DEVELOPMENT OF AN IMPROVED APPLICATION SPECIFIC TUNELLING PROTOCOL SELECTION SCHEME FOR SITE TO SITE VIRTUAL PRIVATE NETWORKS
DEVELOPMENT OF AN IMPROVED APPLICATION SPECIFIC TUNELLING PROTOCOL SELECTION SCHEME FOR SITE TO SITE VIRTUAL PRIVATE NETWORKS
No Thumbnail Available
Date
2019-03
Authors
LAWRENCE, ALICE OCHANYA
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
This dissertation presents the development of an improved application specific tunnelling protocol selection scheme (iASTPSS) for site-to-site virtual private network (VPN). The aim is to develop an improved tunnelling protocol selection scheme for site to site VPN that is application specific, requiring security, bandwidth, and time sensitivity as a service for applications. ASTPSS has been developed for security, bandwidth, and time sensitive applications, but in the Internet protocol security (IPsec) tunnel which is responsible for providing security as a service to applications, the security algorithms used such as triple data encryption standard (3DES) and message digest 5 (MD5) are vulnerable to a couple of attacks that exposed the network to such attacks. Therefore, iASTPSS was developed to address these attacks through configurations on the tunnel, security algorithms with longer block size and key length namely advanced encryption standard 256 (AES256) and secure hash algorithm 256 (SHA256) that were optimised against these attacks. All software, graphical network simulator3 (GNS3), windows7 operating system (OS), virtual personal computers (VPCs) and Cisco Internetworking operating system (iOS) necessary for the emulation were setup in a virtual network environment running on Ubuntu 14.04 long term space (LTS) as host. Considering security, bandwidth, and time sensitivity as application requirements in a site-to-site VPN testbed, two layer-3 tunnelling protocols that met these requirements, IPsec and generic routing encapsulation (GRE) were deployed on the network developed in GNS3. Network performance was measured using throughput, latency, and round-trip time (RTT) as metrics. In the first stage of development in the IPsec tunnel, using these metrics, a trade-off of network performance for security occurred in iASTPSS in comparison to ASTPSS due to the computational overhead involved in the encryption process of iASTPSS. A second instance of iASTPSS was yet developed for the IPsec tunnel by using open shortest path first (OSPF) routing protocol to improve route convergence time and scale up the network. The effect of using OSPF was seen in the improvement of the network performance in throughput by 1.62% with a corresponding reduction in latency and RTT by 12.58% and 9.25% respectively compared to the first instance of iASTPSS that was configured with RIPv2. Consequently, this made the second instance of iASTPSS also suitable for both bandwidth and time sensitive applications besides security. In the GRE tunnel, iASTPSS outperformed ASTPSS with an improvement in throughput by 10.90%, with a 17.08%, and 66.29% reduction in latency, and RTT respectively.
Description
A DISSERTATION SUBMITTED TO THE SCHOOL OF POSTGRADUATE STUDIES, AHMADU BELLO UNIVERSITY, ZARIA
IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE AWARD OF MASTER OF SCIENCE (M.Sc) DEGREE IN COMPUTER ENGINEERING
DEPARTMENT OF COMPUTER ENGINEERING
FACULTY OF ENGINEERING
AHMADU BELLO UNIVERSITY, ZARIA
NIGERIA
Keywords
DEVELOPMENT,, IMPROVED APPLICATION,, SPECIFIC TUNELLING PROTOCOL SELECTION SCHEME,, SITE TO SITE,, VIRTUAL PRIVATE NETWORKS