Transcript Secure and Manageable Virtual Private Networks for End

Secure and Manageable
Virtual Private Networks
for End-users
K. Kourai (Tokyo Institute of Technology)
T. Hirotsu K. Sato O. Akashi
K. Fukuda T. Sugawara (NTT)
S. Chiba (Tokyo Institute of Technology)
Multi-homing by VPNs
 Each host deals with
multiple networks

corporate
network
ISP
LAN, VPNs
 End-users use VPNs for
more security


for each end-user
for each user’s activity

VPN2
VPN1
business mail, private mail,
shopping site
LAN
Problem 1:
uncontrollable information flow
 Information flow is mixed
among VPNs and a LAN

corporate
network
ISP
through multi-homed hosts
 Private information may be
leaked

at the network layer


VPN1
via a single routing table
at the application layer

via file systems or
processes’ memory
LAN
VPN2
Problem 2:
IP addressing conflict
 IP addressing may be overlapped
among VPNs and a LAN

private IP addresses
192.168.0.1
 Unintended routing

conflict, misuse, abuse
VPN
192.168.0.1
Assigning unique IP addresses
for every network is not realistic
LAN
networks are connected
at the points of multi-homed hosts
Personal network
 Personal network integrates:


a VPN
per-VPN execution
environments of hosts


called portspaces
single-homed
 Closed network


web
server
personal
network
mail
server
VPN
VPNs are exclusive
Portspaces are exclusive
web browser
mail client
Features
 Separation of networking activities

Information flow is confined



Network routing is separated
File systems and processes are separated
Independent network management is provided

IP addressing is closed
 Easy bootstrapping

End-users can construct
personal networks easily
Portspace
 A portspace is a virtualized host


only one VPN
independent namespaces for network, files,
and processes
 base environment


portspace
pseudo portspace
base network (LAN)
VPN
process
network
stack
file system
LAN
Namespace for network
 IP address

End-users can use the same IP address with
the base environment
 Protocol control blocks

End-users can use the same port numbers
used in the base environment
 Routing table
VPN1
httpd
IP 192.168.0.1
port 80
 VPN configuration
VPN2
IP 192.168.0.1
port 80
httpd
Namespaces for files/processes
 Namespace for files


Processes can access only files in the
portspace
End-users can prepare configuration files to
perform their own network management

resolv.conf, host.conf
 Namespace for processes

This namespace prevents process interaction
from the other portspaces

IPC, shared memory, signal
Inheritance
 Inheritance


network services
 Requests are forwarded to
the super-portspace
file system
 Read from super-portspace
 Write to sub-portspace
request
sub-portspace
write
reply
forward
 overriding/hiding


network services
files
read
server
process
super-portspace
Inheritance problem
 Unintended information flow may occur via a
super-portspace


The super-portspace becomes multi-homed
Personal networks using the super-portspace
are not independent
forward
personal
network
information
super-portspace
flow
Chinese Wall security model
 Membership control

A portspace can join a personal network
only if:

The portspace’s information does not conflict with
the personal network's
join
inherit
personal
network
Chinese
Wall
Implementation
 We implemented based on FreeBSD 4.7


IPsec for VPNs
union file system for inheritance
 How to communicate between portspaces
routing
table
IPsec
database
routing
table
sender’s host
PCB
list
SPI
SPI-portspace
table
receiver’s host
Experiments
 We measured overheads of personal networks

Benchmark programs


3 network constructions



Netperf, ApacheBench
base network with IPsec
personal network without/with inheritance
Environments



2 PCs (Pentium III-S 1.4GHz, Intel Pro/100+)
connected via a 100baseT Ethernet switch
no encryption/authentication for IPsec
Result: Netperf
Round-trip latency (us)
Throughput (Mbps)
95
140
94
135
93
130
92
125
91
120
90
TCP
UDP
base network + IPsec
personal network
personal network + inheritance
TCP
UDP
latency increase: 1.5%
throughput decline: 0.1%
inheritance overhead: 0.2%
Result: ApacheBench
Performpance (requests/sec)
5000
 web server
 thttpd
4000
 request
 an HTML file of 0 byte
3000
2000
1
2
3
4
5
concurrency
6
base network + IPsec
personal network + inheritance
personal network
 overhead
 3.9%
Related work: virtual networks
 Virtual Internets [Touch’02]

An internal router controls the connection
between environments and virtual networks


for fault-tolerance and persistence
not for security
 Router partitioning [Lim’01, Scandarioato’02]

VPNs and routing are incorporated at routers


Routers provide per-VPN routing tables
only at the network layer
Related work: virtual hosts
 There are various virtual host techniques



FreeBSD jail
Clonable network stack [Zec’03]
Virtual machine [VMware]
 Differences


Virtual hosts do not cooperate with virtual
networks
Virtual hosts are not independent of the base
environment
Conclusion
 We proposed personal networks

A personal network integrates a VPN and
portspaces



separation of information flow
independent network management
Portspaces inherit services and file systems
 Future work


loosening the Chinese Wall security model
QoS support for personal networks