An enhanced authentication scheme for virtual private network access based on platform attributes of multi-level classification

Abstract

Simple username and password are used as the only credential for virtual private network (VPN) access in most authentication schemes. The absence of strong security measures in user’s platform invites attacks on integrity and confidentiality of data in private networks and consequently posts threats to other users who use the same VPN service. An authentication scheme based on verifying platform attributes is presented in this paper, which contains a notion of multi-level classification to satisfy different VPN systems. The implementation of the attribute expression and the authentication framework under an example of access policy is provided. Two cryptographic methods are introduced to achieve privacy protection in the network communication, including hash value conversion and attribute based encryption. Trusted computing is also included to guarantee the authenticity of platform attributes. This authentication scheme is distinctive that combines platform attributes with traditional credentials for VPN access attestation.