Implementation of virtual private network using transport mode

Muayad Saleem Kod
Dr. Sufyan T. Faraj

Abstract : The impressive development of computer networks has reached the point where security becomes essential importance for every user and organization that want to exchange data in a secured way. Today, one of the latest secure communication methods for organizations that are motivated to reduce costs and increase services is the Virtual Private Network (VPN). The VPN mechanism is based on two newest technologies, IPSec and IKE where, IPSec is a suite of protocols used to protect information and IKE is a protocol to exchanged data. Two modes of the IPSec VPN are available: tunnel mode and transport mode; hence this thesis proposes an implementation for IPSec VPN transport mode. The transport mode has two techniques: ESP (Encapsulation Security Payload) which encrypts the payload of the IP packet and a portion of the ESP header and authenticates the IP payload, ESP header and a portion of the IP header, while the second one is the AH (Authentication header) which authenticates the whole IP packet. The transport mode technique used in this work is ESP that consists of the confidentiality part and the authentication part. In the confidentiality part that deals with encryption/decryption, the AES (Advanced Encryption Standard) Rijndael algorithm was used to implement it. While, in the authentication part, the SHA-1 (Secure Hash Algorithm) was used for implementation. The novel feature in these algorithms is the way of implementing them, where a driver compatible with the operating system is built to do that. This driver is to be installed in the TCP/IP stack thereby offering the appropriate security for each outbound IP packet. The type of this driver is NDIS (Network Driver Interface Speciation) Intermediate Driver that is located under the network layer in the hierarchy of the TCP/IP stack and this location enables the driver to provide the security for all exchanged data. This facilitates the use of Windows 2000 Server for the configuration and implementation of VPN.