1 / 14

VTCP/Secure: A Remote VPN for the Macintosh

VTCP/Secure: A Remote VPN for the Macintosh. Stacey Lum, InfoExpress The Third Annual Macintosh Cryptography and Internet Commerce Software Development Workshop. Remote VPN Definition. Corporate Network. Provide Secure Remote Access Over Untrusted Networks

garan
Download Presentation

VTCP/Secure: A Remote VPN for the Macintosh

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VTCP/Secure: A Remote VPN for the Macintosh Stacey Lum, InfoExpressThe Third Annual Macintosh Cryptography and Internet Commerce Software Development Workshop

  2. Remote VPN Definition CorporateNetwork Provide Secure Remote Access Over Untrusted Networks Secure Usually MeansEncryption Data IntegrityAuthenticationAccess Control Gateway UntrustedNetwork Remote PC

  3. Remote VPN Environments • ISDN, Cable Modem, DSL, 56k Dial-up • Network Address Translation (NAT) • Single and Multiple IP at NAT Device • Extranet Capabilities • Remote Firewall • Proxy Traversal

  4. Remote VPN Features • Performance • Ease of Use • Application Compatibility • TCP and UDP • ICMP • File Sharing • Non-IP Protocol Applications

  5. Where to Filter Data? • Need to Intercept Network Calls • Characteristics of VPN Differs Depending on Which Layer is Intercepted

  6. Layer 3 Advantages Application • Compatibility Above IP • Can be IPSEC Compliant • Gateway Performance TCP/UDP IP NIC,Modem

  7. Layer 4 Advantages Application • Media and OS Compatibility (Ethernet, Dial-up) • Extranet, NAT, and Proxy Friendly • End User Performance TCP/UDP IP NIC,Modem

  8. Mac Layer 4 Filtering OT App • STREAMS Filtering • TCP + UDP (Autopush) • DNS (SAD Push) • Tunneling Component • OT GUI Application • Encryption and Integrity • Authentication TCP UDP IP NIC,Modem

  9. Security Model Authentication Server Shared Key Gateway Gateway Public Key Client

  10. Diffie-Hellman Public Key • Royalty Free • Based on Discrete Logarithms • Simple Math • Gxy mod P = Gyx mod P • n is hard to calculate from (Gn modulus P) with certain values of P and G • Private key: nPublic key: (Gn modulus P)

  11. Standard D-H Exchange Gateway Mac Client UntrustedNetwork Contents o Server public key Contents o Server public keyo Server private key Create DH key pairSend public key Calculate D-Hsecret key usingserver’s private key & client’s public key Calculate D-Hsecret key usingclient’s private key & server’s public key Encrypted Authentication

  12. Extended D-H Exchange with Past Secrecy Gateway Mac Client UntrustedNetwork Contents o Server public key Contents o Server public keyo Server private key Generate two D-H key pairs andsend public keys Generate D-Hkey pair andsend public key Calculate D-H usingclient’s private keys &server’s public keys Calculate D-H usingserver’s private key &client’s public keys Encrypted Authentication

  13. Symmetric Key For Encryption • Compression for Performance (LZ) • Crypto Checksum for Integrity (MD5) • Initialization Vector for Sequencing • Encryption (DES, and Triple DES) • Chain Messages > Block Length (CBC)

  14. Demo • Diffie-Hellman Key Exchange • DES Encryption • Authentication using SecurID • Download File

More Related