Skip to main content
SpringerLink
Log in

Alternative Schemes for Dynamic Secure VPN Deployment in UMTS

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Three alternative schemes for secure Virtual Private Network (VPN) deployment over the Universal Mobile Telecommunication System (UMTS) are proposed and analyzed. The proposed schemes enable a mobile node to voluntarily establish an IPsec-based secure channel to a private network. The alternative schemes differ in the location where the IPsec functionality is placed within the UMTS network architecture (mobile node, access network, and UMTS network border), depending on the employed security model, and whether data in transit are ever in clear-text, or available to be tapped by outsiders. The provided levels of privacy in the deployed VPN schemes, as well as the employed authentication models are examined. An analysis in terms of cost, complexity, and performance overhead that each method imposes to the underlying network architecture, as well as to the mobile devices is presented. The level of system reliability and scalability in granting security services is presented. The VPN management, usability, and trusted relations, as well as their behavior when a mobile user moves are analyzed. The use of special applications that require access to encapsulated data traffic is explored. Finally, an overall comparison of the proposed schemes from the security and operation point of view summarizes their relative performance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. 3GPP TS 23.002 (v3.6.0), “Network Architecture”, Release '99, Sept. 2002.

  2. B. Gleeson, A. Lin, J. Heinanen, G. Armitage, and A. Malis, “A Framework for IP Based Virtual Private Networks”, RFC 2764, Feb. 2000.

  3. S. Kent and R. Atkinson, “Security Architecture for the Internet Protocol”, RFC 2401, Nov. 1998.

  4. D. Harkins and D. Carrel, “The Internet Key Exchange (IKE)”, RFC 2409, Nov. 1998.

  5. B. Aboda and W. Dixon, “IPsec-Network Address Translation (NAT) Compatibility Requirements”, RFC 3715, March 2004.

  6. GSM 03.60, “GPRS Service Description”, Stage 2, 1998.

  7. 3GPP TS 23.060 (v3.16.0), “GPRS Tunneling Protocol (GTP) Across the Gn and Gp Interface”, Release '99, March 2003.

  8. A. Huttunen et al., “UDP Encapsulation of IPsec Packets”, draft-ietf-ipsec-udp-encaps-09.txt, Internet Draft, May 2004.

  9. 3GPP TS 24.008 (v3.15.0), “Mobile Radio Interface Layer 3 Specification; Core Network Protocols – Stage 3”, Release '99, March 2003.

  10. C. Xenakis, E. Gazis, and L. Merakos, “Secure VPN Deployment in GPRS Mobile Network”, in Proc. European Wireless 2002, Florence Italy, pp. 293–300, Feb. 2002.

  11. C. Xenakis and L. Merakos, “Dynamic Network-Based Secure VPN Deployment in GPRS”, in Proc. PIMRC 2002, Lisboa, Portugal, pp. 1260–1266, Sept. 2002.

  12. C. Xenakis and L. Merakos, “On Demand Network-Wide VPN Deployment in GPRS”, IEEE Network, Vol. 16, No. 6, pp. 28–37, Nov/Dec. 2002.

    Google Scholar 

  13. 3GPP TS 25.331 (v3.14.0), “Radio Resource Control (RRC) Protocol Specification”, Release '99, March 2003.

  14. 3GPP TS 25.321 (v3.15.0), “Medium Access Control (MAC) Protocol Specification”, Release '99, March 2003.

  15. T. Kivinen et al., “Negotiation of NAT-Traversal in the IKE”, draft-ietf-ipsec-t-ike-08.txt, Internet Draft, Feb. 2004.

  16. 3GPP TS 25.323 (v3.10.0), “Packet Data Convergence Protocol (PDCP) Specification”, Release '99, Sept. 2002.

  17. 3GPP TS 25.322 (v3.15.0), “Radio Link Control (RLC) Protocol Specification”, Release '99, Dec. 2002.

  18. 3GPP TS 25.301 (v3.11.0), “Radio Interface Protocol Architecture”, Release '99, Sept. 2002.

  19. E. Danielyan, “Goodbye DES, Welcome AES”, Cisco The Internet Protocol Journal, Vol. 4, No. 2, pp 15–21, June 2001.

    Google Scholar 

  20. W. Diffie and M.E. Hellman, “New Directions in Cryptography”, IEEE Trans. Info. Theory, Vol. 22, pp. 644–654, Nov 1976.

    MathSciNet  Google Scholar 

  21. V. Gupta and S. Gupta, “Securing the Wireless Internet”, IEEE Communications Magazine, Vol. 39, No. 12, pp. 68–74, Dec. 2001.

    Article  Google Scholar 

  22. K. Lam et al., “Lightweight Security for Mobile Commerce Transactions”, Computer Communications, Vol. 26, No. 18, pp. 2052–2060, Dec. 2003.

    Article  Google Scholar 

  23. C. Xenakis and L. Merakos, “Security in Third Generation Mobile Networks”, Computer Communications, Vol. 27, No. 7, pp. 638–650, May 2004.

    Article  Google Scholar 

  24. ETSI, Universal Mobile Telecommunication System (UMTS); Selection Procedures for the Choice of Radio Transmission Technologies of the UMTS, Technical Report TR 101 112 v3.2.0, 1998.

  25. Wireless Application Forum (WAP), WAP specifications, URL: http://www.wapforum.org/what/technical.htm.

  26. R. Rivest, A. Shamir, and L.M. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Commun. ACM, Vol. 21, pp. 120–126, Feb. 1978.

    Article  MathSciNet  Google Scholar 

  27. W. Itani and A. Kayssi, “SPECSA: A Scalable, Policy-Driven, Extensible, and Customizable Security Architecture for Wireless Enterprise Applications”, Computer Communications, Vol. 27, No. 18, pp. 1825–1839, Dec. 2004.

    Article  Google Scholar 

  28. J. Al-Muhtadi, D. Mickunas, and R. Campbell, “A Lightweight Reconfigurable Security Mechanism for 3G/4G Mobile Devices”, IEEE Wireless Communications, Vol. 9, No. 2, pp. 60–65, April 2002.

    Google Scholar 

  29. W. Itani and A. Kayssi, “J2ME End-to-End Security for M-commerce”, in Proc. IEEE Wireless Communications and Networking Conference 2003.

  30. P.M. Feder, N.Y. Lee, and S. Martin-Leon, “A Seamless Mobile VPN Data Solution For UMTS and WLAN Users”, in Proc. 4th International Conference on 3G Mobile Communication Technologies, pp. 217–221, June 2003.

Download references

Author information

Authors and Affiliations

  1. Communication Networks Laboratory Department of Informatics & Telecommunications, University of Athens, 15784, Athens, Greece

    Christos Xenakis & Lazaros Merakos

Authors
  1. Christos Xenakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lazaros Merakos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christos Xenakis.

Additional information

Christos Xenakis received his B.Sc. degree in computer science in 1993 and his M.Sc. degree in telecommunication and computer networks in 1996, both from the Department of Informatics and Telecommunications, University of Athens, Greece. In 2004 he received his Ph.D. from the University of Athens (Department of Informatics and Telecommunications). From 1998–2000 was with the Greek telecoms system development firm Teletel S.A., where was involved in the design and development of advanced telecommunications subsystems for ISDN, ATM, GSM, and GPRS. Since 1996 he has been a member of the Communication Networks Laboratory of the University of Athens. He has participated in numerous projects realized in the context of EU Programs (ACTS, ESPRIT, IST). His research interests are in the field of mobile/wireless networks, security and distributed network management. He is the author of over 15 papers in the above areas.

Lazaros Merakos received the Diploma in electrical and mechanical engineering from the National Technical University of Athens, Greece, in 1978, and the M.S. and Ph.D. degrees in electrical engineering from the State University of New York, Buffalo, in 1981 and 1984, respectively. From 1983 to 1986, he was on the faculty of Electrical Engineering and Computer Science at the University of Connecticut, Storrs. From 1986 to 1994 he was on the faculty of the Electrical and Computer Engineering Department at Northeastern University, Boston, MA. During the period 1993–1994 he served as Director of the Communications and Digital Processing Research Center at Northeastern University. During the summers of 1990 and 1991, he was a Visiting Scientist at the IBM T. J. Watson Research Center, Yorktown Heights, NY. In 1994, he joined the faculty of the University of Athens, Athens, Greece, where he is presently a Professor in the Department of Informatics and Telecommunications, and Director of the Communication Networks Laboratory (UoA-CNL) and the Networks Operations and Management Center. His research interests are in the design and performance analysis of broadband networks, and wireless/mobile communication systems and services. He has authored more than 150 papers in the above areas. Since 1995, he is leading the research activities of UoA-CNL in the area of mobile communications, in the framework of the Advanced Communication Technologies & Services (ACTS) and Information Society Technologies (IST) programmes funded by the European Union (projects RAINBOW, Magic WAND, WINE, MOBIVAS, POLOS, ANWIRE). He is chairman of the board of the Greek Universities Network, the Greek Schools Network, and member of the board of the Greek Research Network. In 1994, he received the Guanella Award for the Best Paper presented at the International Zurich Seminar on Mobile Communications.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Xenakis, C., Merakos, L. Alternative Schemes for Dynamic Secure VPN Deployment in UMTS. Wireless Pers Commun 36, 163–194 (2006). https://doi.org/10.1007/s11277-006-8864-9

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-006-8864-9

Keywords

Search

Navigation