Skip to main content
SpringerLink
Log in

Asymmetrical SSL Tunnel Based VPN

  • Conference paper
Parallel and Distributed Processing and Applications (ISPA 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4330))

  • 627 Accesses

Abstract

Asymmetric SSL Tunnel (AST) based Virtual Private Network is presented as a cheap solution for large scale SSL VPNs. In this solution, portion of SSL/TLS computational load is transferred to disengaged internal application servers, so that VPN server is no more the bottleneck of VPN system. This paper analyzes the performance advantage of asymmetric SSL tunnel over traditional SSL tunnel, and discusses the secret management scheme for AST, which can meet enhanced security requirement and synchronize cipher specs of multipoint. Finally, a kernel optimization algorithm was introduced. AST is implemented in OpenVPN, which is originally a stable traditional SSL VPN solution. Experiment shows that the overall throughput of OpenVPN can be greatly improved after AST adopted.

This work was supported by NSFC (No. 60373088).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gartner Company, http://www3.gartner.com

  2. Freier, A.O., Karlton, P.: The SSL Protocol Version 3.0 [EB/OL] (2004), http://wp.netscape.com/eng/ssl3/draft302.txt

  3. Dierks, T., Allen, C.: RFC2246: The TLS Protocol Version 1.0 (January 1999), http://www.ietf.org/rfc/rfc2246.txt

  4. Khanvilkar, S., Khokhar, A.: Virtual private networks: an overview with performance evaluation. Communications Magazine, IEEE 42(10), 146–154 (2004)

    Article  Google Scholar 

  5. Khanvilkar, S., Khokhar, A.: Experimental evaluations of Open-Source Linux-based VPN solutions. In: ICCCN 2004 (2004)

    Google Scholar 

  6. Apostolopoulos, G., Peris, V., Saha, D.: Transport layer security: how much does it really cost? In: INFOCOM 1999. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings., vol. 2, pp. 717–725. IEEE, Los Alamitos (1999)

    Chapter  Google Scholar 

  7. Di Santo, M., Ranaldo, N., Zimeo, E.: Kernel implementations of locality-aware dispatching techniques for Web server clusters. In: Proceedings of IEEE International Conference on Cluster Computing (CLUSTER 2003), pp. 154–162 (2003)

    Google Scholar 

  8. Kobayashi, M., Murase, T.: Asymmetric TCP splicing for content-based switches. In: Proceedings of IEEE International Conference on Communications (ICC 2002), vol. 2, pp. 1321–1326 (2002)

    Google Scholar 

  9. OpenVPN, http://www.openvpn.net

  10. dkftpbench, http://www.kegel.com/dkftpbench/

Download references

Author information

Authors and Affiliations

  1. Huazhong University of Science and Technology, Wuhan, 430074, China

    Jingli Zhou, Hongtao Xia, Jifeng Yu & Xiaofeng Wang

Authors
  1. Jingli Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hongtao Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jifeng Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaofeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200030, Shanghai, China

    Minyi Guo

  2. Department of Computer Science, St. Francis Xavier University, Antigonish, Canada

    Laurence T. Yang

  3. Dipartimento di Ingegneria dell’ Informazione - Second, University of Naples - Italy, Real Casa dell’Annunziata, via Roma, 29 81031, Aversa (CE), Italy

    Beniamino Di Martino

  4. Institute of Scientific Computing, University of Vienna, Nordbergstr. 15/C/3, A-1090, Vienna, Austria/JPL, Caltech, USA

    Hans P. Zima

  5. Computer Science Department, University of Tennessee, TN 37996-3450, Knoxville, USA

    Jack Dongarra

  6. Grid Computing Center, Shanghai Jiao Tong University, 800 Dongchuan Road, 200240, Shanghai, China

    Feilong Tang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhou, J., Xia, H., Yu, J., Wang, X. (2006). Asymmetrical SSL Tunnel Based VPN. In: Guo, M., Yang, L.T., Di Martino, B., Zima, H.P., Dongarra, J., Tang, F. (eds) Parallel and Distributed Processing and Applications. ISPA 2006. Lecture Notes in Computer Science, vol 4330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11946441_15

Download citation

  • DOI: https://doi.org/10.1007/11946441_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68067-3

  • Online ISBN: 978-3-540-68070-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation