Prompt Lightweight VPN Session Resumption for Rapid Client Mobility and MTD Enablement for VPN Servers

Conference Paper
Conference Name: 
IEEE International Conference on Communications - ICC'18
Conference Location: 
Kansas City, MO, USA
Conference Date: 
Sunday, May 20, 2018
Sponsoring Organization: 
Publication Abstract: 

TLS-based VPN are increasingly used to establish a secure communication channel between VPN clients and server. However, they are not designed to handle the mobility VPN clients in efficient manner. OpenVPN, a widely deployed TLS VPN, binds VPN sessions with the clients and server IP addresses. A vertical handover will require an inactivity timeout to be triggered and full TLS handshake thereafter for the mobile client to resume the VPN session. Moreover, A VPN server that changes its IP address frequently as part of an MTD strategy will require the VPN clients to reconnect after their inactivity timeouts trigger with yet full TLS handshake. In this work, we developed and evaluated a lightweight VPN session resumption protocol that allows a VPN client or server to request an IP address update on-demand, maintaining the original TLS/VPN session. We implemented our protocol as part of MobiVPN which is a variation of OpenVPN. Our evaluation shows that VPN sessions can be maintained and resumed after an IP address change with an average of 97.19\% decrease in time required to resume the VPN session in MobiVPN compared to the original OpenVPN.