IPSec VPNon a Android Phone

Group 1

Avinash BhashyamAxel Christiansen

Group Project Description• Internet Protocol Security (IPsec) is a framework

of open standards for ensuring private communication over the virtual public network.

• The goal of the project is to create a Virtual Private Network(VPN) using IPsec on a Android phone.

Android System Architecture

Tasks allocation

• Avinash Bhashyam– Research (50%)– Programing (75%)– Report (25%)

• Axel Christiansen– Research (50%)– Programing (25%)– Report (75%)

Technical Details• Confidentiality is provided by using Ipsec encryption

over a VPN Network. • Integrity checking is to be provided by using the

HMAC-MD5.• Authentication is provided by the pre-shared keys and

Digital Signatures.• Reply protection and the access control are to provide

by periodically changing the pre-shared keys. The key exchange can be performed using the IKE-v2 protocol.

Technical Details (Cont.)• The VPN can be setup in the following manner:

– Android Phone to Android Phone– This where the Calling Android Phone is the control

for the VPN.• Software,: StrongSwan 4.5, Linux, Android 2.0

Emulator and Android SDK,.– C compiler.

• Hardware : Basic Computer with network conative and Android Phone.

IKEv2 Peer-to-Peer NAT-Traversal for IPsec Over VPN

MediationConnection

Ref: Andreas Steffen, 27.10.2009, LinuxKongress2009.ppt

Mediation Client

Mediation Client

Mediated Connection

IKEv2

IKEv2IKEv2

MediationConnection

MediationConnection

Android Smart Phone Wireless Tower

IKEv2=Internet Key Exchange version 2

Android Smart PhoneWireless Tower

Direct ESP Tunnel using NAT-Traversal

End-to-end VPN Usage Scenarios

Ref: Andreas Steffen, 27.10.2009, LinuxKongress2009.ppt 47

Site-to-site and remote-access VPNs

Compute workstation

Computer

VPN Gateway

VPN Gateway

Android smart phoneWireless

tower

Internet cloudWireless server

and VPN gateway

Road WarriorVPN Client

· strongSwan is an Internet Key Exchange daemon needed to automatically set up IPsec-based VPN connections.

Risks and Benefits • Novel aspects of this project:• Setting up a IPsec VPN from mobile phones• Risks/challenges:• Processing power of the mobile is much lower than that of

a traditional computer.• Flaws in algorithms,software or configuration setting can be

exploited by attackers• Potential applications & benefits:• Data can be communicated securely over public networks.• Sophisticated Mobile Apps can be developed.

Tasks Accomplished by Now

• IPSec Software has been incorporated in to the android phone.

• Demo is setup and ready to go.

Conclusion

• Successful implementation of the project has the potential to led to developing Sophisticated mobile applications.

• Project may lead to a potential public application.

Demo

• A project Demo using Virtual Terminals and Virtual Gateway.

Virtual Gateway

Virtual Terminals Virtual Terminal

VPN with IPsec

References

• [1] Xenakis, Christos, Merakos, Merakos (2004) Security and Performance in Wireless and Mobile Networks, Returner on March 3, 2011 from Computer Communications Volume 27, Issue 17, 1 November 2004, Pages 1693-1708

• [2] Andreas Steffen, 27.10.2009,

LinuxKongress2009.ppt

End of Slide presentation

Are there any questions about the project ???