Conventional approaches to encrypting data-in-transit such as SSL and IPSec are designed for wired networks with fast speed and reliable connections. In a mobile wireless network (WAN) environment, where transmission of data is slow and connections are less consistent, traditional VPN performance is not up-to-mark, frequent application failure, reduced speeds, and data loss.
What should Ideal Mobile VPN technology include?
One of the common weaknesses of Internet Protocol (TCP/IP) is that it does not have a built-in mechanism for data privacy and authenticity it passes over a public network. As a result, to resolve this issue, it became essential to use different mobile VPN technologies for identity validation and encryption of data-in-transit between two devices on the internet.
Conceptually, a traditional VPN is an intermediary or proxy between networks or computers to validate identity, data privacy, and encryption. However, increasing mobile devices, its diverse function, and privacy concerns require more advanced mobile VPN technologies. Mobile VPN must take the following into account.
Telecommuters are often on the move from sites to sites and office, and their IP address and network often change frequently. If a VPN does not facilitate this adaptability, users have to re-establish VPN connection each time IP changes.
The exchange of data must be reliable – The computers exchanging data must notify the users if the sending fails.
Users often suspend or hibernate their mobile devices to save battery life. The mobile VPN should sense the mode of devices and automatically resume without interrupting users. Otherwise, the application that depends on VPN connection are likely to fail and the user will lose data.
Cellular data networks are characterized by lower speeds and data loss as compared to wired networks. Applications are written for stable and fast speed wired networks. Mobile VPN must shelter such applications to maintain their performance on mobile networks.
In a nutshell, Mobile VPN technology tends to reduce the gap between user expectation from mobile networking and its realities.
Trending Mobile VPN Technologies
There is a hierarchy of different protocols including Application, Transport, the Internet, and Link layer protocols, used for different purposes. However, the most trending protocols used with mobile VPN are listed here.
IPSec VPN
(IPSec) Internet Protocol Security is widely used and known for “have your own internet.” It is used with various different transport protocols of VPN to secure data-in-transit between two systems. After the success of IPSec as a point-to-point protocol to secure data-in-transit between two computers, corporate environment adopted it for their software clients.
Remote employees can connect to company’s intranet using a VPN client through Wi-Fi connection or Dial-Up broadband. IPSec supports address-level/port controls for traffic within VPN tunnel, different encryption algorithms, and broad support across vendors and platforms.
However, IPSec is not well suited for mobile and wireless environment as it requires IP address to remain unchanged at both endpoints. Moving from one network to another disconnects IPSec protocol and requires re-authentication. It also does not address the performance requirements of mobile wireless networking.
SSL VPNs
SSL VPN is a browser-based VPNs are designed to protect application streams between SSL VPN gateway and remote users.
Unlike IPsec VPN which connects computers to reliable networks, SSL VPN connects computers to certain applications and network resources within a trusted network through a web portal. The portal then further acts as a proxy for data-in-transit.
SSL VPNs are ideal for encrypting online traffic and interacting with network resources from mobile devices. SSL VPNs must require a security software and a client software running on the device.
However, SSL VPN does not deal with frequent network changes and less consistent connectivity. Although, as compared to IPSec, SSL VPNs offers more benefit including secure access and easier deployment.
IKEv2 (Mobike) VPNs
IKEv2 (Mobility and Multi-homing protocol – Mobike) is an updated adaptation of IPsec’s IKE protocol. It supports mobile devices with numerous IP address, and IP addresses that changes. It is often used with IPSec protocol to ensure data confidentiality and authenticity.
As it’s fundamentally a key exchange protocol, IKEv2 does not protect applications from crashing on mobile devices when it hibernates or gets out of range.
Purpose-Specific or Purpose-built SSL VPNs.
Generic SSL VPNs does not perform in providing positive user experience, scalability and bringing all VPN users on a single platform. Such issues are addressed by Purpose-Specific SSL VPNs are modified by vendors to cater the needs of its users. Most of the known VPN services are using purpose-specific SSL VPN today. They offer different features of multiple IP addresses, changing of network adaptability, and application support. Third-party VPN service providers offer dedicated VPN servers in this case and offer custom features such as log-less connectivity, Kill Switch option (to prevent data leaking), website unblocking (e.g. access US Netflix, Facebook, Twitter etc.), and shared IP addresses.
Mobile IP VPNs
Mobile IP hides the IP address of changing networks from the applications when users roam with their mobile devices. It is often used with IPsec protocol to ensure data authentication and privacy. Pairing IPSec with Mobile IP for basic encryption and security increases the protocol overhead by following
- IPSec encapsulation for protection of data-in-transit between endpoints
- Mobile IP encapsulation to hide the changing of IP addresses
- Second layer IPSec encapsulation of security associations and Home Agent.
This protocol overhead reduces the overall performance, speed and setup complexity. Like IKEv2, Mobile IP is not optimized for mobile wireless networks.
While every mobile VPN technology has its inherent issues but these are used more often over traditional VPN to address issues of application performance, usability, and productivity.
[su_box title=”About Peter Buttler” style=”noise” box_color=”#336588″][short_info id=’94472′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.