Secure and Manageable Virtual Private Networks for End
Download
Report
Transcript Secure and Manageable Virtual Private Networks for End
Secure and Manageable
Virtual Private Networks
for End-users
K. Kourai (Tokyo Institute of Technology)
T. Hirotsu K. Sato O. Akashi
K. Fukuda T. Sugawara (NTT)
S. Chiba (Tokyo Institute of Technology)
Multi-homing by VPNs
Each host deals with
multiple networks
corporate
network
ISP
LAN, VPNs
End-users use VPNs for
more security
for each end-user
for each user’s activity
VPN2
VPN1
business mail, private mail,
shopping site
LAN
Problem 1:
uncontrollable information flow
Information flow is mixed
among VPNs and a LAN
corporate
network
ISP
through multi-homed hosts
Private information may be
leaked
at the network layer
VPN1
via a single routing table
at the application layer
via file systems or
processes’ memory
LAN
VPN2
Problem 2:
IP addressing conflict
IP addressing may be overlapped
among VPNs and a LAN
private IP addresses
192.168.0.1
Unintended routing
conflict, misuse, abuse
VPN
192.168.0.1
Assigning unique IP addresses
for every network is not realistic
LAN
networks are connected
at the points of multi-homed hosts
Personal network
Personal network integrates:
a VPN
per-VPN execution
environments of hosts
called portspaces
single-homed
Closed network
web
server
personal
network
mail
server
VPN
VPNs are exclusive
Portspaces are exclusive
web browser
mail client
Features
Separation of networking activities
Information flow is confined
Network routing is separated
File systems and processes are separated
Independent network management is provided
IP addressing is closed
Easy bootstrapping
End-users can construct
personal networks easily
Portspace
A portspace is a virtualized host
only one VPN
independent namespaces for network, files,
and processes
base environment
portspace
pseudo portspace
base network (LAN)
VPN
process
network
stack
file system
LAN
Namespace for network
IP address
End-users can use the same IP address with
the base environment
Protocol control blocks
End-users can use the same port numbers
used in the base environment
Routing table
VPN1
httpd
IP 192.168.0.1
port 80
VPN configuration
VPN2
IP 192.168.0.1
port 80
httpd
Namespaces for files/processes
Namespace for files
Processes can access only files in the
portspace
End-users can prepare configuration files to
perform their own network management
resolv.conf, host.conf
Namespace for processes
This namespace prevents process interaction
from the other portspaces
IPC, shared memory, signal
Inheritance
Inheritance
network services
Requests are forwarded to
the super-portspace
file system
Read from super-portspace
Write to sub-portspace
request
sub-portspace
write
reply
forward
overriding/hiding
network services
files
read
server
process
super-portspace
Inheritance problem
Unintended information flow may occur via a
super-portspace
The super-portspace becomes multi-homed
Personal networks using the super-portspace
are not independent
forward
personal
network
information
super-portspace
flow
Chinese Wall security model
Membership control
A portspace can join a personal network
only if:
The portspace’s information does not conflict with
the personal network's
join
inherit
personal
network
Chinese
Wall
Implementation
We implemented based on FreeBSD 4.7
IPsec for VPNs
union file system for inheritance
How to communicate between portspaces
routing
table
IPsec
database
routing
table
sender’s host
PCB
list
SPI
SPI-portspace
table
receiver’s host
Experiments
We measured overheads of personal networks
Benchmark programs
3 network constructions
Netperf, ApacheBench
base network with IPsec
personal network without/with inheritance
Environments
2 PCs (Pentium III-S 1.4GHz, Intel Pro/100+)
connected via a 100baseT Ethernet switch
no encryption/authentication for IPsec
Result: Netperf
Round-trip latency (us)
Throughput (Mbps)
95
140
94
135
93
130
92
125
91
120
90
TCP
UDP
base network + IPsec
personal network
personal network + inheritance
TCP
UDP
latency increase: 1.5%
throughput decline: 0.1%
inheritance overhead: 0.2%
Result: ApacheBench
Performpance (requests/sec)
5000
web server
thttpd
4000
request
an HTML file of 0 byte
3000
2000
1
2
3
4
5
concurrency
6
base network + IPsec
personal network + inheritance
personal network
overhead
3.9%
Related work: virtual networks
Virtual Internets [Touch’02]
An internal router controls the connection
between environments and virtual networks
for fault-tolerance and persistence
not for security
Router partitioning [Lim’01, Scandarioato’02]
VPNs and routing are incorporated at routers
Routers provide per-VPN routing tables
only at the network layer
Related work: virtual hosts
There are various virtual host techniques
FreeBSD jail
Clonable network stack [Zec’03]
Virtual machine [VMware]
Differences
Virtual hosts do not cooperate with virtual
networks
Virtual hosts are not independent of the base
environment
Conclusion
We proposed personal networks
A personal network integrates a VPN and
portspaces
separation of information flow
independent network management
Portspaces inherit services and file systems
Future work
loosening the Chinese Wall security model
QoS support for personal networks