastpss also suitable for both bandwidth and time-sensitive applications besides security.

In the gre tunnel, iastpss outperformed astpss with an improvement in throughput by 10.90%, with a 17.08%, and 66.29% reduction in latency, and rtt respectively.


Background of Research

Virtual private networks (VPN) is a private but virtual network created in a public network. It allows the creation of private networks in a public network such as the Internet enabling privacy and tunneling of Internet protocol (IP) and non-IP networks (Shrivastava & Rizvi, 2014).

The Internet is not secured to guarantee the safety of data transmitted across it from source to destination for participating networks. This is because no layer provides security by default for transmitted packets, except with the intervention of an Internet service provider (ISP) through the provision of dedicated or leased lines.

Obtaining security through the use of these lines comes at a throat-cutting price to organizations. VPN offers this security at a minimal cost through the use of VPN tunneling protocols.

Tunneling, as seen in Fig: 1.1 relates to the process of wrapping data payload with the header information of a protocol, passing it through a tunnel across the network from source to destination. It involves data encapsulation, data transfer, and data de-encapsulation.

VPNs are used daily to give remote users and branch offices secured connectivity over the Internet through to the corporate headquarters instead of using leased or permanent lines.

Security services offered by VPN are confidentiality, authenticity, and data integrity to ensure transmitted data protection against interception by unauthorized persons (Ismoyo & Wardhani, 2016).


 Akamai Kaduk, B., & Short, M. (2018). Deprecate Triple-DES (3DES) and RC4 in Kerberos (pp. Pp 1-10): Internet Engineering Task Force (IETF)
Akinola, A. P., & Zhang, C. (2012). Tunnel comparison between Generic Routing Encapsulation (GRE) and IP Security (IPSec). (Project), Halmstad University, Hogskolan Halmstad.
Alharbi, A., Bahnasse, A., & Talea, M. (2017). A Comparison of VoIP Performance Evaluation on different environments Over VPN Multipoint Network. International Journal of Computer Science and Network Security (IJCSNS), 17(4), 123.
Alshalan, A., Pisharody, S., & Huang, D. (2016). A survey of mobile VPN technologies. IEEE Communications Surveys & Tutorials, 18(2), 1177-1196.
Asadi Eskandar, A., R. Syed, M., & Zarei.M, B. (2015). Performance Analysis of VOIP over GRE Tunnel. International Journal of Computer Network and Information Security, 7(12), 1-9. doi: 10.5815/ijcnis.2015.12.01
Barker, E., Feldman, L., & Witte, G. (2017). Information Technology Laboratory Guidance on Triple Data Encryption Algorithm Block Ciphers. National Institute of Standards and Technology, 2(800-67), 4.

Comments are closed.

Hey Hi

Don't miss this opportunity

Enter Your Details