An IPSec Mediation Approach for Safe Establishment of Inter-domain VPNs

  • Alexandre Matos
  • Fernando Matos
  • Paulo Simões
  • Edmundo Monteiro
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5843)


In this paper we propose a new solution to increase the security of BGP/MPLS IP VPNs established across multiple domains. In general, layer 3 VPNs already present a number of security risks when used in single domain scenarios, since they are vulnerable to attacks originated inside the provider backbone. In order to overcome these risks, IPSec tunnels are recommended. In multi-domain scenarios, however, the safe establishment of such IPSec tunnels is much more difficult, due to need to set up proper Security Associations in an open environment. The solution we present in this paper not only solves this problem but also improves the dynamic composition of multi-domain VPNs, thus reducing the effort and time required to provide such VPNs.


Inter-domain VPN IPSec BGP/MPLS SOA Business Layer 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Rosen, E., et al.: BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4364 (2006)Google Scholar
  2. 2.
    Matos, A.V., Matos, F.M., Simões, P., Monteiro, E.: A Framework for the Establishment of Inter-Domain, On-Demand VPNs. In: 11th IEEE/IFIP Network Operations and Management Symposium – NOMS, pp. 232–239 (2008)Google Scholar
  3. 3.
    Behringer, M.: Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4381 (2006)Google Scholar
  4. 4.
    Rekhter, Y., Bonica, R., Rosen, E.: Use of Provider Edge to Provider Edge (PE-PE) Generic Routing Encapsulation (GRE) or IP in BGP/MPLS IP Virtual Private Networks. RFC 4797 (2007)Google Scholar
  5. 5.
    Rosen, E.: Applicability Statement for BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4365 (2006)Google Scholar
  6. 6.
    Alateras, J. (ed.): IPsphere Framework Technical Specification – Release 1 (2007),
  7. 7.
    Ren, R., Feng, D., Ma, K.: A detailed implement and analysis of MPLS VPN based on IPSec. In: Proceedings of International Conference on Machine Learning and Cybernetics, vol. 5, pp. 2779–2783 (2004)Google Scholar
  8. 8.
    Pezeshki, J., et al.: Performance Implications of Instantiating IPsec over BGP Enabled RFC 4364 VPNs. In: IEEE Military Communications Conference - MILCOM, pp. 1–7 (2007)Google Scholar
  9. 9.
    Li, Q., Xu, M., Xu, K.: Toward A Practical Scheme for IPSec Management. In: International Conference on Information Networking - ICOIN, pp. 1–5 (2008)Google Scholar
  10. 10.
    Blaze, M., Ioannidis, J., Keromytis, A.: Trust Management for IPSec. ACM Transactions on Information and System Security 5(2), 95–188 (2002)CrossRefGoogle Scholar
  11. 11.
    Masmoudi, K., Afifi, H.: Building identity-based security associations for provider-provisioned virtual private networks. Journal of Telecommunication Systems 39(3), 215–222 (2008)CrossRefGoogle Scholar
  12. 12.
    Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P.: Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). OASIS Standard Specification (2006)Google Scholar
  13. 13.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Alexandre Matos
    • 1
  • Fernando Matos
    • 1
  • Paulo Simões
    • 1
  • Edmundo Monteiro
    • 1
  1. 1.CISUC – Informatics Engineering DepartmentUniversity of CoimbraCoimbraPortugal

Personalised recommendations