AbstractNetwork encryption technolo

Abstract
Network encryption technology has become an essential
factor for organizational security. Virtual Private Network (VPN)
or VPN encryption technology is the most popular technique
used to prevent unauthorized users access to private network.
This technique normally relies on mathematical function in
order to generate periodic key. As a result, it may decrease
security performance and vulnerable system, if high performance
computing make rapid progress to reverse mathematical
calculation to find out the next secret key pattern.The main
contribution of this paper emphasizes on improving VPN
performance by adopting quantum keys as a seed value into
one-time password technique to encompasses the whole
process of authentication, data confidentiality and security
key management methodology in order to protect against
eavesdroppers during data transmission over insecure network
Keyword: Quantum Keys, One-Time-Password , Virtual Private
Network.
1. Introduction
The evolution of information technologies has been growing
rapidly in order to meet human communication need today. In
which the security of data transmission has always been
concerned to transfer information from sender to receiver over
internet channel in a secure manner. Addressing on the network
security issues are the main priority concern to protect against
unauthorized users since the security technique should also cover
data integrity, confidentiality, authorization and further
non-repudiation services.
The lack of adequate knowledge with well known
understanding of software architecture and security engineering
leads to security vulnerabilities due to the eavesdroppers might
be able to gain information by monitoring the transmission for
pattern of communication, the capability to detect data packets
during transmission over internet, or enable to access information
within private data storage that may lead to the occurance of data
loss and data corruption. This is the critical factor cause to new
threads arise and may effect business objectives change. In terms
of worst case scenario this will definitely affect to organizational
stability, business opportunities and then may become a national
security threat. For this reason, many organizations have to pay
attention in order to find out the way to protect their information
from eavesdroppers based on security technology solutions that
agile enough to adapt itself and combat with an existing threats
due to security breach.
Therefore, data reliability and security protection are primary
concern for information exchange through unprotected network
connections in order to verify user, since only an authorized user
can entrance and ability to govern the resource access, while
encryption technology is also required for further data protection.
Presently, there are several types of cryptography [1] that
have been used to achieve comprehensive data protection based
on proven standard technology due to it is the most important
aspect of network and communication security which provide as
a basic building block for computer security. According end to
end security encryption typically rely on application layer closest
to the end user thus only data is encrypted. While, network
security encryption where IPsec comes into play to encompasses
confidentiality area by encapsulating security payload in both
transport mode operation and tunnel mode operation through
this type of encryption the entire IP packet including headers and
payload are encrypted. IPsec encryption based on Virtual Private
Network technology [2] presents an alternative approach for
network encryption since it fully provide trusted collaboration
framwork to be able to communicate each other over private
network. Nevertheless, user authentication mechanism,
cryptographic algorithms, key exchange procedure and traffic
selector information need to be configured and maintained among
two endpoints in order to establish VPN trusted tunnel before
data transmission begins.
Although, the widespread usage of classical VPN can improve
data transfer rate with maximum throughput, minimum delay and
well guranteed on non bottleneck occurrence due to every
communication routes is built the shortest part communication
with independent IPsec to improve elastic traffic performance. In
contrast, key exchange procedure during VPN setup is still a
major hurdle process of vulnerability, if either secret key get
trapped or key pattern broken up. In addition, most of the random
numbers have been used as the secret keys into cryptographic
algorithms derived based on mathematical functions. This key
generation manner is the one of the potential security
vulnerabilities for data communications when computer
technology become a high performance computing such make
rapid progress to reverse mathematical calculation to find out
secret key value.
One-time password mechanism [3] using quantum keys as a
seed value into hash function can be solved a traditional VPN
security problem in which it can eliminate the spoofing attack
caused by an eavesdropper has successfully masquerades as
another by falsifying data and thereby gaining an illegitimate
advantage. The main contribution of this paper emphasizes on
improving VPN security performance that adopted one-time
password technique to generate corresponding once symmetric
key upon a time for further VPN tunnel establishment as using
quantum keys as a seed value. Thus, the two endpoints are
typically authenticated themselves in a secure manner process
which rely on confidential protection. While, quantum keys have
been proposed to avoid repeating the same password several
times due to traditional password creation was derived from
mathematical calculation may lead to system vulnerabilities.
Addressing on quantum keys bring perfectly security
enhancement of password generation due to the beauty of
quantum key distribution (QKD) [4] promises to revolutionize
secure communication by providing security based on the
fundamental laws of physics [5], instead of the current state of
mathematical algorithms or computing technology [6].
This paper is organized as follows. Section 2 an overview of
VPN architecture and mechanism where the theory has been
applied upon design processes, technical solution and
implementation approach. Section 3 gives a details view to design
a VPN security architecture for further VPN tunnel establishment.
Since, the entire information are transferred through this
corresponded tunnel regarding to the authorization control.
Section 4 gives a comparison and analysis of an existing VPN
security method and proposed challenge idea will be disscussed.
Finally, some concluding remarks and future works are mentioned
in section 5.
2. VPN Architecture and Mechanism
Fortunately, there are several network encryption technologies
that have been used to protect private information from
eavesdroppers over insecure network. At the current VPN
encryption technology has become an attractive choice and widely
used for protection against network security attacks.
VPN encryption mechanism normally process as Client/Server
operation in order to establish a direct tunnel between source
address and destination address while the virtual private network
is built up. All data packets are consecutively passed over VPN
tunnel. Due to the merit of VPN technology can reduce network
cost consumption cause from physical leased lines, so that the
users can exchange such private information with high data
protection and trust. In addition, VPN architecture is encompassed
based on authentication [7], confidentiality and key management
functional areas. According to authentication service is typically
used to control the users when entrance into the system, only
authorized user able to do forward to encrypt a tunnel during
process of VPN connection start up. As the result, the
authentication header is inserted between the original IP header
and the new IP header shown in Figure 1. Next, confidentiality
service provide message encryption to prevent eavesdropping
by third parties. Finally, Key management service has been
concerned in order to handle a model of secure keys exchange
protocol.

Figure 1. The scenario of VPN encryption techniques
3. Designing a new VPN security architecture
Basically, VPN tunnel encryption can be classified into two
main methods. There are public key encryption method and
symmetric key encryption method. The paper has been
addressed only on symmetric key encryption that adopted
one-time password mechanism such one time key encryption
is used over time when VPN connection start up and finally
destroy the keys when disconnection. Since, the one-time keys
is originated from quantum keys as a seed value into hash
function [8][9]. The mechanism is covered both user
authentication process and tunnel establishment in order to
prevent against data integrity problem. Therefore, the
overview of VPN security architecture are mainly divided into
three major modules.
3.1 User Registration Module
In order to improve VPN security performance such a
connection, user registration module must required for either
first time entry or password is expired. This module will be
activated when new users enroll to the system to request
legitimate password. Figure 2 shows user registration
procedure that each individual process are explained as follows.
The result of this step will indicate the corresponding
password to those users. Such the password will be essentail
used in the step of user authentication and negotiation.
1) New user login/ Password expired: This case can be
occurred with two reasons. When new users who need to
register into the server want to ask for the legitimate password,
or their password are expired due to it exceeded the password
life time. So, the registration phase will be activated to
regenerated a new password.
2) Request for the password: The users transfer his/her
identity information including an official name