On Demand Network-wide VPN Deployment in GPRS

The Mobile Internet requires enhanced security services available to all mobile subscribers in a dynamic fashion. A network-wide Virtual Private Network (VPN) deployment scenario over the General Packet Radio Service (GPRS) is proposed and analyzed from a security viewpoint. The proposed security scheme improves the level of protection that is currently supported in GPRS and facilitates the realization of Mobile Internet. It secures data transmission over the entire network route from a mobile user to a remote server by utilizing the default GPRS ciphering over the radio interface, and by deploying an IP VPN over the GPRS core, as well as on the public Internet. Thus, ondemand VPN services are made available for all GPRS network subscribers and roaming users. The VPN functionality, which is based on the IPsec framework, is outsourced to the network infrastructure so as to eliminate the potential computational overhead on the mobile device. The VPN initialization and key agreement procedures are based on an Internet Key Exchange (IKE) protocol proxy scheme, which enables the mobile station to initiate a VPN establishment, while shifting the complex key negotiation to the network infrastructure. The deployed VPN operates transparently to the mobile subscribers’ movement. The required enhancements for security service provision can be integrated in the existing network infrastructure, and therefore, the proposed security scheme can be employed as an add-on feature to the GPRS standard.