Quality, Reliability, Security and Robustness in Heterogeneous Systems. 17th EAI International Conference, QShine 2021, Virtual Event, November 29–30, 2021, Proceedings

Research Article

Avoiding VPN Bottlenecks: Exploring Network-Level Client Identity Validation Options

Download
7 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-030-91424-0_17,
    author={Yu Liu and Craig A. Shue},
    title={Avoiding VPN Bottlenecks: Exploring Network-Level Client Identity Validation Options},
    proceedings={Quality, Reliability, Security and Robustness in Heterogeneous Systems. 17th EAI International Conference, QShine 2021, Virtual Event, November 29--30, 2021, Proceedings},
    proceedings_a={QSHINE},
    year={2021},
    month={11},
    keywords={Virtual private networks Access control Software-defined networking Residential networks Carrier-grade NAT},
    doi={10.1007/978-3-030-91424-0_17}
}
  • Yu Liu
    Craig A. Shue
    Year: 2021
    Avoiding VPN Bottlenecks: Exploring Network-Level Client Identity Validation Options
    QSHINE
    Springer
    DOI: 10.1007/978-3-030-91424-0_17
Yu Liu1,*, Craig A. Shue1
  • 1: Worcester Polytechnic Institute, Worcester
*Contact email: yliu25@cs.wpi.edu

Abstract

Virtual private networks (VPNs) allow organizations to support their remote employees by creating tunnels that ensure confidentiality, integrity and authenticity of communicated packets. However, these same services are often provided by the application, in protocols such as TLS. As a result, the historical driving force for VPNs may be in decline. Instead, VPNs are often used to determine whether a communicating host is a legitimate member of the network to simplify filtering and access control. However, this comes with a cost: VPN implementations often introduce performance bottlenecks that affect the user experience.

To preserve straightforward filtering without the limitations of VPN deployments, we explore a simple network-level identifier that allows remote users to provide evidence that they have previously been vetted. This approach uniquely identifies each user, even if they are behind Carrier-Grade Network Address Translation, which causes widespread IP address sharing. Such identifiers remove the redundant cryptography, packet header overheads, and need for dedicated servers to implement VPNs. This lightweight approach can achieve access control goals with minimal performance overheads.

Keywords
Virtual private networks Access control Software-defined networking Residential networks Carrier-grade NAT
Published
2021-11-17
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-030-91424-0_17
Copyright © 2021–2025 ICST
EAI Logo

About EAI

Community

Publish with EAI