Abstract

Traditionally, VPN (both RA-VPN and S2S-VPN) uses username/password (eg., with EAP, RADIUS etc.), certificates, PSK, mac-address, auth-token etc., for authentication and later extended with Multi-Factor Authentication.

In general, to prove (especially as part of authentication), usually user need to reveal some of the information. The sharing of such information can reveal the identity, in-turn reveal the privacy information of the user. Hence we need a method, where-in user can prove that, they know the secret without even transmitting it. Such method should enhance privacy by having no password leaks, no key sharing, resistant to MITM attacks etc.,

Similarly, for the VPN scenario, user device need to prove and authenticate as part of connection establishment, without sharing the information such as username/certificate/PSK and not even authentication token with the VPN gateway or AAA server. This proposal is one such method, where-in novel Zero Knowledge Proofs (ZKPs) is used to authenticate/authorize user, as part of VPN connection/tunnel establishment.

As per the proposal, during authentication and authorization phase of the VPN connection establishment, instead of sharing the user device identity such as username/mac-address/certificate/auth-token/PSK/hashed password, (which may expose the identity and hence privacy of the user/device), novel Zero Knowledge Proofs (ZKPs) method is proposed as explained below.

As per the proposed method, initially User Device and the VPN Gateway registers with the HyperLedger (private blockchain) by using Proof of Authority (PoA), creating self-sovereign identities (SSIs). Further HyperLedger confirms to AAA about the registration of the user device and VPN Gateway.

Whenever User Device want to establish VPN tunnel/connection with the VPN Gateway, it shares the ZKPs as part of Challenge Request/Response mechanism and is used for authentication and authorization of the user device.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS