-1 -

Wireless GPRS Access to

Virtual Private Networks
For Carriers and ESPs
February 21, 2000
Roy Kopeikin & Steve Sommars

1 INTRODUCTION ....................................................................................................2

1.1 VPNs and How They Benefits Operators and Customers ................................................................2

1.2 Roaming and Wireless VPNs ....................................................................................................................3

1.3 What Makes GPRS VPNs Different? .....................................................................................................3

1.4 Many Options for GPRS VPNs ................................................................................................................3

2 SERVICE PROVIDER INDEPENDENT W-VPN, VOLUNTARY TUNNELING ......4

2.1 Service Provider Independent VPN, IPsec end-to-end, with PKI...................................................4

3 SERVICE PROVIDER DEPENDENT, COMPULSORY VPN ACCESS .................5

3.1 L2TP-based Wireless VPN in a GPRS Infrastructure.......................................................................6

3.2 IPsec Gateways, Compulsory Tunneling W-VPN...............................................................................6

3.3 Remote GPRS GGSN, Behind the Corporate Firewall .....................................................................8

4 CONCLUSION........................................................................................................9

APPENDIX: OVERVIEW OF KEY VPN TECHNICAL COMPONENTS.........................10

Tunneling Techniques, An Overview......................................................................................................................10

PPTP, L2TP and IPsec Tunneling Protocols .......................................................................................................10

PPTP and Its Key Benefits....................................................................................................................................... 10
L2TP and Its Key Benefits....................................................................................................................................... 11
IPsec - The IETFs Standard Protocol Suite for secure end-to-end W-VPN................................................. 12

Digital Certificate (Public Key Infrastructure - PKI) Technology.................................................................13

RADIUS ..........................................................................................................................................................................14

Security Associations ..................................................................................................................................................14

Lucent Technologies Proprietary

DRAFT
 -2 -

1 Introduction
GPRS (General Packet Radio Service) must support access to private corporate networks.
Corporations expect convenient, but secure, access from wireless data networks. Roaming
mobile corporate users should have secure, trusted access to the companys data vaults. The
term Wireless Virtual Private Network (Wireless VPN) is used to describe such an environment.
This document reviews key tunneling, authentication and encryption techniques and ways GPRS
can use them to provide secure corporate network access. This document then applies these
components to GPRS VPN access solutions, and shows implications for carriers.

1.1 VPNs and How They Benefits Operators and Customers

A VPN provides a corporation many of the benefits of a dedicated network without the expenses
of deploying and maintaining equipment and facilities. Often VPN solutions include the use of
services from telecommunication carriers. The term Virtual Private Network originated with voice
long distance deregulation in 1984. In the last ten years, data VPNs have also become popular,
often implemented using Frame Relay services. Recently VPN services based on the Internet
have become available. With the expansion of IP protocol into our networks, VPNs now span
from voice to data services, from wireline to wireless. Operators offer value added via connectivity
at far lower rates than dedicated leased lines. The GPRS VPN operator would provide a range of
services from full outsourcing of the corporate data network operation to providing selected parts
of it, like remote access, site connectivity, or extranet services with partners. Access by remote
mobile workers is becoming more important as telecommuting increases and their productivity
gains become an obvious part of the information delivery process.

Remote PPP W -ISP P P P Wireless

User
Office

Corporate HQ, Internet Extranet

Main Site, CIO Offices
Firewall
PPP

Figure 1 Corporate VPN Access Service Points

GPRS wireless access services make this possible. Many GPRS operators will enter this
lucrative and competitive market. Sometimes the computers we dont see will participate in VPNs;
in vehicles, vending machines and appliances that are remotely monitored where wireline
connectivity is not feasible or financially practical. Wireless VPNs will share resources in the
GPRS backbone. GPRS VPNs are based on standard Internet protocols and feature seamless
interoperability between providers. Some providers may support multiple access technologies.
With Intranets everywhere, IP will be the main corporate network protocol, enhanced to provide
end-to-end security, confidentiality, authentication and integrity over a shared VPN network.

In summary, VPNs benefit both the corporation and the service provider because:
Corporations outsource remote access to avoid the cost of purchasing and supporting
infrastructure.
Corporations leverage the Internet to provide seamless connectivity to remote offices, SOHO,
mobile employees and extranet business partners over a secure network infrastructure,
VPN enhances corporate relationships with customers, business partners, and suppliers.

Lucent Technologies Proprietary

DRAFT
 -3 -

Service providers increase revenue by offering secure, value-added network access services.
Service providers differentiate their VPN offerings, adding extranet & content-related services
Service providers alleviate end-point congestion in the PSTN by implementing Internet-based
VPN

1.2 Roaming and Wireless VPNs

Wireline roaming consortia currently provide worldwide gateway-to-gateway voice over IP
services and worldwide local rate corporate dial-up, PPP-based network access via their
clearinghouse services, enabling dynamic VPN setup across a number of providers. Likewise, it
will be natural for wireless operators to extend their roaming agreements to include VPN and
Corporate network access service over the GPRS network. In the future, global roaming and AAA
infrastructure could be deployed, together with a widespread availability of mobile IP services.
The same infrastructure could eventually be used for both wireline and wireless services. The
slow pace of standards developments of the former justifies reliance on GPRS roaming
infrastructure. GPRS infrastructure deployed as the packet data network for TDMA, GSM and
UMTS forms the basis of this document.

1.3 What Makes GPRS VPNs Different?

A GPRS VPN shares many requirements with other virtual private networks. The remote user
needs network access comparable to that of on-premise corporate computers. The remote user
must be authenticated, possibly by both the access network and by the corporation. There
should be no eavesdropping on data flowing between the remote user and the corporation, nor
should it be possible for the data to be altered by a third party. The presence of VPN users and
the infrastructure to support them should not provide a conduit for an intruder to breach the
corporate firewall.

Where a GPRS VPN is being considered, a corporation should evaluate several factors unique to
the wireless world. Security aspects may be the foremost concern, especially for what might
appear to be the most vulnerable portion of the Mobile-corporation path: the airlink. TDMA and
the other GPRS access technologies have designed the mobile network so that the packet data
traffic is protected by encryption over the air. This improves performance, as many end-to-end
encryption methods add extra bytes to each packet sent over the air. They will also interfere with
the data compression techniques implemented between the mobile system and the GPRS
operators network.

The availability of VPN service for roaming users should be discussed. Some corporations will
only want their networks accessed using selected wireless operators, or from selected
geographical locations. Multinational corporations may decide that roaming users should
connect with local VPN access points.

The performance of the airlink, especially the throughput seen by data users, will vary. Though
the GPRS airlink has multiple methods to ensure reliable airlink data transmission, factors such
as fading and multipath may reduce performance. A corporation wishing to deploy applications
that are delay and throughput sensitive should discuss the feasibility with the GPRS operator.
Enhancements to the airlink and network infrastructure to meet enhanced QoS requirements are
underway in standards organizations.

1.4 Many Options for GPRS VPNs

Though GPRS VPN service needs will be mostly met by the GPRS operators (service provider
dependent VPNs), there will also be those corporations that deploy ad hoc solutions (service
provider independent VPNs). VPN solutions from both categories are discussed in the following
sections. As a variety of technologies can be combined to meet differing requirements, only a
few sample VPN configurations can be discussed.

Lucent Technologies Proprietary

DRAFT
 -4 -

2 Service Provider Independent W-VPN, Voluntary Tunneling

GPRS
HLR IPsec
IPsec
VPN Gateway
Clients GGSN Internet Server
Carriers Packet
Data Network (Any ISP) Intranet
GTP Connection
SGSN
IPsec Tunnel, end-to-end
Security
Virtual Private Network (VPN) Server

Figure 2 Service Provider Independent (SPI), with Voluntary Tunneling

End-to-end, voluntary tunneling technology is used to support corporate-based VPNs. Shown in

Figure 2; the best example of this is IPsec, an IETF standard. The IPsec tunnel is from a gateway
server that matches security parameters with client-software on the users PC, distributed by the
company to its mobile workers. The IPsec technology provides a secure tunnel extended from the
remote clients, via the GPRS backbone, across the Internet, to the gateway, via basic TCP/IP
protocols. If authentication is successful, the user enters the corporate Intranet to access host
computers and servers. Voluntary IPsec tunnels include encryption of all data. This places an
added overhead of often more than 25% on the RF interface. Voluntary (tunneling) is end-to-end,
and terminates at the users PC or PDA. It can be delivered independent of the infrastructure
provider. More bandwidth is used over the air interface than with compulsory tunneling (see
below). Other voluntary tunneling examples that will be used with GPRS architecture include:

1. PPTP (Point to Point Tunneling Protocol) from the MS to a gateway within the corporate
network.
2. L2TP (Layer 2 Tunneling Protocol) from the MS to a corporate LNS (L2TP Network Server)
within the corporation. The MS itself takes on the LAC (L2TP Access Concentrator) function.
Note that L2TP does not itself include data encryption. Running L2TP on top of an IPsec
layer will provide the needed confidentiality.

These other two voluntary tunneling solutions utilize PPP (Point to Point Protocol). If a
compression option for PPP can be negotiated between the endpoints, this will provide some
compensation for the additional headers required by tunneling.

Service Provider Independent (SPI), voluntary tunneling is a solution technically independent of a

service providers infrastructure, involving only transport of information. All security aspects are
an end-to-end responsibility, not the networks. Nonetheless, wireless carriers will be asked to
offer technical support to corporate clients who could build and manage their own end-to-end
rd
VPN solutions, or outsource such to 3 parties. In a robust SPI implementation, the corporations
tasks would include:
distribute client software to remote corporate citizens needing secure wireless access, and
manage internal security systems: AAA server, real-time intrusion detection system, and
manage multiple Service Level Agreements (SLAs) with service providers

2.1 Service Provider Independent VPN, IPsec end-to-end, with PKI

Voluntary-based W-VPN Access: Example, Figure 3 below depicts the session flow of IPsec in
rd
an end-to-end service context. Use of a trusted 3 party CA (certificate authority) with its PKI
(Public Key Infrastructure see the appendix) is exposed. This solution might utilize Lucents

Lucent Technologies Proprietary

DRAFT
 -5 -

access router AP1000, or Lucents Managed Firewall product, both based on IPsec security, and
compatible with the industrys leading RADIUS and PKI products and service providers.

MS Basestation GGSN
Homepage
Access:
Billing = 1
Public Key Infrastructure
Firewall &
Profile = 2
Location = 3
Subscribe = 4
SGSN (PKI) Authentication
TE
Server IPsec Gateway

Trusted
data request
IPsec Connection request
Packet
VPN Connection and service request Data Network
Clients Authentication request

Validated auth respons e

IPsec tunnel

Figure 3 Service Provider Independent (SPI), IPsec with 3rd party PKI
The GPRS operator may provide portions of the Public Key Infrastructure (PKI). While its role in
providing the VPN might seem limited, the operator can play an important role to reduce security
risks associated with the service provider independent, voluntary tunnels. While the remote user
can have a secure path to the corporate intranet, the users device may still be accessible from
the larger, insecure, Internet. Should that device is compromised, the security of the corporation
is imperiled. The problem stems from having a remote device that has a network presence on
both secure and insecure networks. The addition of protective firewall software on the client is
one potential solution. Another solution would be for the GPRS operator to screen the mobiles
traffic to/from IP addresses other than the corporate gateway.

3 Service Provider Dependent, Compulsory VPN Access

LNS
LAC
Server
Wireless
VPN GPRS Firewall
Users packet data network
Internet , Intranet
any ISP

GGSN
SGSN Compulsory Tunnel
PPP AAA
Server

Virtual Private Network (VPN)

Figure 4 Service Provider Dependent W-VPN, with Compulsory Tunneling

Figure 4 shows a GPRS W-VPN utilizing compulsory tunneling. Rather than an end-to-end
solution, the VPN is made of two distinct segments, one in the GPRS operators access network

Lucent Technologies Proprietary

DRAFT
 -6 -

and another that traverses the Internet. The network operator delivers a value-added, secure,
access service. Its access concentrator is the tunnel establishment point. After connecting to it
users data is tunneled to a termination device at the edge of the corporate network. Here user
packets are authenticated, and access to corporate data is authorized. The carrier builds and
manages this network-to-network compulsory solution. Here, the corporation and its road warriors
depend upon the service providers wireless transport to access their Intranet. Example
compulsory GPRS solutions include:

1. L2TP access concentrator in carriers network between GGSN and corporate firewall;
2. Gateway to gateway compulsory IPsec tunneling;
3. A dedicated GPRS-GGSN, co-located at/near the corporate firewall (using GTP tunneling);

3.1 L2TP-based Wireless VPN in a GPRS Infrastructure

Standardized L2TP (RFC2661) evolved from various proprietary protocols and is intended to
improve interoperability between different vendor's tunneling equipment. L2TP is not an end all
answer. Notably, L2TP does not provide its own security (encryption), but can make use of IPsec.
L2TP operates in compulsory mode in which the tunnel is supported by service provider gear.
L2TP can also operate in a voluntary mode (see section 2 above), in which the tunnel end point is
actually on the user's laptop. In this case the user incurs the tunnel overhead. This section only
focuses on the compulsory mode.

The user (mobile device) requests a PPP session that starts at the mobile and then exits the
GPRS network at the GGSN. The GGSN either contains, or is collocated with, an L2TP LAC.
The LAC tunnels the PPP stream (via L2TP packets carrying PPP frames) to an L2TP LNS at the
corporate networks edge. Actual authentication and authorization, as well as IP address
assignment occurs here, under the control of the corporate network.

This scenario is based on a SLA or Security Association (SA) established between a LAC
function that is at the GGSN and corporate-based LNS, see Figure 4. The SA provides privacy
rules and L2TP tunnels for user data. This is important because L2TP does not support its own
security and because PPP encryption is neither widely deployed nor have multi-vendor
interoperability. In this compulsory scenario, the operator assigns a corporation an APN (Access
Point Name) network identifier (for example corp_xyz_vpn.tdmaoperator.net). That APN is used
by the SGSN to select the GGSN to be addressed for a specific group of corporate mobile users.
The GGSN will receive the IP address of the LNS at the users corporate network. This is passed
to the LAC function, for packet forwarding to the LNS.

The user accesses a corporate network after their wireless device first attaches to the GPRS
network, using a data type PPP and specifying the APN. Once the PDP context is active, control
is passed to the LAC so it can relay the information used by PPP. This triggers the establishment
of a L2TP control connection to the corporate LNS. If an L2TP tunnel is already established for
the corporate VPN connection the newly attached user can share it. If not, a new tunnel will be
created. The GGSN then uses the L2TP control connection to establish an L2TP call (L2TP
tunnel to carry PPP) between the LAC and the LNS. The authentication of the mobile is
performed via the corporate LNS. The corporate LNS will often utilize the services of the
corporate AAA system (e.g. RADIUS). After authentication phase an IP address is assigned to
the mobile, as is normally the case. The mobile has no carrier-network IP address associated
with it, instead the mobile has thus established a PPP session directly with the corporate network.

3.2 IPsec Gateways, Compulsory Tunneling W-VPN

This example is similar to the L2TP section above, except the Corporations VPN gateway server
establishes an IPsec rather than an L2TP tunnel. In the previous section, the SA (security
associations) between the LAC and LNS was pre-provisioned. In this IPsec case, the SA could be

Lucent Technologies Proprietary

DRAFT
 -7 -

dynamically established, but it is more likely to be pre-provisioned because administration is more

complex. The tunnel goes between the two gateways, and is not an end-to-end solution.

MS
GGSN IPsec Public
Basestation Key
TE Infrastructure
(PKI)
gateway Authentication
Server Firewall &
SGSN IPsec Gateway

IPsec IPSec automatic

VPN tunnel establishment
Clients Service request
Activate PDP Internet, any ISP
Create PDP
Context request Connection request
Context Request

Authentication request
CreatePDPContextResponse (without
external PDN address allocation)
Validated auth response
Activate PDP Context Accept

Authentication response
Update PDP Context Responsewith
(
external PDN address allocation
) with PDN address allocation

Modify PDP Context Request

Modify PDP Context Accept

Update PDP Context Response

IPsec tunnel
Figure 5 IPsec gateway with PKI and external address allocation

It is important to note that this solution requires that the GGSN directly associate the mobiles IP
address with the IPSec tunnel so that packets to/from the mobile traverse only that tunnel. The
corporation may internal use IP addresses that conflict with normal Internet assignments, e.g.
through the use of private IP addresses as described in RFC1918.

Figure 5, above, depicts the session flow of a PDP context establishment where the user is
rd
authenticated for private network access via a highly trusted 3 party PKI service provider. This
scenario may be viable for corporations seeking to lower the cost of their internal security
systems, while avoiding full trust in their wireless carrier. Or, the wireless carrier can offer to
provide this PKI as a value-added service, perhaps including wireless e-commerce transaction
services for horizontal services/markets.

Figure 6 below, shows a logical multiple VPN gateway architecture for a GPRS Backbone System

Lucent Technologies Proprietary

DRAFT
 -8 -

IPsec Tunneling / Packet Filtering IPsec Tunneling / Packet Filtering IPsec Tunneling / Packet Filtering IPsec Tunneling / Packet Filtering
PKI, 3rd Party
Authentication
Server
Carrier Intranet Lucent Corp. Intranet
Packet Data
Base Network FIREWALL
SGSN
Station
GGSN & Router
...
Private Corporate
App.
Corporation Y

Firewall Servers
Router Internet,
any ISP
FIREWALL

Authentication
Server
Security
& Router
...
Private Corporate
App.
Mgt Server
Lucent Corp. Security zone Servers

Mr. Green, APN = Corp. X VPN Security Zone

Corp. X Security zone Mr.. Grey, APN = Lucent
Mr
Mr. Blue, APN = Corp. Y
FIREWALL

Corp. Y Security zone

& Router
...
Private Corporate
App.
GPRS HLR Servers Corporation X

Tunnel

Virtual Private Network (VPN)

Note: This solution makes use of Internet standard IPsec gateway

technology, such as found in the Lucent Managed Firewall product.

Figure 6 IPsec compulsory W-VPN, Logical Architecture

In this example above, each VPN can be defined by filtering rules in a managed firewall. The
above example suggests a trusted GPRS HLR look-up as the means to authenticate a mobile
subscriber to a VPN group, and be allowed access behind its corporate firewall.

3.3 Remote GPRS GGSN, Behind the Corporate Firewall

Wireless GPRS
VPN HLR
Clients Firewall
SGSN Carriers Packet
Data Network
Internet Intranet
(Any ISP)
GTP Connection GGSN

GPRS Tunnel
Security
Virtual Private Network (VPN) Server

Figure 7 Compulsory W-VPN, with GGSN behind Corp. Firewall

Putting a GGSN at or behind the corporate firewall provides GTP tunneling over the Internet.
WIth the additional of an IPsec point-to-point tunnel between the GPRS network and the GGSN
the payload itself is protected. The remote GGSN case, shown in Figure 7 is an interesting
alternative with a router-based platform for the GGSN. Issues:
1. Is it cost effective to have a GGSN on the corporate premises?
2. How does the service provider ensure the secure of the GPRS infrastructure when a
connection to the SGSN, a key network node, exists in a remote corporate site.
3. Another issue is ownership and administration of the GGSN.

Lucent Technologies Proprietary

DRAFT
 -9 -

Does the GPRS operator manage this node? If so, how does the operator gain the
required access? A specific Service Level Agreement is needed.
If the remote GGSN is owned and operated by the corporation, is the corporation then
responsibe for establishing any required roaming agreements?

Working out satisfactory answers to the above can turn this scenario into a very viable VPN
option for corporations.

4 Conclusion
This paper has highlighted a short set of the solutions available for implementing VPNs on GPRS
networks. The surviving solution(s) will be those that can economically deliver secure, efficient,
and low maintenance VPNs, and they could achieve significant market presence.

Lucent is vigorously working standards issues to ensure that interoperable solutions are available
for GPRS operators and their corporate customers.

Lucent Technologies Proprietary

DRAFT
 - 10 -

Appendix: Overview of Key VPN Technical Components

Tunneling Techniques, An Overview
Tunneling is the process of putting one packet inside another, and can be thought of as the act of
encapsulating ordinary IP packets inside IP packets plus, optionally, some encapsulating header
such as the GRE header (Generic Routing Encapsulation, RFC 1701). Tunnels can also be used
to encapsulate non-routing protocols, such as PPP. The resulting packet is sent to the
destination end point connected to the originating endpoint, by a public (non-secure) channel.
These two endpoints are the tunnel endpoints. These endpoints may not span the entire
connection of the concerned traffic. While tunneling itself cant guarantee the confidentiality and
integrity of the encapsulated packets, this can be accomplished via use of standard security
techniques. The IPsec standard (see below) for example, includes an Authentication Header (AH)
and an Encapsulating Security Payload (ESP) header that provide authentication, integrity and
confidentiality. The two main kinds of tunneling are: 1) Voluntary tunneling, where the end-user
equipment initiates the tunnel, most often to a corporate firewall endpoint and 2) Compulsory
tunneling, where network components (servers, gateways, etc.) maintain one tunnel endpoint
which typically terminates at the private networks firewall.

PPTP, L2TP and IPsec Tunneling Protocols

PPTP (Point-to-Point Tunneling Protocol) is a classic example of voluntary tunneling over the
Internet. It creates secure channels in Windows NT, Win95-98, and other Windows clients, to a
PPTP server across the Intranet. L2TP protocol is often used in the case of compulsory tunneling.
Both of these protocols tunnel PPP frames and can therefore be used to support access to
private networks based on protocols different from IP.

PPTP and Its Key Benefits

PPTP RFC 2637 is an informational RFC published to document a PPTP solution defined by a
set of vendors, including Microsoft. PPTP mechanisms tunnel Point-to-Point Protocol (PPP)
frames and allow encryption. In PPTP, CHAP and PAP algorithms are used for secure PPP
access request authentication.

Much of the PPTP work was done in the PPTP forum (Lucent/Ascend, US Robotics / 3Com
Corp., and Telematics). Support for compulsory PPTP tunnels is also built into network access
servers from these members. Standards bodies attention has shifted to L2TP. Still, PPTP
remains an important option where the encryption and decryption end points are Windows clients
due to the strong support from Microsoft.

PPTP is designed to provide a tunnel for transporting PPP through an IP network, therefore can
support multiple protocols (IP, IPX, and NetBEUI); and be used to access a variety of LAN
infrastructures. PPTP is intended to decouple functions, which exist in Network Access Servers,
in client server architectures designed for VPNs. The client PPTP Access Concentrator (PAC)
can operate as a classic access platform. This is the logical termination of PPP LCP sessions.
The server part, PNS, is intended to run on general-purpose operating systems.
PPTP decoupling allows aggregation of access channels to the Intranet It is possible to have
a many-to-many relationship between PACs and PNSs. As example, an ISP can provide
VPN service for multiple private network clients, and multiple PACs can connect to a single
PNS. Also, PPTP requires no change to the network addressing that is in place today.
PPTP uses an extended GRE header format that can be used to determine the rate at which
packets are to be transmitted over the tunnel during a given session, thus allowing for low
level bandwidth management of the tunnel traffic. It efficiently allows acknowledgments to be
piggybacked onto data packets. The sliding window protocol of the PPTP data path promotes
flow control on each end of the tunnel. It ramps up with each successful packet transmission.

Lucent Technologies Proprietary

DRAFT
 - 11 -

In general, PPTP is somewhat simple to implement. Microsofts PPTP is included at no cost

in Windows NT and current versions of Windows 98. Microsoft has also made sample PPTP
source code available to third parties.

L2TP and Its Key Benefits

L2TP (Layer 2 Tunneling Protocol) has been defined in the IETF PPPEXT WG (RFC 2661).
Classic layer 2 tunneling was created to avoid the long distance phone charges of dialing direct
into the corporate HQ modem bank for PPP connectivity. L2TP allows an ISP to terminate a
phone line locally (at the L2TP Access Concentrator, or LAC) and then remote the PPP point of
termination back to the corporate site where the PPP is actually processed (at the L2TP Network
Server, NAS, or LNS/NAS). Functions like authentication, authorization, and address assignment
are handed at the corporate site as well.

The L2TP tunnel transports both control and data messages. The data messages are PPP
frames encapsulated in the L2TP header. A Session ID in the L2TP header is associated to data
messages belonging to the same PPP session. PPP calls are controlled by L2TP Control
messages. Control messages are transported over a reliable channel that L2TP itself provides.
L2TP can run over UDP, which is faster and leaner than TCP but doesnt retransmit lost packets.
PPTP separates the control and data channels into a control stream that runs over TCP and a
data stream that runs over GRE encapsulation. With combining channels and use of UDP, this
can make L2TP superior to PPTP in some contexts. L2TP is protocol-independent, and can run in
other networks, like X.25, Frame Relay and ATM. Some vendors that support it are implementing
L2TP over UDP for use with Internet tunneling.

As stated above, L2TP by itself is not fully secure. It provides a secure CHAP-like authentication
of the L2TP control connection, but tunnel hijacking is still possible by expert hackers. To fully
secure L2TP tunnels, a service provider needs IPsec mechanisms. Manually configured static
security associations could be part of a Service Level Agreement (SLA) between the corporation
and the wireless network operator. Otherwise, dynamic negotiation procedures could be used, a
la IPsec.

In a typical L2TP context, PPP frames are tunneled between the Remote System (RS) and an
LNS located in a Corporate Intranet/LAN. The RS initiates a PPP connection to a LAC, which
tunnels the PPP connection across the Internet to an LNS whereby access to the Corporate
Intranet is obtained. A LAC Client (a Host which runs L2TP natively) may also participate in
tunneling to the Intranet. In this case, the Host equipped with the LAC Client software uses a
connection to the public Internet to set up a "virtual" PPP via a L2TP tunnel to the LNS. The RS is
assigned an address from the Corporate Intranet/LAN via PPP NCP negotiation. The Intranets
AAA server may provide authentication, Authorization and Accounting (AAA), as if the user was
connected to a Network Access Server directly. The typical AAA protocol used is RADIUS. A
RADIUS client will be normally collocated with the LNS. Where a trusted SLA relationship exists
between the PLMNO and the corporation, proxy authentication is possible, and is performed at
the LAC by passing authentication information and authorization information between the LAC
and the LNS. The LNS may however request the PPP authentication phase to take place at the
LNS by turning off the proxy authentication.

The main benefits or pros associated with L2TP are as follows:

L2TP offers vendor interoperability. It can be used as part of the wholesale access solution,
which allows Telcos or service providers to offer VPNs to Internet Service Providers (ISPs)
and others.
L2TP can be operated as a client initiated VPN solution, where enterprise customers using a
PC, can use the client initiated L2TP from a third party.
Value-added services such as load sharing and backup support are available from vendors.
Since L2TP can project a PPP session to a location other than the point where it was
physically received, it can make multiple channels terminate at a single NAS. This allows

Lucent Technologies Proprietary

DRAFT
 - 12 -

multilink even when sessions spread across distinct physical NASs. (Multilink PPP
[RFC1990] requires that channels of a multilink bundle be grouped at a single or Network
Access Server.)

IPsec - The IETFs Standard Protocol Suite for secure end-to-end W-VPN
The IETF developed the IP security (IPsec) protocol suite (RFC 2401), a set of IP extensions that
provide security services at the network layer. IPsec technology is based on standard
cryptographic technologies, making possible very strong data authentication and privacy
guarantees. IPsec secures the applications and the network they run over. As it secures the
network itself, the IPsec protocol suite guarantees security for any application using the network.

IPsec as a voluntary tunneling approach is a more secure alternative than PPTP or L2TP. It
supports stronger encryption algorithms, such as Triple DES etc. Secure W-VPN solutions
require good key exchange mechanisms that scale easily without degrading performance. IPsec
supports large enterprise needs. Its strong key exchange protocol negotiation scheme sets it
apart from other security systems.

IPsecs Security Services

An IPsec implementation operates in a host or a security gateway environment, affording
protection to IP traffic. In addition, IPsec provides interoperable, cryptographic based security at
the IP layer, offering protection for IP and/or upper layer protocols. Security services offered
include connectionless integrity, data origin authentication, confidentiality (encryption), and traffic
flow confidentiality. This is accomplished via of two traffic security protocols, the Authentication
Header (AH) and the Encapsulating Security Payload (ESP). Each protocol supports two modes:
transport mode and tunnel mode. In transport mode the protocols provide protection primarily for
upper layer protocols; in tunnel mode, the protocols are applied to tunneled IP packets.
IPsec management includes specifying: which security services to use and in what combinations,
and the granularity at which a given security protection should be applied the algorithms used to
effect cryptographic-based security
The set of IPsec protocols used, and how they are employed, is determined by the security and
system requirements of users, applications, sites, etc. Specific expertise is needed for them to be
correctly implemented and deployed, so as not to adversely affect users, hosts, and other Internet
components. Hence professional services could be offered to corporations needing to use this
approach for remote access and W-VPN connectivity.

Important IPsec-based features

Here are some of the main features to look for amongst the numerous IPsec vendors who offer
commercial products today.

Authentication of all hosts and all incoming IP traffic.

Integrity and privacy for outgoing data, ensuring it will not be altered or viewed by hackers
Ability to secure all user communication and network applications transparently:
Assure that no modifications are required to any existing legacy applications.
Compatible with multiple encryption algorithms.
Flexible remote network access control facilities for individual system controls.
Support for nomadic mode mobile users whose network address can change.
State of the art graphical user interface tools for administration.
Provide a public-key cryptography implementation with automatic certificate discovery
capabilities to eliminate manual key distribution.

IPsec includes an integrity check, to ensure that no packets are deleted, added or tampered with
during transmission, a strong security differentiator. Via IPsec, information is encrypted, and with
digital certificates authentication the trusted identity of the communicating hosts are assured
using public key encryption. AH and ESP protocols are the IPsec building blocks needed to

Lucent Technologies Proprietary

DRAFT
 - 13 -

implement secure W-VPNs. Encryption services provided by AH and ESP keep data secret, for
verification of its origin, and for providing protection against undetected tampering.

Secure W-VPN solutions require good key exchange mechanisms. The importance increases as
enterprises get larger. IPsec supports large enterprise needs with its strong key exchange
protocol negotiation scheme sets it apart from other security systems. It provides negotiation with
other entities: the protocols, encryption algorithms, and for easy exchange of key mechanisms.
In summary, IPsec W-VPN allows one to:

form Security Associations (SAs) with a range of attributes, layer network access services
build multiple domains of communication within the same secure context, ex: W-VPN, VPN
update keys as frequently as needed, getting the best of both worlds - perfect forward
secrecy, and a transparent background mechanism the user doesnt ever think about
implement in any IP network environment, of any size, for any size of enterprise, and
implement with anyone using IPsec technology, creating new SAs with whomever needed

With an IPsec secure W-VPN you can have secure end-to-end networking, without making
constant, drastic changes to your network infrastructure. A laptop with a suitable IPsec-compliant
program can connect securely and transparently to your corporate network through a W-ISP
anywhere. One no longer needs to lease dedicated data lines because an Internet connection of
suitable available bandwidth will do the same job. Internet Service Providers (ISPs) are now
moving to provide VPN service level guarantees like those of a leased line.

IPsec-based Systems and Vendor Interoperability

A limited amount of IPsec-based interoperability testing has been done in recent months (3q-99).
It has revealed that most products can establish a session and exchange IPsec packets, but the
ability to support advanced security could become a challenge for security managers.

The journal Network World has not reported any detailed results on specific vendors to the public,
but information released is suggesting that exchanging encryption keys using IPsec and a
standard known as the Internet Key Exchange (IKE) can be a problem. IKE interoperability will
become more important as greater numbers of companies use VPNs in extranets and e-
commerce. Security managers need assurance that if they require the exchange of keys before a
transaction can commence the device at the client's or customer's end of the session will be able
to send or receive a key in the process of establishing a session.

Digital Certificate (Public Key Infrastructure - PKI) Technology

An end-to-end PKI security solution for enterprise Intranet and Extranet communications, includes
an overall PKI infrastructure and software that provides desktop security and Web-based digital
certificate issuance. This is transparent to corporate users. Hence, so they are more likely to send
secured e-mails, etc. without any special training. PKIs issue certificates to authenticate
customers, using mathematical "keys" to encrypt and digitally sign each transaction. Such keys
are managed via the PKI, which provides confidentiality and access control for applications
across an enterprise. A PKI manages the life cycle of certificates. PKI software can be combined
with other security elements such as firewalls and routers. All users in a PKI have a registered
identity, making wireless data communication safer. Stored in a digital format in a directory, a
typical PKI certificate includes:
users name and other attributes that uniquely identify the user (i.e. employee number)
public key of the user, required so others can encrypt or verify the users digital signature
Validity period for the certificate (i.e. six months, 2 years etc.)
specific operations for using the public key (i.e. encrypting data, verifying digital signatures,)

Lucent Technologies Proprietary

DRAFT
 - 14 -

RADIUS
The Remote Authentication Dial In User Service (RADIUS) protocol is a very popular method for
managing remote user authentication and authorization. RADIUS is a lightweight, UDP-based
protocol. It is used for managing dispersed serial lines and modem pools for large numbers of
users, because of the need for large-scale administrative support. As modem pools are used for
access from the outside world, they require robust solutions for security, authorization and
accounting. With RADIUS this is achieved by managing a single 'database' of users, that allows
authentication (verifying user name and password) and configuration information detailing the
type of service to deliver to the user (ex: PPP, SLIP, telnet, etc).

The main components of RADIUS, in the Client/Server Model include: A Network Access Server
(NAS) operating as client of RADIUS, and is responsible for passing user information to
designated RADIUS servers, and then acting on the response which is returned. The RADIUS
server receives user connection requests, authenticates the user, and returns all configuration
data needed for client to deliver service to the user. RADIUS servers act as proxy clients to other
RADIUS servers or other authentication servers.

Client and RADIUS server transactions are authenticated via shared secret information that isnt
sent over the network. All user passwords are sent encrypted between the client and RADIUS
server, to eliminate hackers determining a user's password.

Authentication Mechanisms: RADIUS supports several ways to authenticate users. Ex: when
provided with the user name and original user password, it supports PPP PAP or CHAP, UNIX
login, and other authentication mechanisms.

RADIUS is designed to carry authorization data and is widely deployed, so it is reasonable to use
it for transferring the information required for setting up dynamic tunnels, integrating for example
RADIUS and PPTP. In order to implement dynamic compulsory tunnels using RADIUS (see
below), attributes must be defined to carry the data needed to create a new tunnel or use of an
existing tunnel, and a complete implementation strategy must be devised.

In RADIUS implementation strategies, defining RADIUS attributes needed to support dynamic

tunneling is fairly straightforward, involving three attributes: (1) tunnel protocol to be used (i.e.,
PPTP, L2TP, etc.) (2) address of the desired tunnel server (TS) and (3) tunnel transport medium
to be used. RADIUS accounting is enabled for tracking network usage with these items: address
of the tunnel client (i.e., the NAS), the unique identifier for the tunneled connection. On the other
hand, the RADIUS authentication approach can to be fairly controversial. Ex: What entity should
authenticate the user, and when? This is perhaps an opportunity for professional services.

Security Associations
Security Associations (SA) refer to configuration and fault management agreements between the
corporation with the network operator, an example being LNS IP address(s) provisioned into the
HLR. SAs covering GGSN(s) interactions with SGSN(s) and LNS(s) must likewise be created.
Changes in the corporate network must be coordinated with the carrier (i.e. updated into the HLR
and the IP security functions at the GGSN's LAC).

Lucent Technologies Proprietary

DRAFT
 - 15 -

Figure 8 Service Provider Dependent W-VPN with L2TP

ge
Homepa :
Acc ess
MS Basestation GGSN
1
g = = 2
Billin e
Profilon = 3
Locati ibe = 4 SGSN LAC
TE Subscr

Intranet
LNS
Packet
Data Network

AT commands
Activate PDP Context Req.

Create PDP Context Req.

Internet, any ISP

Create PDP Context Resp.

Activate PDP Context Acc.

AT Response

LCP, Authentication and IPCP negotiation L2TP Negotiation

How well this would scale in a multi-carrier roaming service is an interesting question. The L2TP
service architecture and session flows are shown above in Figure 8. It does not depict actual
security feature flows.

Lucent Technologies Proprietary

DRAFT