Abdullah Alshalan Garrett Drown

blueberrystoreSecurity

Dec 9, 2013 (3 years and 10 months ago)

179 views

Abdullah Alshalan

Garrett Drown


Team 3

CSE591: Virtualization and Cloud Computing

Outline


Project Goal


Brief Project Background


Current Network Layout


Roadmap of our Project


Development


Summary


Challenges Faced

CSE591: Virtualization and Cloud Computing

Project Goal

Provide users of Android devices with
several reliable options for accessing a
cloud via a VPN connection.

CSE591: Virtualization and Cloud Computing

Technical Background


There are several different protocols users may wish to
use.


PPTP


With encryption


Without encryption


L2TP


Plain


IPSec PSK


IPSec CRT


SSL

CSE591: Virtualization and Cloud Computing

SSL

Secure Socket Layer (SSL):


Encrypt everything above the Transport Layer.


Uses certificates for authentication


Always uses the strongest encryption that both the
server and client support.


CSE591: Virtualization and Cloud Computing

Roadmap of Project

By midterm:


Set up, document, and test all possible server and protocol
combinations with the native Android client. (Completed)


Place a web server inside our VPN. (Completed)

By final:


Have L2TP IPSec with Certificates working (Completed)


Set up an SSL VPN Server (with OpenVPN) (Completed)


Set up an SSL VPN client for Android (Completed)


Website/Program for Registration (Completed)


Documentation of how we did what we did (Completed)


If time permits: Set up the native client to automatically
reconnect when the connection is lost. (80% Completed)

CSE591: Virtualization and Cloud Computing

Native Android Client


We have successfully set up the native Android
VPN client to work with the following
configurations:


Linux using L2TP


Linux using L2TP IPSec PSK


Linux using L2TP IPSec CRT


Windows using PPTP with no encryption


Windows using PPTP with encryption


Windows using L2TP


Windows using L2TP IPSec PSK

CSE591: Virtualization and Cloud Computing

Native Android Client


For each of the configurations
we have documented the steps
we took to set up the VPN
Servers and the VPN clients on
the Android device.


This allows others to easily
reproduce and expand on our
work.


This documentation now includes screenshots to assist future
users with the set up process.


CSE591: Virtualization and Cloud Computing

OpenVPN Server


The native Windows VPN
Server does not support SSL
VPN connections.


To support SSL, we installed
the OpenVPN Server on the
Windows server.


The OpenVPN also provides the means for creating the
certificates used by the clients.

CSE591: Virtualization and Cloud Computing

OpenVPN Client


The native Android VPN client
also does not support SSL VPN
connections.


To provide SSL VPN
functionality, we installed the
OpenVPN client on to the
Android and configured it to
work with the OpenVPN Server.


Our documentation was updated to include how to set up the
OpenVPN Server on the Windows server and the OpenVPN
client on the Android.

CSE591: Virtualization and Cloud Computing

Network Layout & Infrastructure

Server/
Client

Linux Server

Ubuntu

Server 10.10

Windows Server 2003

L2TP

L2TP
CRT

L2TP
PSK

SSL
VPN

PPTP
w/Enc

PPTP
No Enc

L2TP

L2TP
CRT

L2TP
PSK

SSL
VPN

Native
Android
Client

3
rd

Party

Android

CSE591: Virtualization and Cloud Computing

We also installed a web
-
based SSL VPN (Adito) on a Windows server. However,
it did not work with Android because the client agent needs a Java Run
-
time
machine which Android lacks.

MobiCloud VPN


There are a few shortcomings of
the native Android VPN client.


Because of this, we have
developed a new interface for
configuring and managing new,
existing, and/or active VPN
connections.

CSE591: Virtualization and Cloud Computing


It provides:


Easier access for creating VPN connections


Easier management of VPN connections


Automatic reconnect functionality


Provides users with an easy method for registering

MobiCloud VPN


The registration window allows
users to conveniently register
with the VPN Server.


Immediately after registering
users are able to access the VPN
using the information they
provided.

CSE591: Virtualization and Cloud Computing

Challenges Faced


Setting up Linux VPN Servers


Limited Documentation


Personal solutions provided online


Compatibility issues


Setting up the OpenVPN server and client


Very little documentation


Documentation became outdated for each major update to
the Android operating system.


Little documentation for (safely) rooting the phone and
gaining access to the Droid file system.

CSE591: Virtualization and Cloud Computing

Challenges Faced


Developing the new Android interface


The VPN APIs are not made publicly available or
documented.


Required us to go through source code and use unofficial
Android Java classes


No documentation provided


No comments in the code


Had to read through all of the code and understand
what it is doing and how it is doing it

CSE591: Virtualization and Cloud Computing

Demo

CSE591: Virtualization and Cloud Computing

Questions?

CSE591: Virtualization and Cloud Computing