IPSec VPNon a Android Phone
Group 1
Avinash BhashyamAxel Christiansen
Group Project Description• Internet Protocol Security (IPsec) is a framework
of open standards for ensuring private communication over the virtual public network.
• The goal of the project is to Use IPsec to create a Virtual Private Network(VPN) on a Android phone.
Tasks allocation
• Avinash Bhashyam– Research (50%)– Programing (75%)– Report (25%)
• Axel Christiansen– Research (50%)– Programing (25%)– Report (75%)
Technical Details• Confidentiality is provided by using Ipsec encryption
over a VPN Network. • Integrity checking is to be provided by using the
HMAC-MD5.• Authentication is provided by the pre-shared keys and
Digital Signatures.• Reply protection and the access control are to provide
by periodically changing the pre-shared keys. The key exchange can be performed using the IKE-v2 protocol.
Technical Details (Cont.)• The VPN can be setup in the following manner:
– Android Phone to Android Phone– This where the Calling Android Phone is the control
for the VPN.• Software,: StrongSwan 4.5, Linux, Android 2.0
Emulator and Android SDK,.– C compiler.
• Hardware : Basic Computer with network conative and Android Phone.
IKEv2 Peer-to-Peer NAT-Traversal for IPsec Over VPN
MediationConnection
Direct ESP Tunnel using NAT-Traversal
Ref: Andreas Steffen, 27.10.2009, LinuxKongress2009.ppt
Mediation ClientMediation Client
Mediated Connection
IKEv2
IKEv2IKEv2
MediationConnection
MediationConnection
Android Smart Phone
Wireless Tower
IKEv2=Internet Key Exchange version 2
End-to-end VPN Usage Scenarios
Ref: Andreas Steffen, 27.10.2009, LinuxKongress2009.ppt 47
Site-to-site and remote-access VPNs
Compute workstation
Computer
VPN Gateway
VPN Gateway
Android smart phoneWireless
tower
Internet cloudWireless server
and VPN gateway
Road WarriorVPN Client
· strongSwan is an Internet Key Exchange daemon needed to automatically set up IPsec-based VPN connections.
Risks and Benefits • Novel aspects of this project:• Setting up a IPsec VPN from mobile phones• Risks/challenges:• Processing power of the mobile is much lower than that of
a traditional computer.• Flaws in algorithms,software or configuration setting can be
exploited by attackers• Potential applications & benefits:• Data can be communicated securely over public networks.• Sophisticated Mobile Apps can be developed.
Tasks Accomplished by Now
• Software has been incorporated in to the android phone.
• Demo has been somewhat setup.
Conclusion
• Successful implementation of the project has the potential to led to developing Sophisticated mobile applications.
• Project may lead to a potential public application.
Demo
• A project Demo using Virtual Terminals and VPN gateway.
References
• [1] Xenakis, Christos, Merakos, Merakos (2004) Security and Performance in Wireless and Mobile Networks, Retruner on March 3, 2011 from Computer Communications Volume 27, Issue 17, 1 November 2004, Pages 1693-1708
• [2] Andreas Steffen, 27.10.2009,
LinuxKongress2009.ppt
End of Slide presentation
Are there any questions about the project ???